Letsencryptでワイルドカードの無料SSL証明書を取得する

環境
Nignx 1.16.0
実行日

certbot-autoで失敗

certbot-autoを利用してワイルドカードを取得します。

sudo wget https://dl.eff.org/certbot-auto
chmod a+x ./certbot-auto
sudo ./certbot-auto

ところが


Error while running nginx -c /etc/nginx/nginx.conf -t.

nginx: [emerg] open() "/etc/nginx/nginx.conf" failed (2: No such file or directory)
nginx: configuration file /etc/nginx/nginx.conf test failed

BITNAMI MGINXの設定ファイルの場所は/opt/bitnami/nginx/conf/nginx.conf。

諦めて普通のcertbotを利用してワイルドカード証明書を取得します。

sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update

certbotレポジトリをインストール
途中でYを押す。
アップデート

 sudo certbot --server https://acme-v02.api.letsencrypt.org/directory -d *.vpsfan.net -d vpsfan.net --manual --preferred-challenges dns-01 certonly
If you really want to skip this, you can run the client with
--register-unsafely-without-email but make sure you then backup your account key
from /etc/letsencrypt/accounts

 (Enter 'c' to cancel):

メールアドレスを入力

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel:

Aを入力

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: 

Nを入力

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.

Are you OK with your IP being logged?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o:

Yを入力

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name
_acme-challenge.vpsfan.net with the following value:

-aaabbbcccdddeeefffggg

Before continuing, verify the record is deployed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue

DNSで_acme-challenge.vpsfan.netを作って Text値”-aaabbbcccdddeeefffggg”を入力してEnter

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name
_acme-challenge.vpsfan.net with the following value:

zzzyyyxxxwwwvvvuuu

Before continuing, verify the record is deployed.
(This must be set up in addition to the previous challenges; do not remove,
replace, or undo the previous challenge tasks yet. Note that you might be
asked to create multiple distinct TXT records with the same name. This is
permitted by DNS standards.)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue

先ほどと同様に”zzzyyyxxxwwwvvvuuu”を設定してEnter

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/vpsfan.net/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/vpsfan.net/privkey.pem
   Your cert will expire on 2019-11-06. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

ワイルドカードSSL取得完了

ssl_certificate /etc/letsencrypt/live/vpsfan.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/vpsfan.net/privkey.pem;
ssl_session_tickets on;
ssl_protocols  TLSv1.2;
ssl_ciphers AESGCM:HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

各バーチャルホストの設定ファイルにSSL設定を追記してSSL化完了

未分類
スポンサーリンク
仮想犬

コメント

タイトルとURLをコピーしました