0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 1 year has passed since last update.

ZeroSSL(ACME)でCSRを使ってDNS認証で証明書を作成

Last updated at Posted at 2023-08-14

CSRを使った証明書作成をDNS認証で行う(作成)

# zerossl-bot certonly --csr <file/path/to/csr/file> --preferred-challenges dns --manual
・・・
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name:

_acme-challenge.<domain.name>.  →DNSサーバーに登録するTXTレコードのキー名

with the following value:

<DNS Record Key> →DNSサーバーに登録するTXTレコードの値

Before continuing, verify the TXT record has been deployed. Depending on the DNS
provider, this may take some time, from a few seconds to multiple minutes. You can
check if it has finished deploying with aid of online tools, such as the Google
Admin Toolbox: https://toolbox.googleapps.com/apps/dig/#TXT/_acme-challenge.<domain.name>.
Look for one or more bolded line(s) below the line ';ANSWER'. It should show the
value(s) you've just added.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue  →ここでDNSサーバーにTXTレコードを登録して反映されるまで待つ

Successfully received certificate.
Certificate is saved at:            <current/path>/0000_cert.pem
Intermediate CA chain is saved at:  <current/path>/0000_chain.pem
Full certificate chain is saved at: <current/path>/0001_chain.pem
This certificate expires on 2023-11-12.

NEXT STEPS:
- Certificates created using --csr will not be renewed automatically by Certbot. You will need to renew the certificate before it expires, by running the same Certbot command again.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

ただ、csrで署名をする方法だと certificates で証明書が表示されないっぽい。

証明書を無効化する(&zerosslの証明書ストアから削除)

# zerossl-bot revoke --cert-path <file/path/to/certificate/file>

cert-pathじゃないとうまくいかないようです。

0
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?