Contents
1. qmail.tokyo
DNS認証により、ワイルドカード証明書を入手する。
成功 -- ToshinoriMaeno 2023-02-13 02:13:00
- ローカルのtinydnsを動かして、txtを取り込むようにした。
# certbot certonly --manual --preferred-challenges dns-01 -d *.qmail.tokyo --manual-auth-hook /home/tmaeno/dnsdata/txt.sh
Saving debug log to /var/log/letsencrypt/letsencrypt.log Requesting a certificate for *.qmail.tokyo Hook '--manual-auth-hook' for qmail.tokyo ran with output: cat qmailjp qmailjp.cn1 qmailjp.cn2 qmailjp.cn3 txt.z txt tokyo > /service/tinydns/root/qmailjp (cd /service/tinydns/root; make) make[1]: Entering directory '/home/dns/tinydns/root' /usr/local/bin/tinydns-data make[1]: Leaving directory '/home/dns/tinydns/root' Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/qmail.tokyo/fullchain.pem Key is saved at: /etc/letsencrypt/live/qmail.tokyo/privkey.pem This certificate expires on 2023-05-14. These files will be updated when the certificate renews. Certbot has set up a scheduled task to automatically renew this certificate in the background. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
DNS cf delegated
s root@tokyo:/etc/letsencrypt# certbot certonly --manual --preferred-challenges dns-01 -d *.qmail.tokyo --manual-auth-hook /home/tmaeno/dnsdata/txt.sh Saving debug log to /var/log/letsencrypt/letsencrypt.log Requesting a certificate for *.qmail.tokyo Hook '--manual-auth-hook' for qmail.tokyo ran with output: cat qmailjp qmailjp.cn1 qmailjp.cn2 qmailjp.cn3 txt.z txt tokyo > /service/tinydns/root/qmailjp (cd /service/tinydns/root; make) make[1]: Entering directory '/home/dns/tinydns/root' /usr/local/bin/tinydns-data make[1]: Leaving directory '/home/dns/tinydns/root' Certbot failed to authenticate some domains (authenticator: manual). The Certificate Authority reported these problems: Domain: qmail.tokyo Type: unauthorized Detail: Incorrect TXT record "cIhOluinpGAwsyi-tyVWWXCIIbqcAaqQRCXHGdYxkAI" (and 3 more) found at _acme-challenge.qmail.tokyo Hint: The Certificate Authority failed to verify the DNS TXT records created by the --manual-auth-hook. Ensure that this hook is functioning correctly and that it waits a sufficient duration of time for DNS propagation. Refer to "certbot --help manual" and the Certbot User Guide. Some challenges have failed. Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.