Contents
これを自動で行わせるには。次回までに検討する。-- ToshinoriMaeno 2022-04-27 02:28:23
../2022-06-27 cron実行で更新された。*.qmail.jp
root@skr:/etc/letsencrypt/renewal# certbot certonly --manual --preferred-challenges dns-01 -d *.qmail.jp --manual-auth-hook /home/tmaeno/dnsdata/txt.sh
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator manual, Installer None Cert is due for renewal, auto-renewing... Renewing an existing certificate Performing the following challenges: dns-01 challenge for qmail.jp - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - NOTE: The IP of this machine will be publicly logged as having requested this certificate. If you're running certbot in manual mode on a machine that is not your server, please ensure you're okay with that. Are you OK with your IP being logged? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: (Y)es/(N)o: y (Y)es/(N)o: Y Output from txt.sh: cat odns qmailjp qmailjp.cn[1-3] txt > /home/tinydns/root/qmailjp (cd /home/tinydns/root; make) make[1]: Entering directory '/etc/tinydns/root' /usr/local/bin/tinydns-data make[1]: Leaving directory '/etc/tinydns/root' Waiting for verification... Cleaning up challenges Running deploy-hook command: /etc/letsencrypt/renewal-hooks/deploy/nginx IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/qmail.jp/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/qmail.jp/privkey.pem Your cert will expire on 2022-07-26. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
1. renew conf 更新
# cat qmail.jp.conf # renew_before_expiry = 30 days version = 0.31.0 archive_dir = /etc/letsencrypt/archive/qmail.jp cert = /etc/letsencrypt/live/qmail.jp/cert.pem privkey = /etc/letsencrypt/live/qmail.jp/privkey.pem chain = /etc/letsencrypt/live/qmail.jp/chain.pem fullchain = /etc/letsencrypt/live/qmail.jp/fullchain.pem # Options used in the renewal process [renewalparams] account = 3ae7aa5460bedcfae1ac248a1ba58bd3 authenticator = manual pref_challs = dns-01, server = https://acme-v02.api.letsencrypt.org/directory manual_auth_hook = /home/tmaeno/dnsdata/txt.sh manual_public_ip_logging_ok = True
追加された: manual_public_ip_logging_ok = True