FreeBSD/letsencrypt/certbot/2019-01-06

FreeBSD/letsencrypt/certbot/2019-01-06について、ここに記述してください。

pound, wiki とも動作させたままで、実行してみた。-- ToshinoriMaeno 2019-01-05 23:34:23

14.192.44.5:443 の権限を必要とするようだ。以前は port 80だったのだが。:-)

# certbot certonly --standalone -d moin.qmail.jp

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for moin.qmail.jp
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. moin.qmail.jp (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested 6cb9360716731fd51b1b3343737ea6c8.2d7584b54f14eea8e7a398d21a526b70.acme.invalid from 14.192.44.5:443. Received 2 certificate(s), first certificate had names "moin.qmail.jp"

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: moin.qmail.jp
   Type:   unauthorized
   Detail: Incorrect validation certificate for tls-sni-01 challenge.
   Requested
   6cb9360716731fd51b1b3343737ea6c8.2d7584b54f14eea8e7a398d21a526b70.acme.invalid
   from 14.192.44.5:443. Received 2 certificate(s), first certificate
   had names "moin.qmail.jp"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address.

1. pound 停止、certbot 再実行

root@f:/service/pound # svstat .
.: up (pid 59287) 6128494 seconds
root@f:/service/pound # svc -d .
root@f:/service/pound # certbot certonly --standalone -d moin.qmail.jp
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for moin.qmail.jp
Waiting for verification...
Cleaning up challenges
Generating key (2048 bits): /usr/local/etc/letsencrypt/keys/0009_key-certbot.pem
Creating CSR: /usr/local/etc/letsencrypt/csr/0009_csr-certbot.pem

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /usr/local/etc/letsencrypt/live/moin.qmail.jp/fullchain.pem. Your
   cert will expire on 2018-02-20. To obtain a new or tweaked version
   of this certificate in the future, simply run certbot again. To
   non-interactively renew *all* of your certificates, run "certbot
   renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

root@f:/service/pound #

??? Your cert will expire on 2018-02-20.

/usr/local/etc/letsencrypt/live/moin.qmail.jp/fullchain.pem.

実際には04-09まで有効な証明書が得られた。-- ToshinoriMaeno 2019-01-05 23:50:02