serverapps:security:cert:acmesh:letsencrypt

差分

このページの2つのバージョン間の差分を表示します。

この比較画面へのリンク

--- serverapps:security:cert:acmesh:letsencrypt [2024/12/09 06:29] – [Serevr] hayashi
+++ serverapps:security:cert:acmesh:letsencrypt [2024/12/09 09:36] (現在) – [ACME チャレンジの設定] hayashi
@@ 行 1: / 行 1: @@
 ====== Let's Encrypt======
-===== Serevr =====
+以下の様にnginxでproxyを構成している前提
-指定方法
+<code>
-  acme.sh --issue ....   --server  letsencrypt_test
+    _____         +-----+             +------+
-  -or-
+ __(     )_       |nginx|             | WEB  |
-  acme.sh --issue ....   --server  https://acme-staging-v02.api.letsencrypt.org/directory
+(_Internet_)======|proxy|=============|Server|
+  (______)        +-----+             +------+
+</code>
+acme.shはこの前段のnginxで動作しているものとします
+===== Default server =====
+  $ acme.sh --set-default-ca --server letsencrypt_test
+   Changed default CA to: https://acme-staging-v02.api.letsencrypt.org/directory
+===== レジスト =====
+  # acme.sh --register-account -m yourname@example.com
+  [...... 2022] Registering account: https://api.buypass.com/acme/directory
+  [...... 2022] Registered
+  [...... 2022] ACCOUNT_THUMBPRINT='-DxxxxxxxAAAAAAAABBBBBBBBBBBBBBbCCCCCCCC'
+===== Nginx Proxyの設定 =====
+==== webroot ディレクトリの作成 ====
+  mkdir -p /usr/local/www/acme-root/.well-known/acme-challenge
+  chown -R www:www /usr/local/www/acme-root
+==== ACME チャレンジの設定 ====
+これは別ファイルとして必要に応じて組み込む
+<file config /usr/local/etc/nginx/includes/acme-webroot>
+location /.well-known/acme-challenge/ {
+    alias /usr/local/www/acme-root/.well-known/acme-challenge/;
+}
+</file>
+==== Virtual hostの例 ====
+<file - /usr/local/etc/nginx/sites-enabled/default>
+server {
+    listen 80;
+    server_name mydomain.com;
+    # ....
+    # Let's Encrypt webroot
+    include includes/acme-webroot;
+}
+</file>
+=== domainが複数の場合の例 ===
+  server_name 1.mydomain.com 2.mydomain.com 3.mydomain.com;
+  または
+  server_name *.mydomain.com *.testmydomain.com;
+===== 証明書発行 =====
-^Short Name^ACME server URL^Usage Wiki^
-|letsencrypt|https://acme-v02.api.letsencrypt.org/directory|N/A|
-|letsencrypt_test|https://acme-staging-v02.api.letsencrypt.org/directory|N/A|
-|buypass|https://api.buypass.com/acme/directory|[[https://github.com/acmesh-official/acme.sh/wiki/BuyPass.com-CA|BuyPass.com CA]]|
-|buypass_test|https://api.test4.buypass.no/acme/directory|[[https://github.com/acmesh-official/acme.sh/wiki/BuyPass.com-CA|BuyPass.com CA]]|
-|zerossl|https://acme.zerossl.com/v2/DV90|[[https://github.com/acmesh-official/acme.sh/wiki/ZeroSSL.com-CA|ZeroSSL.com CA]]|
-|sslcom|https://acme.ssl.com/sslcom-dv-rsa, https://acme.ssl.com/sslcom-dv-ecc|[[https://github.com/acmesh-official/acme.sh/wiki/SSL.com-CA|SSL.com CA]]|
-|google|https://dv.acme-v02.api.pki.goog/directory|[[https://github.com/acmesh-official/acme.sh/wiki/Google-Public-CA|Google Public CA]]|
-|googletest|https://dv.acme-v02.test-api.pki.goog/directory|[[https://github.com/acmesh-official/acme.sh/wiki/Google-Public-CA|Google Public CA]]|

serverapps/security/cert/acmesh/letsencrypt.1733725770.txt.gz · 最終更新: 2024/12/09 06:29 by hayashi