moin.qmail.jp 単独の証明書であれば、nginx 下に確認ファイルを作成するだけでよいので、 自動でやれるだろう。

nginxでは今回取得の証明書を使うように修正する必要がある。-- ToshinoriMaeno 2021-06-28 03:47:47

1. djbdns

問題はその他の名前か。djbdns.qmail.jp とか。

-- ToshinoriMaeno 2021-06-28 03:51:10

/etc/nginx/conf.d

# more default.conf/
server {
    listen       443 ssl;
    server_name  moin2.qmail.jp moin.qmail.jp;
    #ssl_certificate     /etc/letsencrypt/live/qmail.jp/fullchain.pem;
    #ssl_certificate_key /etc/letsencrypt/live/qmail.jp/privkey.pem;

2. 更新

# certbot certonly -d moin.qmail.jp
Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Nginx Web Server plugin (nginx)
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-3] then [enter] (press 'c' to cancel): 1
Plugins selected: Authenticator nginx, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for moin.qmail.jp
Using default address 80 for authentication.
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/moin.qmail.jp/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/moin.qmail.jp/privkey.pem
   Your cert will expire on 2021-09-26. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

3. history


CategoryDns CategoryWatch CategoryTemplate

MoinQ: Letsencrypt/certbot/nginx (last edited 2021-06-28 03:55:28 by ToshinoriMaeno)