|
Size: 3580
Comment:
|
← Revision 5 as of 2023-07-07 02:18:38 ⇥
Size: 3559
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 6: | Line 6: |
| [[/ドメイン例]] [[/*.qmail.jp]] | [[/*.qmail.jp]] |
1. Letsencrypt/WildCardCertificate
| /ACME /DV証明書 /FAQ /FreeBSD /NEWS /WildCardCertificate /acme.sh /certbot /certmagic /client /dehydrated /jillian /old /stats /さくら /偽証明書 /再取得 /更新 /証明書配置 /警告 |
ACME v2 Production Environment & Wildcards API Announcements
https://community.letsencrypt.org/t/acme-v2-production-environment-wildcards/55578 /DNS_wildcardを使う。
警告: DNSにおけるwildcardをきちんと理解しておく必要がある。-- ToshinoriMaeno 2019-01-25 23:55:47
一方で、certificateの世界でのwildcardの意味も確認すること。 https://en.wikipedia.org/wiki/Wildcard_certificate
- the wildcard only covers one level of subdomains (the asterisk doesn't match full stops)
https://searchsecurity.techtarget.com/definition/wildcard-certificate
https://tools.ietf.org/html/rfc2818#page-5
The wildcard may appear anywhere inside a label (aka "partial-wildcard")
- f*.domain.com is OK. It will match frog.domain.com
Do not allow wildcards in an international label.
チャレンジのタイプ https://letsencrypt.org/ja/docs/challenge-types/
1.1. Wildcard support
https://community.letsencrypt.org/t/acme-v2-and-wildcard-certificate-support-is-live/55579
ACME v2 and Wildcard Certificate Support is Live
Wildcard certificates are only available via ACMEv2.
Additionally, wildcard domains must be validated using the DNS-01 challenge type.
https://community.letsencrypt.org/t/wildcard-domain-step-by-step/58250 https://community.letsencrypt.org/t/upgrading-to-use-wildcard-domains-existing-subdomains/57589
1.2. production environment
https://community.letsencrypt.org/t/acme-v2-production-environment-wildcards/55578
https://acme-v02.api.letsencrypt.org/directory
To request a wildcard certificate simply send a wildcard DNS identifier in the newOrder request.
DNS names in certificates may only have a single wildcard character, and it must be the entire leftmost DNS label, for instance “*.example.com”.
A single certificate can have wildcard DNS names for multiple base domains, and can also mix in non-wildcard names.
Orders that contain both a base domain and its wildcard equivalent (e.g. *.example.com and example.com) are valid. In that case, there will be two authorization objects in the order for “example.com 268”, one of which represents the wildcard validation and one of which represents the base domain validation.
(別々に取得することになるのか。)
Redundant entries will produce an error. For instance, and order containing both *.example.com and www.example.com would produce an error since the wildcard entry makes the latter redundant.
Let's Encrypt Wildcard Certificates Are Here
- Ole Michaelis — 09 January 2019
https://blog.dnsimple.com/2019/01/lets-encrypt-wildcard-support-is-here/
DNSimple: https://blog.dnsimple.com/2019/01/lets-encrypt-wildcard-support-is-here/
1.3. 例
-d \*.example.com -d example.com
要求されるTXTレコードは "_acme-challenge.example.com TXT xxxxx" になるようだ。
1.4. 待ち時間
「ドメインを管理しているサービスの管理パネルサイトで、DNSレコードを追加しました。」
1.5. DNS解釈とのずれ
証明書のwildcard解釈とDNSでのwildcard解釈とが一致しないケースがありそうで、気になる。 -- ToshinoriMaeno 2019-01-26 00:10:08