Created
May 3, 2018 19:40
-
-
Save mumumu/2da0f673e6b97e87d3465268040df4af to your computer and use it in GitHub Desktop.
手元の環境で letsencrypt の wildcard 証明書を取ってみたメモ
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| mumumu@mailserver 23:27:14 ~/certbot [master] $ ./certbot-auto | |
| Requesting to rerun ./certbot-auto with root privileges... | |
| Bootstrapping dependencies for RedHat-based OSes... (you can skip this with --no-bootstrap) | |
| yum は /bin/yum です | |
| yum はハッシュされています (/bin/yum) | |
| 読み込んだプラグイン:fastestmirror, langpacks | |
| Loading mirror speeds from cached hostfile | |
| * base: ftp.iij.ad.jp | |
| * epel: mirror.dmmlabs.jp | |
| * extras: ftp.iij.ad.jp | |
| * updates: ftp.iij.ad.jp | |
| * webtatic: sp.repo.webtatic.com | |
| パッケージ gcc-4.8.5-16.el7_4.2.x86_64 はインストール済みか最新バージョンです | |
| パッケージ augeas-libs-1.4.0-2.el7_4.2.x86_64 はインストール済みか最新バージョンです | |
| パッケージ 1:openssl-1.0.2k-8.el7.x86_64 はインストール済みか最新バージョンです | |
| パッケージ 1:openssl-devel-1.0.2k-8.el7.x86_64 はインストール済みか最新バージョンです | |
| パッケージ redhat-rpm-config-9.1.0-76.el7.centos.noarch はインストール済みか最新バージョンです | |
| パッケージ ca-certificates-2017.2.14-71.el7.noarch はインストール済みか最新バージョンです | |
| パッケージ python2-pip-8.1.2-6.el7.noarch はインストール済みか最新バージョンです | |
| パッケージ 1:mod_ssl-2.4.6-67.el7.centos.6.x86_64 はインストール済みか最新バージョンです | |
| 依存性の解決をしています | |
| --> トランザクションの確認を実行しています。 | |
| ---> パッケージ libffi-devel.x86_64 0:3.0.13-18.el7 を インストール | |
| ---> パッケージ python-devel.x86_64 0:2.7.5-58.el7 を インストール | |
| ---> パッケージ python-tools.x86_64 0:2.7.5-58.el7 を インストール | |
| --> 依存性の処理をしています: tkinter = 2.7.5-58.el7 のパッケージ: python-tools-2.7.5-58.el7.x86_64 | |
| ---> パッケージ python-virtualenv.noarch 0:1.10.1-4.el7 を インストール | |
| --> トランザクションの確認を実行しています。 | |
| ---> パッケージ tkinter.x86_64 0:2.7.5-58.el7 を インストール | |
| --> 依存性の処理をしています: libtk8.5.so()(64bit) のパッケージ: tkinter-2.7.5-58.el7.x86_64 | |
| --> 依存性の処理をしています: libTix.so()(64bit) のパッケージ: tkinter-2.7.5-58.el7.x86_64 | |
| --> トランザクションの確認を実行しています。 | |
| ---> パッケージ tix.x86_64 1:8.4.3-12.el7 を インストール | |
| ---> パッケージ tk.x86_64 1:8.5.13-6.el7 を インストール | |
| --> 依存性の処理をしています: libXft.so.2()(64bit) のパッケージ: 1:tk-8.5.13-6.el7.x86_64 | |
| --> トランザクションの確認を実行しています。 | |
| ---> パッケージ libXft.x86_64 0:2.3.2-2.el7 を インストール | |
| --> 依存性の処理をしています: libXrender.so.1()(64bit) のパッケージ: libXft-2.3.2-2.el7.x86_64 | |
| --> トランザクションの確認を実行しています。 | |
| ---> パッケージ libXrender.x86_64 0:0.9.10-1.el7 を インストール | |
| --> 依存性解決を終了しました。 | |
| 依存性を解決しました | |
| ========================================================================================================= | |
| Package アーキテクチャー バージョン リポジトリー 容量 | |
| ========================================================================================================= | |
| インストール中: | |
| libffi-devel x86_64 3.0.13-18.el7 base 23 k | |
| python-devel x86_64 2.7.5-58.el7 base 395 k | |
| python-tools x86_64 2.7.5-58.el7 base 853 k | |
| python-virtualenv noarch 1.10.1-4.el7 base 1.2 M | |
| 依存性関連でのインストールをします: | |
| libXft x86_64 2.3.2-2.el7 base 58 k | |
| libXrender x86_64 0.9.10-1.el7 base 26 k | |
| tix x86_64 1:8.4.3-12.el7 base 254 k | |
| tk x86_64 1:8.5.13-6.el7 base 1.4 M | |
| tkinter x86_64 2.7.5-58.el7 base 323 k | |
| トランザクションの要約 | |
| ========================================================================================================= | |
| インストール 4 パッケージ (+5 個の依存関係のパッケージ) | |
| 総ダウンロード容量: 4.6 M | |
| インストール容量: 11 M | |
| Is this ok [y/d/N]: y | |
| Downloading packages: | |
| (1/9): libXft-2.3.2-2.el7.x86_64.rpm | 58 kB 00:00:00 | |
| (2/9): libffi-devel-3.0.13-18.el7.x86_64.rpm | 23 kB 00:00:00 | |
| (3/9): libXrender-0.9.10-1.el7.x86_64.rpm | 26 kB 00:00:00 | |
| (4/9): python-tools-2.7.5-58.el7.x86_64.rpm | 853 kB 00:00:00 | |
| (5/9): tix-8.4.3-12.el7.x86_64.rpm | 254 kB 00:00:00 | |
| (6/9): tkinter-2.7.5-58.el7.x86_64.rpm | 323 kB 00:00:00 | |
| (7/9): python-virtualenv-1.10.1-4.el7.noarch.rpm | 1.2 MB 00:00:00 | |
| (8/9): tk-8.5.13-6.el7.x86_64.rpm | 1.4 MB 00:00:00 | |
| (9/9): python-devel-2.7.5-58.el7.x86_64.rpm | 395 kB 00:00:01 | |
| --------------------------------------------------------------------------------------------------------- | |
| 合計 2.9 MB/s | 4.6 MB 00:00:01 | |
| Running transaction check | |
| Running transaction test | |
| Transaction test succeeded | |
| Running transaction | |
| インストール中 : libXrender-0.9.10-1.el7.x86_64 1/9 | |
| インストール中 : libXft-2.3.2-2.el7.x86_64 2/9 | |
| インストール中 : 1:tk-8.5.13-6.el7.x86_64 3/9 | |
| インストール中 : 1:tix-8.4.3-12.el7.x86_64 4/9 | |
| インストール中 : tkinter-2.7.5-58.el7.x86_64 5/9 | |
| インストール中 : python-devel-2.7.5-58.el7.x86_64 6/9 | |
| インストール中 : python-virtualenv-1.10.1-4.el7.noarch 7/9 | |
| インストール中 : python-tools-2.7.5-58.el7.x86_64 8/9 | |
| インストール中 : libffi-devel-3.0.13-18.el7.x86_64 9/9 | |
| 検証中 : python-virtualenv-1.10.1-4.el7.noarch 1/9 | |
| 検証中 : python-devel-2.7.5-58.el7.x86_64 2/9 | |
| 検証中 : libffi-devel-3.0.13-18.el7.x86_64 3/9 | |
| 検証中 : tkinter-2.7.5-58.el7.x86_64 4/9 | |
| 検証中 : libXrender-0.9.10-1.el7.x86_64 5/9 | |
| 検証中 : libXft-2.3.2-2.el7.x86_64 6/9 | |
| 検証中 : 1:tix-8.4.3-12.el7.x86_64 7/9 | |
| 検証中 : 1:tk-8.5.13-6.el7.x86_64 8/9 | |
| 検証中 : python-tools-2.7.5-58.el7.x86_64 9/9 | |
| インストール: | |
| libffi-devel.x86_64 0:3.0.13-18.el7 python-devel.x86_64 0:2.7.5-58.el7 | |
| python-tools.x86_64 0:2.7.5-58.el7 python-virtualenv.noarch 0:1.10.1-4.el7 | |
| 依存性関連をインストールしました: | |
| libXft.x86_64 0:2.3.2-2.el7 libXrender.x86_64 0:0.9.10-1.el7 tix.x86_64 1:8.4.3-12.el7 | |
| tk.x86_64 1:8.5.13-6.el7 tkinter.x86_64 0:2.7.5-58.el7 | |
| 完了しました! | |
| Creating virtual environment... | |
| Installing Python packages... | |
| Installation succeeded. | |
| Saving debug log to /var/log/letsencrypt/letsencrypt.log | |
| Plugins selected: Authenticator apache, Installer apache | |
| Enter email address (used for urgent renewal and security notices) (Enter 'c' to | |
| cancel): [email protected] | |
| ------------------------------------------------------------------------------- | |
| Please read the Terms of Service at | |
| https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must | |
| agree in order to register with the ACME server at | |
| https://acme-v01.api.letsencrypt.org/directory | |
| ------------------------------------------------------------------------------- | |
| (A)gree/(C)ancel: A | |
| ------------------------------------------------------------------------------- | |
| Would you be willing to share your email address with the Electronic Frontier | |
| Foundation, a founding partner of the Let's Encrypt project and the non-profit | |
| organization that develops Certbot? We'd like to send you email about EFF and | |
| our work to encrypt the web, protect its users and defend digital rights. | |
| ------------------------------------------------------------------------------- | |
| (Y)es/(N)o: Y | |
| No names were found in your configuration files. Please enter in your domain | |
| name(s) (comma and/or space separated) (Enter 'c' to cancel): *.mumumu.org | |
| Obtaining a new certificate | |
| The currently selected ACME CA endpoint does not support issuing wildcard certificates. | |
| IMPORTANT NOTES: | |
| - Your account credentials have been saved in your Certbot | |
| configuration directory at /etc/letsencrypt. You should make a | |
| secure backup of this folder now. This configuration directory will | |
| also contain certificates and private keys obtained by Certbot so | |
| making regular backups of this folder is ideal. | |
| ----- | |
| $ ./certbot-auto certonly --manual -d *.mumumu.org -m [email protected] --agree-tos --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory | |
| Requesting to rerun ./certbot-auto with root privileges... | |
| Saving debug log to /var/log/letsencrypt/letsencrypt.log | |
| Plugins selected: Authenticator manual, Installer None | |
| ------------------------------------------------------------------------------- | |
| Would you be willing to share your email address with the Electronic Frontier | |
| Foundation, a founding partner of the Let's Encrypt project and the non-profit | |
| organization that develops Certbot? We'd like to send you email about EFF and | |
| our work to encrypt the web, protect its users and defend digital rights. | |
| ------------------------------------------------------------------------------- | |
| (Y)es/(N)o: Y | |
| Obtaining a new certificate | |
| Performing the following challenges: | |
| dns-01 challenge for mumumu.org | |
| ------------------------------------------------------------------------------- | |
| Please deploy a DNS TXT record under the name | |
| _acme-challenge.mumumu.org with the following value: | |
| EMrgPck6RgUaFBgBV9T-CzFGrFYEhh4_Fv4zASAy6Ck | |
| Before continuing, verify the record is deployed. | |
| ------------------------------------------------------------------------------- | |
| Press Enter to Continue | |
| Waiting for verification... | |
| Cleaning up challenges | |
| IMPORTANT NOTES: | |
| - Congratulations! Your certificate and chain have been saved at: | |
| /etc/letsencrypt/live/mumumu.org/fullchain.pem | |
| Your key file has been saved at: | |
| /etc/letsencrypt/live/mumumu.org/privkey.pem | |
| Your cert will expire on 2018-08-01. To obtain a new or tweaked | |
| version of this certificate in the future, simply run certbot-auto | |
| again. To non-interactively renew *all* of your certificates, run | |
| "certbot-auto renew" | |
| - Your account credentials have been saved in your Certbot | |
| configuration directory at /etc/letsencrypt. You should make a | |
| secure backup of this folder now. This configuration directory will | |
| also contain certificates and private keys obtained by Certbot so | |
| making regular backups of this folder is ideal. | |
| - If you like Certbot, please consider supporting our work by: | |
| Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate | |
| Donating to EFF: https://eff.org/donate-le |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment