moin.qmail.jp 単独の証明書であれば、nginx 下に確認ファイルを作成するだけでよいので、 自動でやれるだろう。
nginxでは今回取得の証明書を使うように修正する必要がある。-- ToshinoriMaeno 2021-06-28 03:47:47
- そうしておけば、renewは簡単にいくはずだ。
1. djbdns
問題はその他の名前か。djbdns.qmail.jp とか。
- しばらくはマニュアルで対応して、そのうちに廃止するのがよいか。3か月に一度の操作だから。
-- ToshinoriMaeno 2021-06-28 03:51:10
/etc/nginx/conf.d
# more default.conf/
server {
listen 443 ssl;
server_name moin2.qmail.jp moin.qmail.jp;
#ssl_certificate /etc/letsencrypt/live/qmail.jp/fullchain.pem;
#ssl_certificate_key /etc/letsencrypt/live/qmail.jp/privkey.pem;
2. 更新
# certbot certonly -d moin.qmail.jp Saving debug log to /var/log/letsencrypt/letsencrypt.log How would you like to authenticate with the ACME CA? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: Nginx Web Server plugin (nginx) 2: Spin up a temporary webserver (standalone) 3: Place files in webroot directory (webroot) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-3] then [enter] (press 'c' to cancel): 1 Plugins selected: Authenticator nginx, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for moin.qmail.jp Using default address 80 for authentication. Waiting for verification... Cleaning up challenges IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/moin.qmail.jp/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/moin.qmail.jp/privkey.pem Your cert will expire on 2021-09-26. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le