Let’s Encryptのcertbot

更新
--preferred-challenges dns をつけると楽かも

root@web:~# certbot certonly --manual -d mkashi.com -d *.mkashi.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Cert is due for renewal, auto-renewing...
Renewing an existing certificate for mkashi.com and *.mkashi.com
Performing the following challenges:
http-01 challenge for mkashi.com
dns-01 challenge for mkashi.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Create a file containing just this data:

ck48nPsycUoOhojqZ6iPJBqmRYT7KU_8yYBM3bBLk90.itN2XGzz3VdjdVhcD7zDi9g6E3JsK_3bJtnXeMyStoU

And make it available on your web server at this URL:

https://mkashi.com/.well-known/acme-challenge/ck48nPsycUoOhojqZ6iPJBqmRYT7KU_8yYBM3bBLk90

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name
_acme-challenge.mkashi.com with the following value:

Khq-6OFrPRnEneJUbNpEub6pHhGyGNIDRIX8au0l5-k

Before continuing, verify the record is deployed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/mkashi.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/mkashi.com/privkey.pem
   Your certificate will expire on 2021-04-23. To obtain a new or
   tweaked version of this certificate in the future, simply run
   certbot again. To non-interactively renew *all* of your
   certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

root@web:~# systemctl restart apache2