FreeBSD/letsencrypt/certbot/2019-01-06について、ここに記述してください。 pound, wiki とも動作させたままで、実行してみた。-- ToshinoriMaeno <> 14.192.44.5:443 の権限を必要とするようだ。以前は port 80だったのだが。:-) {{{ # certbot certonly --standalone -d moin.qmail.jp Saving debug log to /var/log/letsencrypt/letsencrypt.log Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org Cert is due for renewal, auto-renewing... Renewing an existing certificate Performing the following challenges: tls-sni-01 challenge for moin.qmail.jp Waiting for verification... Cleaning up challenges Failed authorization procedure. moin.qmail.jp (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested 6cb9360716731fd51b1b3343737ea6c8.2d7584b54f14eea8e7a398d21a526b70.acme.invalid from 14.192.44.5:443. Received 2 certificate(s), first certificate had names "moin.qmail.jp" IMPORTANT NOTES: - The following errors were reported by the server: Domain: moin.qmail.jp Type: unauthorized Detail: Incorrect validation certificate for tls-sni-01 challenge. Requested 6cb9360716731fd51b1b3343737ea6c8.2d7584b54f14eea8e7a398d21a526b70.acme.invalid from 14.192.44.5:443. Received 2 certificate(s), first certificate had names "moin.qmail.jp" To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address. }}} == pound 停止、certbot 再実行 == {{{ root@f:/service/pound # svstat . .: up (pid 59287) 6128494 seconds root@f:/service/pound # svc -d . root@f:/service/pound # certbot certonly --standalone -d moin.qmail.jp Saving debug log to /var/log/letsencrypt/letsencrypt.log Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org Cert is due for renewal, auto-renewing... Renewing an existing certificate Performing the following challenges: tls-sni-01 challenge for moin.qmail.jp Waiting for verification... Cleaning up challenges Generating key (2048 bits): /usr/local/etc/letsencrypt/keys/0009_key-certbot.pem Creating CSR: /usr/local/etc/letsencrypt/csr/0009_csr-certbot.pem IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at /usr/local/etc/letsencrypt/live/moin.qmail.jp/fullchain.pem. Your cert will expire on 2018-02-20. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le root@f:/service/pound # }}} ??? Your cert will expire on 2018-02-20. /usr/local/etc/letsencrypt/live/moin.qmail.jp/fullchain.pem. 実際には04-09まで有効な証明書が得られた。-- ToshinoriMaeno <>