LetsEncrypt SSL証明書更新(2021/09/04)
September 4, 2021 – 12:01 pmLetsEcnrypt SSL証明書を更新した。
今回は、証明書発行用ツール Certbot を 新たに dnf インストールし、これを用いて証明書を作成した。
以下、Ceertbotの新規導入、SSL証明書の新規取得手続き(ログ)をアップしておいた。
Certbot dnf install:
[root@server02 ~]# dnf install certbot Last metadata expiration check: 1:49:05 ago on Sat 04 Sep 2021 09:14:46 AM JST. Dependencies resolved. ============================================================================================================= Package Arch Version Repository Size ============================================================================================================= Installing: certbot noarch 1.18.0-1.el8 epel 52 k Installing dependencies: python3-acme noarch 1.18.0-1.el8 epel 89 k python3-certbot noarch 1.18.0-1.el8 epel 405 k python3-cffi x86_64 1.11.5-5.el8 baseos 238 k python3-chardet noarch 3.0.4-7.el8 baseos 195 k python3-configargparse noarch 0.14.0-6.el8 epel 36 k python3-cryptography x86_64 3.2.1-4.el8 baseos 558 k python3-distro noarch 1.4.0-2.module_el8.3.0+6191+6b4b10ec appstream 37 k python3-idna noarch 2.5-5.el8 baseos 97 k python3-josepy noarch 1.8.0-1.el8 epel 102 k python3-parsedatetime noarch 2.5-1.el8 epel 79 k python3-pip noarch 9.0.3-19.el8 appstream 19 k python3-pyOpenSSL noarch 19.0.0-1.el8 appstream 102 k python3-pycparser noarch 2.14-14.el8 baseos 109 k python3-pyrfc3339 noarch 1.1-1.el8 epel 19 k python3-pysocks noarch 1.6.8-3.el8 baseos 34 k python3-pytz noarch 2017.2-9.el8 appstream 54 k python3-requests noarch 2.20.0-2.1.el8_1 baseos 122 k python3-requests-toolbelt noarch 0.9.1-4.el8 epel 91 k python3-urllib3 noarch 1.24.2-5.el8 baseos 176 k python3-zope-component noarch 4.3.0-8.el8 epel 313 k python3-zope-event noarch 4.2.0-12.el8 epel 210 k python3-zope-interface x86_64 4.6.0-1.el8 epel 158 k python36 x86_64 3.6.8-2.module_el8.3.0+6191+6b4b10ec appstream 19 k Installing weak dependencies: python-josepy-doc noarch 1.8.0-1.el8 epel 22 k Enabling module streams: python36 3.6 Transaction Summary ============================================================================================================= Install 25 Packages Total download size: 3.3 M Installed size: 13 M Is this ok [y/N]: y Downloading Packages: (1/25): python3-chardet-3.0.4-7.el8.noarch.rpm 96 kB/s | 195 kB 00:02 (2/25): python3-cffi-1.11.5-5.el8.x86_64.rpm 102 kB/s | 238 kB 00:02 (3/25): python3-idna-2.5-5.el8.noarch.rpm 199 kB/s | 97 kB 00:00 (4/25): python3-pysocks-1.6.8-3.el8.noarch.rpm 124 kB/s | 34 kB 00:00 (5/25): python3-pycparser-2.14-14.el8.noarch.rpm 216 kB/s | 109 kB 00:00 (6/25): python3-cryptography-3.2.1-4.el8.x86_64.rpm 173 kB/s | 558 kB 00:03 (7/25): python3-requests-2.20.0-2.1.el8_1.noarch.rpm 182 kB/s | 122 kB 00:00 (8/25): python3-distro-1.4.0-2.module_el8.3.0+6191+6b4b10ec.noarch.rpm 139 kB/s | 37 kB 00:00 (9/25): python3-pip-9.0.3-19.el8.noarch.rpm 79 kB/s | 19 kB 00:00 (10/25): python3-urllib3-1.24.2-5.el8.noarch.rpm 188 kB/s | 176 kB 00:00 (11/25): python3-pyOpenSSL-19.0.0-1.el8.noarch.rpm 214 kB/s | 102 kB 00:00 (12/25): python36-3.6.8-2.module_el8.3.0+6191+6b4b10ec.x86_64.rpm 75 kB/s | 19 kB 00:00 (13/25): python-josepy-doc-1.8.0-1.el8.noarch.rpm 252 kB/s | 22 kB 00:00 (14/25): certbot-1.18.0-1.el8.noarch.rpm 374 kB/s | 52 kB 00:00 (15/25): python3-acme-1.18.0-1.el8.noarch.rpm 1.7 MB/s | 89 kB 00:00 (16/25): python3-configargparse-0.14.0-6.el8.noarch.rpm 2.8 MB/s | 36 kB 00:00 (17/25): python3-pytz-2017.2-9.el8.noarch.rpm 116 kB/s | 54 kB 00:00 (18/25): python3-certbot-1.18.0-1.el8.noarch.rpm 4.5 MB/s | 405 kB 00:00 (19/25): python3-pyrfc3339-1.1-1.el8.noarch.rpm 1.6 MB/s | 19 kB 00:00 (20/25): python3-josepy-1.8.0-1.el8.noarch.rpm 2.0 MB/s | 102 kB 00:00 (21/25): python3-parsedatetime-2.5-1.el8.noarch.rpm 1.2 MB/s | 79 kB 00:00 (22/25): python3-zope-component-4.3.0-8.el8.noarch.rpm 6.4 MB/s | 313 kB 00:00 (23/25): python3-zope-interface-4.6.0-1.el8.x86_64.rpm 4.6 MB/s | 158 kB 00:00 (24/25): python3-zope-event-4.2.0-12.el8.noarch.rpm 1.8 MB/s | 210 kB 00:00 (25/25): python3-requests-toolbelt-0.9.1-4.el8.noarch.rpm 284 kB/s | 91 kB 00:00 ------------------------------------------------------------------------------------------------------------- Total 506 kB/s | 3.3 MB 00:06 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : python3-pyrfc3339-1.1-1.el8.noarch 1/25 Installing : python3-pytz-2017.2-9.el8.noarch 2/25 Installing : python3-chardet-3.0.4-7.el8.noarch 3/25 Installing : python36-3.6.8-2.module_el8.3.0+6191+6b4b10ec.x86_64 4/25 Running scriptlet: python36-3.6.8-2.module_el8.3.0+6191+6b4b10ec.x86_64 4/25 Installing : python3-pip-9.0.3-19.el8.noarch 5/25 Installing : python3-zope-event-4.2.0-12.el8.noarch 6/25 Installing : python3-zope-interface-4.6.0-1.el8.x86_64 7/25 Installing : python3-zope-component-4.3.0-8.el8.noarch 8/25 Installing : python3-parsedatetime-2.5-1.el8.noarch 9/25 Installing : python3-configargparse-0.14.0-6.el8.noarch 10/25 Installing : python-josepy-doc-1.8.0-1.el8.noarch 11/25 Installing : python3-distro-1.4.0-2.module_el8.3.0+6191+6b4b10ec.noarch 12/25 Installing : python3-pysocks-1.6.8-3.el8.noarch 13/25 Installing : python3-urllib3-1.24.2-5.el8.noarch 14/25 Installing : python3-pycparser-2.14-14.el8.noarch 15/25 Installing : python3-cffi-1.11.5-5.el8.x86_64 16/25 Installing : python3-cryptography-3.2.1-4.el8.x86_64 17/25 Installing : python3-pyOpenSSL-19.0.0-1.el8.noarch 18/25 Installing : python3-josepy-1.8.0-1.el8.noarch 19/25 Installing : python3-idna-2.5-5.el8.noarch 20/25 Installing : python3-requests-2.20.0-2.1.el8_1.noarch 21/25 Installing : python3-requests-toolbelt-0.9.1-4.el8.noarch 22/25 Installing : python3-acme-1.18.0-1.el8.noarch 23/25 Installing : python3-certbot-1.18.0-1.el8.noarch 24/25 Installing : certbot-1.18.0-1.el8.noarch 25/25 Running scriptlet: certbot-1.18.0-1.el8.noarch 25/25 Verifying : python3-cffi-1.11.5-5.el8.x86_64 1/25 Verifying : python3-chardet-3.0.4-7.el8.noarch 2/25 Verifying : python3-cryptography-3.2.1-4.el8.x86_64 3/25 Verifying : python3-idna-2.5-5.el8.noarch 4/25 Verifying : python3-pycparser-2.14-14.el8.noarch 5/25 Verifying : python3-pysocks-1.6.8-3.el8.noarch 6/25 Verifying : python3-requests-2.20.0-2.1.el8_1.noarch 7/25 Verifying : python3-urllib3-1.24.2-5.el8.noarch 8/25 Verifying : python3-distro-1.4.0-2.module_el8.3.0+6191+6b4b10ec.noarch 9/25 Verifying : python3-pip-9.0.3-19.el8.noarch 10/25 Verifying : python3-pyOpenSSL-19.0.0-1.el8.noarch 11/25 Verifying : python3-pytz-2017.2-9.el8.noarch 12/25 Verifying : python36-3.6.8-2.module_el8.3.0+6191+6b4b10ec.x86_64 13/25 Verifying : certbot-1.18.0-1.el8.noarch 14/25 Verifying : python-josepy-doc-1.8.0-1.el8.noarch 15/25 Verifying : python3-acme-1.18.0-1.el8.noarch 16/25 Verifying : python3-certbot-1.18.0-1.el8.noarch 17/25 Verifying : python3-configargparse-0.14.0-6.el8.noarch 18/25 Verifying : python3-josepy-1.8.0-1.el8.noarch 19/25 Verifying : python3-parsedatetime-2.5-1.el8.noarch 20/25 Verifying : python3-pyrfc3339-1.1-1.el8.noarch 21/25 Verifying : python3-requests-toolbelt-0.9.1-4.el8.noarch 22/25 Verifying : python3-zope-component-4.3.0-8.el8.noarch 23/25 Verifying : python3-zope-event-4.2.0-12.el8.noarch 24/25 Verifying : python3-zope-interface-4.6.0-1.el8.x86_64 25/25 Installed: certbot-1.18.0-1.el8.noarch python-josepy-doc-1.8.0-1.el8.noarch python3-acme-1.18.0-1.el8.noarch python3-certbot-1.18.0-1.el8.noarch python3-cffi-1.11.5-5.el8.x86_64 python3-chardet-3.0.4-7.el8.noarch python3-configargparse-0.14.0-6.el8.noarch python3-cryptography-3.2.1-4.el8.x86_64 python3-distro-1.4.0-2.module_el8.3.0+6191+6b4b10ec.noarch python3-idna-2.5-5.el8.noarch python3-josepy-1.8.0-1.el8.noarch python3-parsedatetime-2.5-1.el8.noarch python3-pip-9.0.3-19.el8.noarch python3-pyOpenSSL-19.0.0-1.el8.noarch python3-pycparser-2.14-14.el8.noarch python3-pyrfc3339-1.1-1.el8.noarch python3-pysocks-1.6.8-3.el8.noarch python3-pytz-2017.2-9.el8.noarch python3-requests-2.20.0-2.1.el8_1.noarch python3-requests-toolbelt-0.9.1-4.el8.noarch python3-urllib3-1.24.2-5.el8.noarch python3-zope-component-4.3.0-8.el8.noarch python3-zope-event-4.2.0-12.el8.noarch python3-zope-interface-4.6.0-1.el8.x86_64 python36-3.6.8-2.module_el8.3.0+6191+6b4b10ec.x86_64 Complete!
SSL 証明書(ワイルドカード)の(新規)取得:
[root@server02 etc]# certbot certonly --manual Saving debug log to /var/log/letsencrypt/letsencrypt.log Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): *************@yamasnet.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server. Do you agree? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing, once your first certificate is successfully issued, to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Yes Account registered. Please enter the domain name(s) you would like on your certificate (comma and/or space separated) (Enter 'c' to cancel): *.yamasnet.com Requesting a certificate for *.yamasnet.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please deploy a DNS TXT record under the name: _acme-challenge.yamasnet.com. with the following value: ******************************************* Before continuing, verify the TXT record has been deployed. Depending on the DNS provider, this may take some time, from a few seconds to multiple minutes. You can check if it has finished deploying with aid of online tools, such as the Google Admin Toolbox: https://toolbox.googleapps.com/apps/dig/#TXT/_acme-challenge.yamasnet.com. Look for one or more bolded line(s) below the line ';ANSWER'. It should show the value(s) you've just added. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Press Enter to Continue Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/yamasnet.com/fullchain.pem Key is saved at: /etc/letsencrypt/live/yamasnet.com/privkey.pem This certificate expires on 2021-12-03. These files will be updated when the certificate renews. NEXT STEPS: - This certificate will not be renewed automatically. Autorenewal of --manual certificates requires the use of an authentication hook script (--manual-auth-hook) but one was not provided. To renew this certificate, repeat this same certbot command before the certificate's expiry date. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - If you like Certbot, please consider supporting our work by: * Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate * Donating to EFF: https://eff.org/donate-le - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
httpd restart:
[root@server02 etc]# systemctl restart httpd