おばた内科で発見された SSL の期限切れ (2026/04/01)
LetsEncriptで取得するとここのパスにSSLができる
server {
server_name frey.norn-norm.work;
server_tokens off;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/frey.norn-norm.work-0001/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/frey.norn-norm.work-0001/privkey.pem; # managed by Certbot
root /home/yama/public_html;
index index.html index.htm index.php;
autoindex on;
[yama][08:58:03] ~% ls -al /etc/letsencrypt/ 26-04-01[yama05]
合計 104
drwxr-xr-x 9 root root 4096 Apr 1 08:47 .
drwxr-xr-x 151 root root 12288 Jan 13 15:01 ..
drwxr-xr-x 4 root root 4096 Feb 17 2023 accounts
drwx------ 13 root root 4096 Jul 17 2024 archive
-rw-r--r-- 1 root root 121 Feb 11 2019 cli.ini
drwxr-xr-x 2 root root 20480 Mar 25 17:32 csr
drwx------ 2 root root 20480 Mar 25 17:32 keys
drwx------ 13 root root 4096 Jul 17 2024 live
-rw-r--r-- 1 root root 742 Mar 3 2021 options-ssl-nginx.conf
drwxr-xr-x 2 root root 4096 Mar 25 17:33 renewal
drwxr-xr-x 5 root root 4096 Mar 3 2021 renewal-hooks
-rw-r--r-- 1 root root 424 Mar 3 2021 ssl-dhparams.pem
-rw-r--r-- 1 root root 64 Mar 3 2021 .updated-options-ssl-nginx-conf-digest.txt
-rw-r--r-- 1 root root 64 Mar 3 2021 .updated-ssl-dhparams-pem-digest.txt
[yama][08:59:29] ~% 26-04-01[yama05]
certbot を入れないとまずい
Last login: Wed Apr 1 08:53:36 2026 from 114.179.115.78
[alma@wl-ex ~]$ which certbot
/usr/bin/which: no certbot in (/home/alma/.local/bin:/home/alma/bin:/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/usr/local/bin)
[alma@wl-ex ~]$
[alma@wl-ex ~]$ cat /etc/os-release
NAME="AlmaLinux"
VERSION="9.1 (Lime Lynx)"
ID="almalinux"
ID_LIKE="rhel centos fedora"
VERSION_ID="9.1"
PLATFORM_ID="platform:el9"
PRETTY_NAME="AlmaLinux 9.1 (Lime Lynx)"
ANSI_COLOR="0;34"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:almalinux:almalinux:9::baseos"
HOME_URL="https://almalinux.org/"
DOCUMENTATION_URL="https://wiki.almalinux.org/"
BUG_REPORT_URL="https://bugs.almalinux.org/"
ALMALINUX_MANTISBT_PROJECT="AlmaLinux-9"
ALMALINUX_MANTISBT_PROJECT_VERSION="9.1"
REDHAT_SUPPORT_PRODUCT="AlmaLinux"
REDHAT_SUPPORT_PRODUCT_VERSION="9.1"
[alma@wl-ex ~]$
certbotを入れるためにsnapdを入れる
[alma@wl-ex ~]$ sudo snap install --classic certbot
sudo: snap: command not found
[alma@wl-ex ~]$ yum -y install snapd
Error: This command has to be run with superuser privileges (under the root user on most systems).
[alma@wl-ex ~]$ su -
Password:
su: Authentication failure
[alma@wl-ex ~]$ sudo yum -y install snapd
Last metadata expiration check: 0:41:29 ago on Wed 01 Apr 2026 08:29:00 AM JST.
Dependencies resolved.
=========================================================================================================================================================================================
Package Architecture Version Repository Size
=========================================================================================================================================================================================
Installing:
snapd x86_64 2.74.1-1.el9 epel 19 M
Upgrading:
audit x86_64 3.1.5-7.el9 baseos 254 k
audit-libs x86_64 3.1.5-7.el9 baseos 121 k
[alma@wl-ex ~]$ sudo systemctl enable snapd.socket --now
Created symlink /etc/systemd/system/sockets.target.wants/snapd.socket → /usr/lib/systemd/system/snapd.socket.
※コマンドが使いやすいようにシンボリックリンク
[alma@wl-ex ~]$ ln -s /var/lib/snapd/snap /snap
ln: failed to create symbolic link '/snap': Permission denied
[alma@wl-ex ~]$ sudo ln -s /var/lib/snapd/snap /snap
[alma@wl-ex ~]$
certbotが入れられるはず
[alma@wl-ex ~]$ sudo snap install --classic certbot
error: too early for operation, device not yet seeded or device model not acknowledged
[alma@wl-ex ~]$ sudo snap install --classic certbot
Download snap "snapd" (26382) from channel "stable" 39% 5.91MB/s 5.20s
※インストール完了
[alma@wl-ex ~]$ sudo snap install --classic certbot
2026-04-01T09:14:49+09:00 INFO Waiting for automatic snapd restart...
certbot 5.4.0 from Certbot Project (certbot-eff✓) installed
[alma@wl-ex ~]$
※コマンドとして発行できるように
[alma@wl-ex ~]$ sudo ln -s /snap/bin/certbot /usr/bin/certbot
[alma@wl-ex ~]$
※どのサーバが動いているか?
[alma@wl-ex ~]$ ps aux|grep apache
apache 1119672 0.0 0.7 53252 30784 ? S Mar29 0:00 /usr/sbin/httpd -DFOREGROUND
apache 1119673 0.0 1.5 2487016 63248 ? Sl Mar29 1:23 /usr/sbin/httpd -DFOREGROUND
apache 1119674 0.0 1.5 2355748 62620 ? Sl Mar29 1:38 /usr/sbin/httpd -DFOREGROUND
apache 1119675 0.0 1.5 2290212 62128 ? Sl Mar29 1:23 /usr/sbin/httpd -DFOREGROUND
apache 1119891 0.0 1.6 2355748 64744 ? Sl Mar29 2:05 /usr/sbin/httpd -DFOREGROUND
alma 1145924 0.0 0.0 6408 2148 pts/1 S+ 09:20 0:00 grep --color=auto apache
[alma@wl-ex ~]$
waitless-emeg@alion88.com 一旦これをメールアドレスとして登録する
※認証とインストールには Apache プラグインを使用します ※このコマンドだと個別が作られるからキャンセル
[alma@wl-ex ~]$ sudo certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address or hit Enter to skip.
(Enter 'c' to cancel): waitless-emeg@alion88.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at:
https://letsencrypt.org/documents/LE-SA-v1.6-August-18-2025.pdf
You must agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N
Account registered.
Which names would you like to activate HTTPS for?
We recommend selecting either all domains, or all domains in a VirtualHost/server block.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: hosp-yoshimura.waitless-ex.com
2: jahirobyo.waitless-ex.com
3: matsuzawa.waitless-ex.com
4: obata-naika.waitless-ex.com
5: seeds-clinic.waitless-ex.com
6: stcc.waitless-ex.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): c
Please specify --domains, --ip-address, or --installer that will help in domain names autodiscovery, or --cert-name for an existing certificate name.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
[alma@wl-ex ~]$
マルチドメイン系のオプションを設定するとおこられた => アクセスできないってエラーだと思われる
[alma@wl-ex ~]$ sudo certbot --apache --cert-name waitless-ex.com --domain waitless-ex.com --domain *.waitless-ex.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for waitless-ex.com and *.waitless-ex.com
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
[alma@wl-ex ~]$
HTTPチャレンジができるように動作条件を緩和
[alma@wl-ex ~]$ cat /etc/httpd/conf.d/httpd-waitless.conf
# ヘッダーでのバージョン情報隠匿
ServerTokens Prod
# サーバーのシグネチャを非公開にする
ServerSignature Off
# phpのバージョン情報隠匿
Header unset X-Powered-By
# 逆引き禁止
HostnameLookups Off
# タイムアウトを短く
Timeout 10
# トレースの無効化
TraceEnable Off
# クリックジャッキング対策
Header append X-Frame-Options SAMEORIGIN
# クロスサイトスクリプティング(XSS)を防止する
Header set X-XSS-Protection "1; mode=block"
# MIMEタイプのスニッフィングを防止
Header set X-Content-Type-Options nosniff
# httpのリクエストをブラウザ側でhttpsに変える機能を有効化
#Header always set Strict-Transport-Security "max-age=63072000"
# アクセス元IPを参照するための設定
ProxyAddHeaders On
RemoteIPHeader X-Forwarded-For
<Directory "/var/www/html">
#
Options FollowSymLinks
#
AllowOverride All
# Controls who can get stuff from this server.
Require all granted
</Directory>
[alma@wl-ex ~]$ sudo vi /etc/httpd/conf.d/httpd-waitless.conf
[alma@wl-ex ~]$ sudo vi /etc/httpd/conf.d/httpd-waitless.conf
[alma@wl-ex ~]$ cat /etc/httpd/conf.d/httpd-waitless.conf
# ヘッダーでのバージョン情報隠匿
ServerTokens Prod
# サーバーのシグネチャを非公開にする
ServerSignature Off
# phpのバージョン情報隠匿
Header unset X-Powered-By
# 逆引き禁止
HostnameLookups Off
# タイムアウトを短く
Timeout 10
# トレースの無効化
TraceEnable Off
# クリックジャッキング対策
Header append X-Frame-Options SAMEORIGIN
# クロスサイトスクリプティング(XSS)を防止する
Header set X-XSS-Protection "1; mode=block"
# MIMEタイプのスニッフィングを防止
Header set X-Content-Type-Options nosniff
# httpのリクエストをブラウザ側でhttpsに変える機能を有効化
#Header always set Strict-Transport-Security "max-age=63072000"
# アクセス元IPを参照するための設定
ProxyAddHeaders On
RemoteIPHeader X-Forwarded-For
<Directory "/var/www/html">
#
Options FollowSymLinks
#
AllowOverride All
# Controls who can get stuff from this server.
Require all granted
</Directory>
<Directory "/var/www/html/.well-known/acme-challenge/">
Options -Indexes
AllowOverride None
Require all granted
</Directory>
[alma@wl-ex ~]$
[alma@wl-ex ~]$ sudo systemctl reload httpd
[alma@wl-ex ~]$
[alma@wl-ex ~]$ sudo certbot --apache --cert-name waitless-ex.com --domain waitless-ex.com --domain "*.waitless-ex.com"
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for waitless-ex.com and *.waitless-ex.com
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
[alma@wl-ex ~]$ sudo certbot --apache --cert-name waitless-ex.com --preferred-challenges dns --domain waitless-ex.com --domain "*.waitless-ex.com"
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for waitless-ex.com and *.waitless-ex.com
None of the preferred challenges are supported by the selected plugin
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
[alma@wl-ex ~]$
※オプションが増えていっているらしい
[alma@wl-ex ~]$ sudo certbot certonly --cert-name waitless-ex.com --preferred-challenges dns --domain waitless-ex.com --domain "*.waitless-ex.com"
Saving debug log to /var/log/letsencrypt/letsencrypt.log
How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Apache Web Server plugin (apache)
2: Runs an HTTP server locally which serves the necessary validation files under
the /.well-known/acme-challenge/ request path. Suitable if there is no HTTP
server already running. HTTP challenge only (wildcards not supported).
(standalone)
3: Saves the necessary validation files to a .well-known/acme-challenge/
directory within the nominated webroot path. A separate HTTP server must be
running and serving files from the webroot path. HTTP challenge only (wildcards
not supported). (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-3] then [enter] (press 'c' to cancel): 3
Requesting a certificate for waitless-ex.com and *.waitless-ex.com
None of the preferred challenges are supported by the selected plugin
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
[alma@wl-ex ~]$
※通るオプションの組み合わせは見つけたが弾かれた
[alma@wl-ex html]$ sudo chown -R apache:apache ./.well-known/
[alma@wl-ex html]$ sudo ls -al ./.well-known/
total 12
drwxr-xr-x 3 apache apache 4096 Apr 1 09:53 .
drwxr-xr-x 3 root root 4096 Apr 1 09:53 ..
drwxr-xr-x 2 apache apache 4096 Apr 1 09:53 acme-challenge
[alma@wl-ex html]$
[alma@wl-ex html]$ sudo chown -R apache:apache ./.well-known/
[alma@wl-ex html]$ sudo ls -al ./.well-known/
total 12
drwxr-xr-x 3 apache apache 4096 Apr 1 09:53 .
drwxr-xr-x 3 root root 4096 Apr 1 09:53 ..
drwxr-xr-x 2 apache apache 4096 Apr 1 09:53 acme-challenge
[alma@wl-ex html]$ ls -al /var/www/html/.well-known/acme-challenge/
total 8
drwxr-xr-x 2 apache apache 4096 Apr 1 09:53 .
drwxr-xr-x 3 apache apache 4096 Apr 1 09:53 ..
[alma@wl-ex html]$
もう一度
[yama][09:17:50] ~% dig _acme-challenge.waitless-ex.com txt 26-04-01[yama05]
; <<>> DiG 9.18.30-0ubuntu0.20.04.2-Ubuntu <<>> _acme-challenge.waitless-ex.com txt
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9586
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;_acme-challenge.waitless-ex.com. IN TXT
;; ANSWER SECTION:
_acme-challenge.waitless-ex.com. 3600 IN TXT "MYgJacjeSuGRZ9UxdhVlbvzfVut3fUWQnUeNj8EVykE"
;; Query time: 63 msec
;; SERVER: 133.242.0.3#53(133.242.0.3) (UDP)
;; WHEN: Wed Apr 01 10:17:56 JST 2026
;; MSG SIZE rcvd: 116
[yama][10:17:56] ~% 26-04-01[yama05]
[alma@wl-ex ~]$ sudo certbot certonly --cert-name waitless-ex.com --webroot-path "/var/www/html/" --preferred-challenges dns --domain "waitless-ex.com" --domain "*.waitless-ex.com" -v
Saving debug log to /var/log/letsencrypt/letsencrypt.log
How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Apache Web Server plugin (apache)
2: Runs an HTTP server locally which serves the necessary validation files under
the /.well-known/acme-challenge/ request path. Suitable if there is no HTTP
server already running. HTTP challenge only (wildcards not supported).
(standalone)
3: Saves the necessary validation files to a .well-known/acme-challenge/
directory within the nominated webroot path. A separate HTTP server must be
running and serving files from the webroot path. HTTP challenge only (wildcards
not supported). (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-3] then [enter] (press 'c' to cancel): 1
Plugins selected: Authenticator apache, Installer apache
Requesting a certificate for waitless-ex.com and *.waitless-ex.com
Performing the following challenges:
None of the preferred challenges are supported by the selected plugin
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
[alma@wl-ex ~]$ sudo certbot certonly --manual --preferred-challenges dns --cert-name waitless-ex.com -d "waitless-ex.com" -d "*.waitless-ex.com"
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for waitless-ex.com and *.waitless-ex.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name:
_acme-challenge.waitless-ex.com.
with the following value:
HssEaZG9SU80dPNicWjTeD2Sm85zhvZlGk5EiP9yAkw
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name:
_acme-challenge.waitless-ex.com.
with the following value:
MYgJacjeSuGRZ9UxdhVlbvzfVut3fUWQnUeNj8EVykE
(This must be set up in addition to the previous challenges; do not remove,
replace, or undo the previous challenge tasks yet. Note that you might be
asked to create multiple distinct TXT records with the same name. This is
permitted by DNS standards.)
Before continuing, verify the TXT record has been deployed. Depending on the DNS
provider, this may take some time, from a few seconds to multiple minutes. You can
check if it has finished deploying with aid of online tools, such as the Google
Admin Toolbox: https://toolbox.googleapps.com/apps/dig/#TXT/_acme-challenge.waitless-ex.com.
Look for one or more bolded line(s) below the line ';ANSWER'. It should show the
value(s) you've just added.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
Certbot failed to authenticate some domains (authenticator: manual). The Certificate Authority reported these problems:
Identifier: waitless-ex.com
Type: unauthorized
Detail: Incorrect TXT record "MYgJacjeSuGRZ9UxdhVlbvzfVut3fUWQnUeNj8EVykE" found at _acme-challenge.waitless-ex.com
Hint: The Certificate Authority failed to verify the manually created DNS TXT records. Ensure that you created these in the correct location, or try waiting longer for DNS propagation on the next attempt.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
[alma@wl-ex ~]$
[yama][10:17:56] ~% dig _acme-challenge.waitless-ex.com txt 26-04-01[yama05]
; <<>> DiG 9.18.30-0ubuntu0.20.04.2-Ubuntu <<>> _acme-challenge.waitless-ex.com txt
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15183
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;_acme-challenge.waitless-ex.com. IN TXT
;; ANSWER SECTION:
_acme-challenge.waitless-ex.com. 3600 IN TXT "B7RFudagTxRCe_LQdzQqbTLWp__ubQH-cK27wZYboGQ"
;; Query time: 59 msec
;; SERVER: 133.242.0.3#53(133.242.0.3) (UDP)
;; WHEN: Wed Apr 01 10:20:24 JST 2026
;; MSG SIZE rcvd: 116
[yama][10:20:24] ~%
[alma@wl-ex ~]$ sudo certbot certonly --manual --preferred-challenges dns --cert-name waitless-ex.com -d "waitless-ex.com" -d "*.waitless-ex.com"
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for waitless-ex.com and *.waitless-ex.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name:
_acme-challenge.waitless-ex.com.
with the following value:
B7RFudagTxRCe_LQdzQqbTLWp__ubQH-cK27wZYboGQ
Before continuing, verify the TXT record has been deployed. Depending on the DNS
provider, this may take some time, from a few seconds to multiple minutes. You can
check if it has finished deploying with aid of online tools, such as the Google
Admin Toolbox: https://toolbox.googleapps.com/apps/dig/#TXT/_acme-challenge.waitless-ex.com.
Look for one or more bolded line(s) below the line ';ANSWER'. It should show the
value(s) you've just added.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/waitless-ex.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/waitless-ex.com/privkey.pem
This certificate expires on 2026-06-30.
These files will be updated when the certificate renews.
NEXT STEPS:
- This certificate will not be renewed automatically. Autorenewal of --manual certificates requires the use of an authentication hook script (--manual-auth-hook) but one was not provided. To renew this certificate, repeat this same certbot command before the certificate's expiry date.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
[alma@wl-ex ~]$
[alma@wl-ex ~]$ sudo ls -al /etc/letsencrypt/live/waitless-ex.com/
total 12
drwxr-xr-x 2 root root 4096 Apr 1 10:26 .
drwx------ 3 root root 4096 Apr 1 10:26 ..
lrwxrwxrwx 1 root root 39 Apr 1 10:26 cert.pem -> ../../archive/waitless-ex.com/cert1.pem
lrwxrwxrwx 1 root root 40 Apr 1 10:26 chain.pem -> ../../archive/waitless-ex.com/chain1.pem
lrwxrwxrwx 1 root root 44 Apr 1 10:26 fullchain.pem -> ../../archive/waitless-ex.com/fullchain1.pem
lrwxrwxrwx 1 root root 42 Apr 1 10:26 privkey.pem -> ../../archive/waitless-ex.com/privkey1.pem
-rw-r--r-- 1 root root 692 Apr 1 10:26 README
[alma@wl-ex ~]$
ワイルドカードになっている
[alma@wl-ex ~]$ sudo certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
Certificate Name: waitless-ex.com
Serial Number: 56421ac714ada1ea931ecfefa6f7866a55d
Key Type: ECDSA
Identifiers: waitless-ex.com *.waitless-ex.com
Expiry Date: 2026-06-30 00:27:32+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/waitless-ex.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/waitless-ex.com/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
[alma@wl-ex ~]$
[alma@wl-ex ~]$ httpd -v
Server version: Apache/2.4.53 (AlmaLinux)
Server built: Jan 31 2023 00:00:00
[alma@wl-ex ~]$
SSLCertificateFile /etc/letsencrypt/live/waitless-ex.com/fullchain.pem
# SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/letsencrypt/live/waitless-ex.com/privkey.pem
# SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
ServerName jahirobyo.waitless-ex.com
# SSL証明書の設定
SSLEngine on
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
# SSLCertificateFile /etc/httpd/ssl/waitless-ex/certs/server.crt
# SSLCertificateKeyFile /etc/httpd/ssl/waitless-ex/certs/server.key
# SSLCACertificateFile /etc/httpd/ssl/waitless-ex/certs/ca.cer
SSLCertificateFile /etc/letsencrypt/live/waitless-ex.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/waitless-ex.com/privkey.pem
[yama][10:27:50] ~% dig _validation-contactemail.waitless-ex.com txt 26-04-01[yama05]
; <<>> DiG 9.18.30-0ubuntu0.20.04.2-Ubuntu <<>> _validation-contactemail.waitless-ex.com txt
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8267
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;_validation-contactemail.waitless-ex.com. IN TXT
;; ANSWER SECTION:
_validation-contactemail.waitless-ex.com. 3600 IN TXT "kimura@alion88.com"
;; Query time: 39 msec
;; SERVER: 133.242.0.3#53(133.242.0.3) (UDP)
;; WHEN: Wed Apr 01 11:56:02 JST 2026
;; MSG SIZE rcvd: 100
[yama][11:56:02] ~% dig _acme-challenge.waitless-ex.com txt 26-04-01[yama05]
; <<>> DiG 9.18.30-0ubuntu0.20.04.2-Ubuntu <<>> _acme-challenge.waitless-ex.com txt
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60266
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;_acme-challenge.waitless-ex.com. IN TXT
;; ANSWER SECTION:
_acme-challenge.waitless-ex.com. 3600 IN TXT "B7RFudagTxRCe_LQdzQqbTLWp__ubQH-cK27wZYboGQ"
;; Query time: 39 msec
;; SERVER: 133.242.0.3#53(133.242.0.3) (UDP)
;; WHEN: Wed Apr 01 11:56:17 JST 2026
;; MSG SIZE rcvd: 116
[yama][11:56:17] ~% 26-04-01[yama05]
SSLCertificateFile /etc/httpd/ssl/waitless-ex/certs/server.crt
SSLCertificateKeyFile /etc/httpd/ssl/waitless-ex/certs/server.key
SSLCACertificateFile /etc/httpd/ssl/waitless-ex/certs/ca.cer
SSLCertificateFile /etc/letsencrypt/live/waitless-ex.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/waitless-ex.com/privkey.pem
[alma@wl-ex ~]$ sudo vi /etc/httpd/conf.d/proxy/proxy-
proxy-hospyoshimura.conf
proxy-kobayashihousya.conf.bak X
proxy-obata-naika.conf
proxy-stcc.conf
proxy-jahirobyo.conf
proxy-matsuzawa.conf
proxy-seedsclinic.conf
最後のコマンドで通った
sudo certbot --apache --cert-name waitless-ex.com --domain waitless-ex.com --domain "*.waitless-ex.com"
sudo certbot --apache --cert-name waitless-ex.com --preferred-challenges dns --domain waitless-ex.com --domain "*.waitless-ex.com"
sudo certbot renew --force-renewal --cert-name waitless-ex.com --preferred-challenges dns --domain waitless-ex.com --domain "*.waitless-ex.com"
sudo certbot certonly --cert-name waitless-ex.com --preferred-challenges dns --domain "waitless-ex.com" --domain "*.waitless-ex.com"
sudo certbot certonly --manual --preferred-challenges dns --cert-name waitless-ex.com -d "waitless-ex.com" -d "*.waitless-ex.com"