Let's Encrypt(certbot)

$ cat certbot.sh

docker run -it --rm --name certbot \

  -v '/etc/letsencrypt:/etc/letsencrypt' \

  -v '/var/lib/letsencrypt:/var/lib/letsencrypt' \

  certbot/certbot certonly -d '*.4wxyz.com' \

  --manual --preferred-challenges dns.

  --server https://acme-v02.api.letsencrypt.org/directory

 

$ chmod +x certbot.sh

 

$ sh certbot.sh

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Plugins selected: Authenticator manual, Installer None

Obtaining a new certificate

Performing the following challenges:

dns-01 challenge for 4wxyz.com

 

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

NOTE: The IP of this machine will be publicly logged as having requested this

certificate. If you're running certbot in manual mode on a machine that is not

your server, please ensure you're okay with that.

 

Are you OK with your IP being logged?

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

(Y)es/(N)o: y

 

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Please deploy a DNS TXT record under the name

_acme-challenge.4wxyz.com with the following value:

 

UTECS7sGUjtKAMICmqn9t9owcxFgRgjy6Wwx64SAPBk

 

Before continuing, verify the record is deployed.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Press Enter to Continue

 

<=== Register txt record on dns server(/etc/resolv.conf Authoritative DNS server) ===>

 

Waiting for verification...

Cleaning up challenges

 

IMPORTANT NOTES:

 - Congratulations! Your certificate and chain have been saved at:

   /etc/letsencrypt/live/4wxyz.com/fullchain.pem

   Your key file has been saved at:

   /etc/letsencrypt/live/4wxyz.com/privkey.pem

   Your cert will expire on 2019-09-09. To obtain a new or tweaked

   version of this certificate in the future, simply run certbot

   again. To non-interactively renew *all* of your certificates, run

   "certbot renew"

 - If you like Certbot, please consider supporting our work by:

 

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate

   Donating to EFF:                    https://eff.org/donate-le

 

$ ls -l /etc/letsencrypt/live/4wxyz.com/*

lrwxrwxrwx 1 root root  33 Jun 11 14:14 /etc/letsencrypt/live/4wxyz.com/cert.pem -> ../../archive/4wxyz.com/cert1.pem

lrwxrwxrwx 1 root root  34 Jun 11 14:14 /etc/letsencrypt/live/4wxyz.com/chain.pem -> ../../archive/4wxyz.com/chain1.pem

lrwxrwxrwx 1 root root  38 Jun 11 14:14 /etc/letsencrypt/live/4wxyz.com/fullchain.pem -> ../../archive/4wxyz.com/fullchain1.pem

lrwxrwxrwx 1 root root  36 Jun 11 14:14 /etc/letsencrypt/live/4wxyz.com/privkey.pem -> ../../archive/4wxyz.com/privkey1.pem

-rw-r--r-- 1 root root 692 Jun 11 14:14 /etc/letsencrypt/live/4wxyz.com/README

 

 

$ sh certbot_renew.sh

docker run -it --rm --name certbot \

  -v '/etc/letsencrypt:/etc/letsencrypt' \

  -v '/var/lib/letsencrypt:/var/lib/letsencrypt' \

  certbot/certbot --renew-by-default certonly -d '*.4wxyz.com' \

  --manual --preferred-challenges dns \

  --server https://acme-v02.api.letsencrypt.org/directory

 

$ chmod +x certbot_renew.sh

 

$ sh certbot_renew.sh

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Plugins selected: Authenticator manual, Installer None

Renewing an existing certificate

 

IMPORTANT NOTES:

 - Congratulations! Your certificate and chain have been saved at:

   /etc/letsencrypt/live/4wxyz.com/fullchain.pem

   Your key file has been saved at:

   /etc/letsencrypt/live/4wxyz.com/privkey.pem

   Your cert will expire on 2019-09-09. To obtain a new or tweaked

   version of this certificate in the future, simply run certbot

   again. To non-interactively renew *all* of your certificates, run

   "certbot renew"

 - If you like Certbot, please consider supporting our work by:

 

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate

   Donating to EFF:                    https://eff.org/donate-le

 

$ crontab -l

### domain renew

00 10 1-7 * *   [ "`date '+\%a'`" == Mon ] && /bin/bash /app/letsencrypt/certbot_renew.sh > /dev/null 2>&1

'___기타' 카테고리의 다른 글

[open source] knockpy : Subdomain Scanner  (0) 2019.08.07
Let's Encrypt(certbot)  (0) 2019.06.11
[MAC] geoiplookup 명령어 설치  (0) 2018.09.07
[URL] Rackmonkey  (0) 2017.06.07
[ANSIBLE] 계정 생성 및 삭제  (0) 2017.04.25
[ANSIBLE] 일반 계정 생성  (0) 2017.04.25
댓글 남기기
◀ PREV 123456···44 NEXT ▶