ドメインの運用ならお名前.comレンタルサーバーにお任せ★月額990円(税込)〜★
taisuke@ubuntuserver:~$ sudo apt -y install certbot
taisuke@ubuntuserver:~$ sudo certbot certonly --webroot -w /var/www/html -d ご自身のサーバーのドメイン名
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
#初回のみメールアドレスの登録と利用条件への同意が必要
#受信可能なメールアドレスを指定
(Enter 'c' to cancel): ご自身のメールアドレス
Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server. Do you agree?
#利用条件に同意する
(Y)es/(N)o: Y
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
#Certbot 開発の非営利団体 Electronic Frontier Foundation にもメールアドレスを登録するか否か
(Y)es/(N)o: Y
Account registered.
Requesting a certificate for dns.srv.world
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/dns.srv.world/fullchain.pem
Key is saved at: /etc/letsencrypt/live/dns.srv.world/privkey.pem
This certificate expires on 2024-07-29.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
If you like Certbot, please consider supporting our work by:
- Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
- Donating to EFF: https://eff.org/donate-le
#[Successfully received certificate] と表示さえれば成功
#メッセージ中に記載の通り [/etc/letsencrypt/live/(FQDN)/] 配下に証明書が取得されている
#cert.pem ⇒ SSLサーバー証明書 (公開鍵含む)
#chain.pem ⇒ 中間証明書
#fullchain.pem ⇒ cert.pem と chain.pem が結合されたファイル
#privkey.pem ⇒ 公開鍵に対する秘密鍵
#Certbot パッケージはタイマーが付属
taisuke@ubuntuserver:~$ sudo systemctl status certbot.timer
- certbot.timer - Run certbot twice daily
Loaded: loaded (/usr/lib/systemd/system/certbot.timer; enabled; preset: en>
Active: active (waiting) since Mon 2024-04-29 13:18:16 UTC; 2min 37s ago
Trigger: Tue 2024-04-30 07:08:27 UTC; 17h left
Triggers: * certbot.service
taisuke@ubuntuserver:~$ sudo systemctl list-timers certbot.timer --no-pager
NEXT LEFT LAST PASSED UNIT ACTIVATES
Tue 2024-04-30 07:08:27 UTC 17h - - certbot.timer certbot.service
1 timers listed.
Pass --all to see loaded but inactive timers, too.
#デフォルトでは以下のように毎日 2回 [renew] 実行
taisuke@ubuntuserver:~$ sudo systemctl cat certbot.timer
#/lib/systemd/system/certbot.timer
[Unit]
Description=Run certbot twice daily
[Timer]
OnCalendar=--* 00,12:00:00
RandomizedDelaySec=43200
Persistent=true
[Install]
WantedBy=timers.target
taisuke@ubuntuserver:~$ sudo systemctl cat certbot.service
#/lib/systemd/system/certbot.service
[Unit]
Description=Certbot
Documentation=file:///usr/share/doc/python-certbot-doc/html/index.html
Documentation=https://certbot.eff.org/docs
[Service]
Type=oneshot
ExecStart=/usr/bin/certbot -q renew
PrivateTmp=true
#手動で更新する場合は以下
taisuke@ubuntuserver:~$ sudo certbot renew
ドメインの運用ならお名前.comレンタルサーバーにお任せ★月額990円(税込)〜★