shuzo-kino.hateblo.jp
の続き物
今度は、存在しているLightsail + Let's Encryptの組合わせを更新する方法について
実際のところ
$ DOMAIN=your.domain $ WILDCARD=*.$DOMAIN
前回の手順でcertbotは入っているはずなので……
$ sudo certbot -d $DOMAIN -d $WILDCARD --manual --preferred-challenges dns certonly Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator manual, Installer None Cert is due for renewal, auto-renewing... Renewing an existing certificate Performing the following challenges: dns-01 challenge for DOMAIN
IPアドレスが記録される旨が表示されるので、よければ「y」
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - NOTE: The IP of this machine will be publicly logged as having requested this certificate. If you're running certbot in manual mode on a machine that is not your server, please ensure you're okay with that. Are you OK with your IP being logged? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: y
例のごとく、TXTレコードの更新。
LightSailの「Networking」にある「DNS Zone」で指示されたキーをTXTレコード「_acme-challenge」の値として反映
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please deploy a DNS TXT record under the name _acme-challenge.DOMAIN with the following value: XXX Before continuing, verify the record is deployed. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Press Enter to Continue Waiting for verification... Cleaning up challenges
今回は一個のみ反映で通りました。
IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/mtmsystems.jp/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/DOMAIN/privkey.pem Your cert will expire on 2023-XX-YY. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le