表題の通り、Slackware 64 current上で Let’s Encryptから証明書を発行してみた。
rootにて
mkdir -p /etc/letsencrypt/{accounts,renewal,keys,archive,live,csr}
mkdir -p /var/lib/letsencrypt/backups
mkdir -p /var/log/letsencrypt
touch /etc/letsencrypt/cli.ini
touch /var/log/letsencrypt/letsencrypt.log
rootで作ったディレクトリのオーナーをシステムユーザーのものに
/etc/以下なので rootでいい気がするので rootのままに
chown -R USER /etc/letsencrypt/ /var/lib/letsencrypt/ /var/log/letsencrypt/
先に指定したシステムユーザーにて証明書を作る。*1
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
tools/venv.py
source venv/bin/activate
certbot certonly -a manual -d www.globefish.jp
メールアドレス、規約への同意、お知らせ等送ることの是非を問われた後、ドメイン所有者の確認に。
root@HOST:~/letsencrypt# source venv/bin/activate
(venv) root@HOST:~/letsencrypt# certbot certonly -a manual -d www.globefish.jp
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel): mail@example.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: n
Account registered.
Requesting a certificate for www.globefish.jp
Performing the following challenges:
http-01 challenge for www.globefish.jp
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Create a file containing just this data:
BlcdSD6Qfkqa9Qr92fnTQm-AYn0p3N4L1JOvXSlAyGE.DAzWu39FGBSqufj4kwHKypN_8qZwAJr7hvpnorRhDoo
And make it available on your web server at this URL:
http://www.globefish.jp/.well-known/acme-challenge/BlcdSD6Qfkqa9Qr92fnTQm-AYn0p3N4L1JOvXSlAyGE
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
ここで Enterを押すとすぐさま確認に行って失敗するので、指定されたパスに指定された内容を含むファイルを作ってから Enterを。
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/www.globefish.jp/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/www.globefish.jp/privkey.pem
Your certificate will expire on 2021-06-29. To obtain a new or
tweaked version of this certificate in the future, simply run
certbot again. To non-interactively renew *all* of your
certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
(venv) root@HOST:~/letsencrypt#
有効期限*2 と証明書の場所が出力されるのでメモ。
FYI: [SOLVED] Let’s Encrypt
FYI: SlackwareでLet’s Encryptは難しいけどなんとかなった模様^^; – JE1SGH BLOG TLS1.2