1. Letsencrypt/certbot

/wildcard /2024-01-28

/get_certbot 最新のものに更新しておく。(snapd も更新) -- ToshinoriMaeno 2023-02-17 09:42:24 /qmail.tokyo

/force-renewal /新規作成例 /更新手続 /dnsz.org

/2022-04-27 manual hook 指定

-- ToshinoriMaeno 2018-03-11 07:01:45

/自動更新 は wildcardには使えない(DNS interface) は間違いかも。

/nginx で試す。-- ToshinoriMaeno 2021-06-28 03:43:54

FreeDNS用にはpython-2.7で書かれたものが提供されている。

issue(証明書の発行)が終わったあと、webサーバーに配備する方法は用意されているのか。

1.1. mode/plugin

/apache /nginx /webroot /standalone /manual

1.2. Documentation

https://certbot.eff.org/docs/

/manual_mode  /standalone /renew

http, dns ともに証明書取得できた。

1.3. Get Certbot

https://certbot.eff.org/docs/install.htm

Unless you have very specific requirements, we kindly suggest that you use the Certbot packages provided by your package manager (see certbot.eff.org). If such packages are not available, we recommend using certbot-auto, which automates the process of installing Certbot on your system.

https://github.com/certbot/certbot

Certbot is EFF's tool to obtain certs from Let's Encrypt and (optionally) auto-enable HTTPS on your server. It can also act as a client for any other CA that uses the ACME protocol. 

FreeBSD/portはサポートされないとのこと。

pkg install py27-certbot

$ sudo certbot certonly --standalone -d example.com

logにsuccessがでたら、証明書ができているので、/certbot.log

certbot-0.29.1-py2.7.egg-info/


最新版ソース https://github.com/certbot/certbot/blob/master/CHANGELOG.md

bmw Certbot engineer / EFF:

How to stop using TLS-SNI-01 with Certbot https://community.letsencrypt.org/t/how-to-stop-using-tls-sni-01-with-certbot/83210

1.4. 必要な環境/条件

権限のあるサーバーで実行するとき:

port 80の解放

root権限 : 鍵ファイルの作成とか。

-- ToshinoriMaeno 2018-03-11 07:01:45

Certbot is meant to be run directly on your web server, not on your personal computer.
If you’re using a hosted service and don’t have direct access to your web server,
you might not be able to use Certbot. 

1.5. How to run the client

In many cases, you can just run certbot-auto or certbot, and the client will guide you through the process of obtaining and installing certs interactively.

1.6. 参考

https://blog.fileshelfplus.com/vps/280

以下を試してみよう。-- ToshinoriMaeno 2018-08-22 22:11:43

certbot renew --dry-run

1.7. http 選択

sudo certbot --preferred-challenges http

Waiting for verification...
Cleaning up challenges
Failed authorization procedure. www.brau.jp (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.brau.jp/.well-known/acme-challenge/fPMQkwyrfOiiLSAJem41THybMRnfhUGRLcxA4aIPvCk [14.192.44.29]: 503

MoinQ: Letsencrypt/certbot (last edited 2024-01-28 06:31:28 by ToshinoriMaeno)