Let’s Encrypt 複数のドメインに対応したサーバー証明書に後からホストを追加するには?

/ Linux / By
ショコラ
ショコラ

Let’s Encrypt 複数のドメインに対応したサーバー証明書に後からホストを追加するには?

取得と同じ感じでいけました。
「certbot certonly -d {ホスト名1} -d {ホスト名2} -d {追加するホスト名3} -m {メールアドレス}」でキメマス。の
「certbot certonly」コマンドの一番左の -d のホストがメインになって、証明書が作られる感じかなぁ。

もっさん先輩
もっさん先輩
certbot certonly -d {ホスト名1} -d {ホスト名2} -d {追加するホスト名3} -m {メールアドレス}

「-d {ホスト名}」を複数書きます。1つのサーバー証明書で複数のドメインに使えます。

# certbot certonly -d answorz.com -d tokyo.answorz.com -d osaka.answorz.com -m mossan@answorz.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Plugins selected: Authenticator standalone, Installer None

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/answorz.com.conf)

It contains these names: answorz.com

You requested these names for the new certificate: answorz.com, tokyo.answorz.com,
answorz.com.

Do you want to expand and replace this existing certificate with the new
certificate?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(E)xpand/(C)ancel: E
Renewing an existing certificate for answorz.com and 2 more domains
Performing the following challenges:
http-01 challenge for osaka.answorz.com
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/answorz.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/answorz.com/privkey.pem
   Your certificate will expire on 2023-01-11. To obtain a new or
   tweaked version of this certificate in the future, simply run
   certbot again. To non-interactively renew *all* of your
   certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

/etc/letsencrypt/live/answorz.com に証明書ファイルが作成されました。

以上

Scroll to Top