LetsEncrypt SSL証明書更新(2021/06/19)
June 19, 2021 – 10:49 am従来から定期的に行っている LetsEncrypt SSL証明書を更新した。
今回は、更新用ツールCertbotを新規バージョンにしたこともあり前回(2021/4/19)用いた自動更新手続きが適用できず、SSL証明書の新規取得手続きを用いている。
以下、Certbotの導入、SSL証明書の新規取得手続き(ログ)をアップしておいた。
certbotのインストール:
[root@server02]# dnf install certbot Last metadata expiration check: 2:37:25 ago on Sat 19 Jun 2021 06:26:08 AM JST. Dependencies resolved. =============================================================================================================================== Package Architecture Version Repository Size =============================================================================================================================== Installing: certbot noarch 1.14.0-1.el8 epel 51 k Upgrading: platform-python-pip noarch 9.0.3-19.el8 baseos 1.7 M Installing dependencies: python3-acme noarch 1.14.0-1.el8 epel 88 k python3-certbot noarch 1.14.0-1.el8 epel 391 k python3-cffi x86_64 1.11.5-5.el8 baseos 238 k python3-chardet noarch 3.0.4-7.el8 baseos 195 k python3-configargparse noarch 0.14.0-6.el8 epel 36 k python3-cryptography x86_64 3.2.1-4.el8 baseos 558 k python3-distro noarch 1.4.0-2.module_el8.3.0+6191+6b4b10ec appstream 37 k python3-idna noarch 2.5-5.el8 baseos 97 k python3-josepy noarch 1.8.0-1.el8 epel 102 k python3-parsedatetime noarch 2.5-1.el8 epel 79 k python3-pip noarch 9.0.3-19.el8 appstream 19 k python3-pyOpenSSL noarch 19.0.0-1.el8 appstream 102 k python3-pyasn1 noarch 0.3.7-6.el8 appstream 126 k python3-pycparser noarch 2.14-14.el8 baseos 109 k python3-pyrfc3339 noarch 1.1-1.el8 epel 19 k python3-pysocks noarch 1.6.8-3.el8 baseos 34 k python3-pytz noarch 2017.2-9.el8 appstream 54 k python3-requests noarch 2.20.0-2.1.el8_1 baseos 122 k python3-requests-toolbelt noarch 0.9.1-4.el8 epel 91 k python3-setuptools noarch 39.2.0-6.el8 baseos 162 k python3-urllib3 noarch 1.24.2-5.el8 baseos 176 k python3-zope-component noarch 4.3.0-8.el8 epel 313 k python3-zope-event noarch 4.2.0-12.el8 epel 210 k python3-zope-interface x86_64 4.6.0-1.el8 epel 158 k python36 x86_64 3.6.8-2.module_el8.3.0+6191+6b4b10ec appstream 19 k Installing weak dependencies: python-josepy-doc noarch 1.8.0-1.el8 epel 22 k Enabling module streams: python36 3.6 Transaction Summary =============================================================================================================================== Install 27 Packages Upgrade 1 Package Total download size: 5.2 M Is this ok [y/N]: y (以下省略)
SSL 証明書(ワイルドカード)の(新規)取得:
[root@server02 letsencrypt]# certbot certonly --manual \ > --preferred-challenges dns-01 \ > --server https://acme-v02.api.letsencrypt.org/directory \ > -d *.yamasnet.com Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator manual, Installer None Requesting a certificate for *.yamasnet.com Performing the following challenges: dns-01 challenge for yamasnet.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please deploy a DNS TXT record under the name _acme-challenge.yamasnet.com with the following value: ******************************************* Before continuing, verify the record is deployed. ( DNS レコードを書き換え ) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Press Enter to Continue Waiting for verification... Cleaning up challenges IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/yamasnet.com-0001/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/yamasnet.com-0001/privkey.pem Your certificate will expire on 2021-09-16. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
httpdのrestart:
systemctl restart httpd