Buypassを使うと期限を180日にできる
$ acme.sh --set-default-ca --server buypass Changed default CA to: https://api.buypass.com/acme/directory
# acme.sh --register-account -m yourname@example.com [...... 2022] Registering account: https://api.buypass.com/acme/directory [...... 2022] Registered [...... 2022] ACCOUNT_THUMBPRINT='-DxxxxxxxAAAAAAAABBBBBBBBBBBBBBbCCCCCCCC'
DNSモードで行う
# acme.sh --server https://api.buypass.com/acme/directory --issue --dns -d sample.example.com --days 180 --yes-I-know-dns-manual-mode-enough-go-ahead-please [...... 2022] Using CA: https://api.buypass.com/acme/directory ..... [...... 2022] Add the following TXT record: [...... 2022] Domain: '_acme-challenge.sample.example.com' [...... 2022] TXT value: 'QQQQQQNNNNNNNN-28AAABBBBCCCCDDDDEEEEFFFF4' .....
表示されたトークンをDNSに登録1)
_acme-challenge.sample.example.com. IN TXT "QQQQQQNNNNNNNN-28AAABBBBCCCCDDDDEEEEFFFF4"
発行
# acme.sh --server https://api.buypass.com/acme/directory --issue --renew --dns -d sample.example.com --days 180 --yes-I-know-dns-manual-mode-enough-go-ahead-please Renew: 'sample.example.com' Using CA: https://api.buypass.com/acme/directory ...... Success ...... Cert success. [証明書表示] ......
以下のファイルが作成されている
ca.cer fullchain.cer sample.example.com.cer sample.example.com.conf sample.example.com.csr sample.example.com.csr.conf sample.example.com.key
今回は、nginxのproxyで使用するので以下のようにコピーする2)
cp fullchain.cer /PATH/to/cert/sample.example.com.cer cp sample.example.com.key /PATH/to/cert/sample.example.com
これで良いはず4)
# acme.sh --server https://api.buypass.com/acme/directory --issue --renew --dns -d sample.example.com --days 180 --yes-I-know-dns-manual-mode-enough-go-ahead-please --force
新しい証明書発行されるのでコピーしてreload