CSRを使った証明書作成をDNS認証で行う(作成)
# zerossl-bot certonly --csr <file/path/to/csr/file> --preferred-challenges dns --manual
・・・
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name:
_acme-challenge.<domain.name>. →DNSサーバーに登録するTXTレコードのキー名
with the following value:
<DNS Record Key> →DNSサーバーに登録するTXTレコードの値
Before continuing, verify the TXT record has been deployed. Depending on the DNS
provider, this may take some time, from a few seconds to multiple minutes. You can
check if it has finished deploying with aid of online tools, such as the Google
Admin Toolbox: https://toolbox.googleapps.com/apps/dig/#TXT/_acme-challenge.<domain.name>.
Look for one or more bolded line(s) below the line ';ANSWER'. It should show the
value(s) you've just added.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue →ここでDNSサーバーにTXTレコードを登録して反映されるまで待つ
Successfully received certificate.
Certificate is saved at: <current/path>/0000_cert.pem
Intermediate CA chain is saved at: <current/path>/0000_chain.pem
Full certificate chain is saved at: <current/path>/0001_chain.pem
This certificate expires on 2023-11-12.
NEXT STEPS:
- Certificates created using --csr will not be renewed automatically by Certbot. You will need to renew the certificate before it expires, by running the same Certbot command again.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ただ、csrで署名をする方法だと certificates で証明書が表示されないっぽい。
証明書を無効化する(&zerosslの証明書ストアから削除)
# zerossl-bot revoke --cert-path <file/path/to/certificate/file>
cert-pathじゃないとうまくいかないようです。