Oracle Cloud環境
instance-20250419-1712
Always Free インスタンス(利用料無料の環境)
https://www.oracle.com/jp/cloud/
可用性ドメイン:AD-1
フォルト・ドメイン:FD-2
リージョン:ap-osaka-1
オペレーティング・システム:Oracle Linux 9
イメージ:Oracle-Linux-9.5-2025.03.18-0
シェイプ:VM.Standard.E2.1.Micro
OCPU数:1
ネットワーク帯域幅(Gbps):0.48
メモリー(GB):1
ローカル・ディスク:ブロック・ストレージのみ
事前準備
WebサーバーはNginxを利用。
以下手順でcertbot をインストールした。
[opc@instance-20250419-1712 ~]$ sudo dnf install epel-release -y
sudo dnf install dnf-plugins-core -y
Last metadata expiration check: 2:29:00 ago on Sun 20 Apr 2025 12:15:24 AM GMT.
Package oracle-epel-release-el9-1.0-1.el9.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
Last metadata expiration check: 2:29:33 ago on Sun 20 Apr 2025 12:15:24 AM GMT.
Package dnf-plugins-core-4.3.0-16.0.1.el9.noarch is already installed.
Dependencies resolved.
Nothing to do.
Complete!
[opc@instance-20250419-1712 ~]$ sudo dnf repolist all | grep epel
dl.fedoraproject.org_pub_epel_9_Everything_x86_64_ created by dnf confi enabled
[opc@instance-20250419-1712 ~]$ sudo dnf clean all
sudo dnf makecache
sudo dnf search certbot
52 files removed
created by dnf config-manager from https://dl.fedoraproject.org/pub/epel/9/Everything/x86_64/ 2.7 MB/s | 23 MB 00:08
[opc@instance-20250419-1712 ~]$ sudo dnf install epel-release -y
sudo dnf install dnf-plugins-core -y
Last metadata expiration check: 2:29:00 ago on Sun 20 Apr 2025 12:15:24 AM GMT.
Package oracle-epel-release-el9-1.0-1.el9.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
Last metadata expiration check: 2:29:33 ago on Sun 20 Apr 2025 12:15:24 AM GMT.
Package dnf-plugins-core-4.3.0-16.0.1.el9.noarch is already installed.
Dependencies resolved.
Nothing to do.
Complete!
Ksplice for Oracle Linux 9 (x86_64) 9.5 MB/s | 4.3 MB 00:00
nginx repo 76 kB/s | 113 kB 00:01
Oracle Linux 9 OCI Included Packages (x86_64) 38 MB/s | 152 MB 00:03
Oracle Linux 9 BaseOS Latest (x86_64) 24 MB/s | 58 MB 00:02
Oracle Linux 9 Application Stream Packages (x86_64) 27 MB/s | 54 MB 00:02
Oracle Linux 9 Addons (x86_64) 1.9 MB/s | 673 kB 00:00
Oracle Linux 9 UEK Release 7 (x86_64) 28 MB/s | 63 MB 00:02
Last metadata expiration check: 0:00:01 ago on Sun 20 Apr 2025 03:01:47 AM GMT.
Metadata cache created.
Last metadata expiration check: 0:01:33 ago on Sun 20 Apr 2025 03:01:47 AM GMT.
=================================================== Name Exactly Matched: certbot ===================================================
certbot.noarch : A free, automated certificate authority client
================================================== Name & Summary Matched: certbot ==================================================
python-certbot-dns-cloudxns-doc.noarch : certbot-dns-cloudxns documentation
python-certbot-dns-dnsimple-doc.noarch : certbot-dns-dnsimple documentation
python3-certbot.noarch : Python 3 libraries used by certbot
python3-certbot-apache.noarch : The apache plugin for certbot
python3-certbot-dns-cloudflare.noarch : certbot-dns-cloudflare plugin for certbot
python3-certbot-dns-cloudxns.noarch : CloudXNS DNS Authenticator plugin for Certbot
python3-certbot-dns-digitalocean.noarch : certbot-dns-digitalocean plugin for certbot
python3-certbot-dns-dnsimple.noarch : certbot-dns-dnsimple plugin for certbot
python3-certbot-dns-dnsmadeeasy.noarch : certbot-dns-dnsmadeeasy plugin for certbot
python3-certbot-dns-gehirn.noarch : certbot-dns-gehirn plugin for certbot
python3-certbot-dns-linode.noarch : certbot-dns-linode plugin for certbot
python3-certbot-dns-luadns.noarch : certbot-dns-luadns plugin for certbot
python3-certbot-dns-nsone.noarch : certbot-dns-nsone plugin for certbot
python3-certbot-dns-ovh.noarch : certbot-dns-ovh plugin for certbot
python3-certbot-dns-rfc2136.noarch : certbot-dns-rfc2136 plugin for certbot
python3-certbot-dns-route53.noarch : certbot-dns-route53 plugin for certbot
python3-certbot-dns-sakuracloud.noarch : certbot-dns-sakuracloud plugin for certbot
python3-certbot-nginx.noarch : The nginx plugin for certbot
[opc@instance-20250419-1712 ~]$ sudo dnf install dnf-plugins-core -y
Last metadata expiration check: 0:02:27 ago on Sun 20 Apr 2025 03:01:47 AM GMT.
Package dnf-plugins-core-4.3.0-16.0.1.el9.noarch is already installed.
Dependencies resolved.
Nothing to do.
Complete!
Ksplice for Oracle Linux 9 (x86_64) 9.5 MB/s | 4.3 MB 00:00
nginx repo 76 kB/s | 113 kB 00:01
Oracle Linux 9 OCI Included Packages (x86_64) 38 MB/s | 152 MB 00:03
Oracle Linux 9 BaseOS Latest (x86_64) 24 MB/s | 58 MB 00:02
Oracle Linux 9 Application Stream Packages (x86_64) 27 MB/s | 54 MB 00:02
Oracle Linux 9 Addons (x86_64) 1.9 MB/s | 673 kB 00:00
Oracle Linux 9 UEK Release 7 (x86_64) 28 MB/s | 63 MB 00:02
Last metadata expiration check: 0:00:01 ago on Sun 20 Apr 2025 03:01:47 AM GMT.
Metadata cache created.
Last metadata expiration check: 0:01:33 ago on Sun 20 Apr 2025 03:01:47 AM GMT.
=================================================== Name Exactly Matched: certbot ===================================================
certbot.noarch : A free, automated certificate authority client
================================================== Name & Summary Matched: certbot ==================================================
python-certbot-dns-cloudxns-doc.noarch : certbot-dns-cloudxns documentation
python-certbot-dns-dnsimple-doc.noarch : certbot-dns-dnsimple documentation
python3-certbot.noarch : Python 3 libraries used by certbot
python3-certbot-apache.noarch : The apache plugin for certbot
python3-certbot-dns-cloudflare.noarch : certbot-dns-cloudflare plugin for certbot
python3-certbot-dns-cloudxns.noarch : CloudXNS DNS Authenticator plugin for Certbot
python3-certbot-dns-digitalocean.noarch : certbot-dns-digitalocean plugin for certbot
python3-certbot-dns-dnsimple.noarch : certbot-dns-dnsimple plugin for certbot
python3-certbot-dns-dnsmadeeasy.noarch : certbot-dns-dnsmadeeasy plugin for certbot
python3-certbot-dns-gehirn.noarch : certbot-dns-gehirn plugin for certbot
python3-certbot-dns-linode.noarch : certbot-dns-linode plugin for certbot
python3-certbot-dns-luadns.noarch : certbot-dns-luadns plugin for certbot
python3-certbot-dns-nsone.noarch : certbot-dns-nsone plugin for certbot
python3-certbot-dns-ovh.noarch : certbot-dns-ovh plugin for certbot
python3-certbot-dns-rfc2136.noarch : certbot-dns-rfc2136 plugin for certbot
python3-certbot-dns-route53.noarch : certbot-dns-route53 plugin for certbot
python3-certbot-dns-sakuracloud.noarch : certbot-dns-sakuracloud plugin for certbot
python3-certbot-nginx.noarch : The nginx plugin for certbot
[opc@instance-20250419-1712 ~]$ sudo dnf install dnf-plugins-core -y
Last metadata expiration check: 0:02:27 ago on Sun 20 Apr 2025 03:01:47 AM GMT.
Package dnf-plugins-core-4.3.0-16.0.1.el9.noarch is already installed.
Dependencies resolved.
[opc@instance-20250419-1712 ~]$ sudo dnf install certbot python3-certbot-nginx -y
Last metadata expiration check: 1:14:40 ago on Sun 20 Apr 2025 03:33:26 AM GMT.
Dependencies resolved.
=====================================================================================================================================
Package Architecture Version Repository Size
=====================================================================================================================================
Installing:
certbot noarch 3.1.0-1.el9 dl.fedoraproject.org_pub_epel_9_Everything_x86_64_ 49 k
python3-certbot-nginx noarch 3.1.0-1.el9 dl.fedoraproject.org_pub_epel_9_Everything_x86_64_ 156 k
Installing dependencies:
fontawesome-fonts noarch 1:4.7.0-13.el9 ol9_appstream 205 k
python3-acme noarch 3.1.0-1.el9 dl.fedoraproject.org_pub_epel_9_Everything_x86_64_ 159 k
python3-certbot noarch 3.1.0-1.el9 dl.fedoraproject.org_pub_epel_9_Everything_x86_64_ 683 k
python3-configargparse noarch 1.7-1.el9 dl.fedoraproject.org_pub_epel_9_Everything_x86_64_ 45 k
python3-importlib-metadata noarch 4.12.0-2.el9 dl.fedoraproject.org_pub_epel_9_Everything_x86_64_ 43 k
python3-josepy noarch 1.14.0-1.el9 dl.fedoraproject.org_pub_epel_9_Everything_x86_64_ 59 k
python3-parsedatetime noarch 2.6-5.el9 dl.fedoraproject.org_pub_epel_9_Everything_x86_64_ 79 k
python3-pyrfc3339 noarch 1.1-11.el9 dl.fedoraproject.org_pub_epel_9_Everything_x86_64_ 18 k
python3-zipp noarch 3.20.1-2.el9 dl.fedoraproject.org_pub_epel_9_Everything_x86_64_ 26 k
Installing weak dependencies:
python-josepy-doc noarch 1.14.0-1.el9 dl.fedoraproject.org_pub_epel_9_Everything_x86_64_ 14 k
Transaction Summary
=====================================================================================================================================
Install 12 Packages
Total download size: 1.5 M
Installed size: 6.0 M
Downloading Packages:
(1/12): python-josepy-doc-1.14.0-1.el9.noarch.rpm 12 kB/s | 14 kB 00:01
(2/12): certbot-3.1.0-1.el9.noarch.rpm 38 kB/s | 49 kB 00:01
(3/12): python3-acme-3.1.0-1.el9.noarch.rpm 102 kB/s | 159 kB 00:01
(4/12): python3-configargparse-1.7-1.el9.noarch.rpm 268 kB/s | 45 kB 00:00
(5/12): python3-importlib-metadata-4.12.0-2.el9.noarch.rpm 253 kB/s | 43 kB 00:00
(6/12): python3-certbot-nginx-3.1.0-1.el9.noarch.rpm 232 kB/s | 156 kB 00:00
(7/12): python3-parsedatetime-2.6-5.el9.noarch.rpm 456 kB/s | 79 kB 00:00
(8/12): python3-josepy-1.14.0-1.el9.noarch.rpm 179 kB/s | 59 kB 00:00
(9/12): python3-pyrfc3339-1.1-11.el9.noarch.rpm 101 kB/s | 18 kB 00:00
(10/12): python3-zipp-3.20.1-2.el9.noarch.rpm 154 kB/s | 26 kB 00:00
(11/12): fontawesome-fonts-4.7.0-13.el9.noarch.rpm 1.7 MB/s | 205 kB 00:00
(12/12): python3-certbot-3.1.0-1.el9.noarch.rpm 306 kB/s | 683 kB 00:02
-------------------------------------------------------------------------------------------------------------------------------------
Total 450 kB/s | 1.5 MB 00:03
Public key for certbot-3.1.0-1.el9.noarch.rpm is not installed
Public key for python-josepy-doc-1.14.0-1.el9.noarch.rpm is not installed
Public key for python3-acme-3.1.0-1.el9.noarch.rpm is not installed
Public key for python3-certbot-3.1.0-1.el9.noarch.rpm is not installed
Public key for python3-certbot-nginx-3.1.0-1.el9.noarch.rpm is not installed
Public key for python3-configargparse-1.7-1.el9.noarch.rpm is not installed
Public key for python3-importlib-metadata-4.12.0-2.el9.noarch.rpm is not installed
Public key for python3-josepy-1.14.0-1.el9.noarch.rpm is not installed
Public key for python3-parsedatetime-2.6-5.el9.noarch.rpm is not installed
Public key for python3-pyrfc3339-1.1-11.el9.noarch.rpm is not installed
Public key for python3-zipp-3.20.1-2.el9.noarch.rpm is not installed
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'dnf clean packages'.
Error: GPG check FAILED
[opc@instance-20250419-1712 ~]$ sudo dnf install certbot python3-certbot-nginx -y
Last metadata expiration check: 1:14:40 ago on Sun 20 Apr 2025 03:33:26 AM GMT.
Dependencies resolved.
=====================================================================================================================================
Package Architecture Version Repository Size
=====================================================================================================================================
Installing:
certbot noarch 3.1.0-1.el9 dl.fedoraproject.org_pub_epel_9_Everything_x86_64_ 49 k
python3-certbot-nginx noarch 3.1.0-1.el9 dl.fedoraproject.org_pub_epel_9_Everything_x86_64_ 156 k
Installing dependencies:
fontawesome-fonts noarch 1:4.7.0-13.el9 ol9_appstream 205 k
python3-acme noarch 3.1.0-1.el9 dl.fedoraproject.org_pub_epel_9_Everything_x86_64_ 159 k
python3-certbot noarch 3.1.0-1.el9 dl.fedoraproject.org_pub_epel_9_Everything_x86_64_ 683 k
python3-configargparse noarch 1.7-1.el9 dl.fedoraproject.org_pub_epel_9_Everything_x86_64_ 45 k
python3-importlib-metadata noarch 4.12.0-2.el9 dl.fedoraproject.org_pub_epel_9_Everything_x86_64_ 43 k
python3-josepy noarch 1.14.0-1.el9 dl.fedoraproject.org_pub_epel_9_Everything_x86_64_ 59 k
python3-parsedatetime noarch 2.6-5.el9 dl.fedoraproject.org_pub_epel_9_Everything_x86_64_ 79 k
python3-pyrfc3339 noarch 1.1-11.el9 dl.fedoraproject.org_pub_epel_9_Everything_x86_64_ 18 k
python3-zipp noarch 3.20.1-2.el9 dl.fedoraproject.org_pub_epel_9_Everything_x86_64_ 26 k
Installing weak dependencies:
python-josepy-doc noarch 1.14.0-1.el9 dl.fedoraproject.org_pub_epel_9_Everything_x86_64_ 14 k
Transaction Summary
=====================================================================================================================================
Install 12 Packages
Total download size: 1.5 M
Installed size: 6.0 M
Downloading Packages:
(1/12): python-josepy-doc-1.14.0-1.el9.noarch.rpm 12 kB/s | 14 kB 00:01
(2/12): certbot-3.1.0-1.el9.noarch.rpm 38 kB/s | 49 kB 00:01
(3/12): python3-acme-3.1.0-1.el9.noarch.rpm 102 kB/s | 159 kB 00:01
(4/12): python3-configargparse-1.7-1.el9.noarch.rpm 268 kB/s | 45 kB 00:00
(5/12): python3-importlib-metadata-4.12.0-2.el9.noarch.rpm 253 kB/s | 43 kB 00:00
(6/12): python3-certbot-nginx-3.1.0-1.el9.noarch.rpm 232 kB/s | 156 kB 00:00
(7/12): python3-parsedatetime-2.6-5.el9.noarch.rpm 456 kB/s | 79 kB 00:00
(8/12): python3-josepy-1.14.0-1.el9.noarch.rpm 179 kB/s | 59 kB 00:00
(9/12): python3-pyrfc3339-1.1-11.el9.noarch.rpm 101 kB/s | 18 kB 00:00
(10/12): python3-zipp-3.20.1-2.el9.noarch.rpm 154 kB/s | 26 kB 00:00
(11/12): fontawesome-fonts-4.7.0-13.el9.noarch.rpm 1.7 MB/s | 205 kB 00:00
(12/12): python3-certbot-3.1.0-1.el9.noarch.rpm 306 kB/s | 683 kB 00:02
-------------------------------------------------Last metadata expiration check: 1:41:25 ago on Sun 20 Apr 2025 03:33:26 AM GMT.
=================================================== Name Exactly Matched: certbot ===================================================
certbot.noarch : A free, automated certificate authority client
================================================== Name & Summary Matched: certbot ==================================================
python-certbot-dns-cloudxns-doc.noarch : certbot-dns-cloudxns documentation
python-certbot-dns-dnsimple-doc.noarch : certbot-dns-dnsimple documentation
python3-certbot.noarch : Python 3 libraries used by certbot
python3-certbot-apache.noarch : The apache plugin for certbot
python3-certbot-dns-cloudflare.noarch : certbot-dns-cloudflare plugin for certbot
python3-certbot-dns-cloudxns.noarch : CloudXNS DNS Authenticator plugin for Certbot
python3-certbot-dns-digitalocean.noarch : certbot-dns-digitalocean plugin for certbot
python3-certbot-dns-dnsimple.noarch : certbot-dns-dnsimple plugin for certbot
python3-certbot-dns-dnsmadeeasy.noarch : certbot-dns-dnsmadeeasy plugin for certbot
python3-certbot-dns-gehirn.noarch : certbot-dns-gehirn plugin for certbot
python3-certbot-dns-linode.noarch : certbot-dns-linode plugin for certbot
python3-certbot-dns-luadns.noarch : certbot-dns-luadns plugin for certbot
python3-certbot-dns-nsone.noarch : certbot-dns-nsone plugin for certbot
python3-certbot-dns-ovh.noarch : certbot-dns-ovh plugin for certbot
python3-certbot-dns-rfc2136.noarch : certbot-dns-rfc2136 plugin for certbot
python3-certbot-dns-route53.noarch : certbot-dns-route53 plugin for certbot
python3-certbot-dns-sakuracloud.noarch : certbot-dns-sakuracloud plugin for certbot
python3-certbot-nginx.noarch : The nginx plugin for certbot
[opc@instance-20250419-1712 ~]$ sudo rpm --import https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-9
[opc@instance-20250419-1712 ~]$ sudo dnf install certbot python3-certbot-nginx -y
Last metadata expiration check: 1:43:14 ago on Sun 20 Apr 2025 03:33:26 AM GMT.
Dependencies resolved.
=====================================================================================================================================
Package Architecture Version Repository Size
=====================================================================================================================================
Installing:
certbot noarch 3.1.0-1.el9 dl.fedoraproject.org_pub_epel_9_Everything_x86_64_ 49 k
python3-certbot-nginx noarch 3.1.0-1.el9 dl.fedoraproject.org_pub_epel_9_Everything_x86_64_ 156 k
Installing dependencies:
fontawesome-fonts noarch 1:4.7.0-13.el9 ol9_appstream 205 k
python3-acme noarch 3.1.0-1.el9 dl.fedoraproject.org_pub_epel_9_Everything_x86_64_ 159 k
python3-certbot noarch 3.1.0-1.el9 dl.fedoraproject.org_pub_epel_9_Everything_x86_64_ 683 k
python3-configargparse noarch 1.7-1.el9 dl.fedoraproject.org_pub_epel_9_Everything_x86_64_ 45 k
python3-importlib-metadata noarch 4.12.0-2.el9 dl.fedoraproject.org_pub_epel_9_Everything_x86_64_ 43 k
python3-josepy noarch 1.14.0-1.el9 dl.fedoraproject.org_pub_epel_9_Everything_x86_64_ 59 k
python3-parsedatetime noarch 2.6-5.el9 dl.fedoraproject.org_pub_epel_9_Everything_x86_64_ 79 k
python3-pyrfc3339 noarch 1.1-11.el9 dl.fedoraproject.org_pub_epel_9_Everything_x86_64_ 18 k
python3-zipp noarch 3.20.1-2.el9 dl.fedoraproject.org_pub_epel_9_Everything_x86_64_ 26 k
Installing weak dependencies:
python-josepy-doc noarch 1.14.0-1.el9 dl.fedoraproject.org_pub_epel_9_Everything_x86_64_ 14 k
Transaction Summary
=====================================================================================================================================
Install 12 Packages
[opc@instance-20250419-1712 ~]$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[opc@instance-20250419-1712 ~]$ [opc@instance-20250419-1712 ~]$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful証明書発行プロセス
証明書発行プロセスの解説。
- Certbot の起動
- 05:18:50: Certbot 3.1.0 を
/bin/certbotから起動 - 使用引数:
--nginx - 利用可能なプラグイン:
manual,nginx,null,standalone,webroot - 認証器およびインストーラに
nginxを選択
- 05:18:50: Certbot 3.1.0 を
- Let’s Encrypt の ACME エンドポイントへアクセス
- 05:20:05: ACME directory に GET リクエスト送信
- レスポンスとして 200 OK を受信
- 各種エンドポイント情報(新しいアカウント、新しいオーダーなど)を取得
- 新しい Nonce を取得
- 05:20:12:
/acme/new-nonceに HEAD リクエスト送信 Replay-Nonceを取得
- 05:20:12:
- アカウント登録
- 05:20:12: 新しいアカウント作成リクエスト送信(contact: ToS 同意)
- 05:20:12:
POST /acme/new-acctで 201 Created を受信し、アカウント登録成功 - アカウント ID: 2351510427
- Certbot がアカウントを使用
- 05:20:17: 作成したアカウントを選択
- 05:20:17: 無効な文字
_によりエラー発生(ドメイン名に使用不可の文字が含まれる)
- サーバー名
xxxxx.example.comに対する証明書要求- 05:20:37: ドメイン
xxxxx.example.comに対して新しい証明書オーダーを開始 POST /acme/new-orderリクエストを送信
- 05:20:37: ドメイン
- ACMEサーバーとの通信開始
- 05:20:39: ACMEクライアント(Certbot)が、
https://acme-v02.api.letsencrypt.org/acme/chall/2351510427/508302394397/xHE8QQというURLにPOSTリクエストを送信。リクエストのペイロードは空。
- 05:20:39: ACMEクライアント(Certbot)が、
- 証明書要求の検証処理
- 05:20:39: サーバーがリクエストを受け取り、HTTP 200 OKレスポンスを返す。レスポンスには証明書の検証状況が含まれ、
status: pendingが返される。
- 05:20:39: サーバーがリクエストを受け取り、HTTP 200 OKレスポンスを返す。レスポンスには証明書の検証状況が含まれ、
- 検証用トークンの取得
- 05:20:40: Certbotはサーバーに再度POSTリクエストを送信し、証明書の検証を進める。リクエストにもペイロードは含まれていない。
- HTTP-01検証トークンの確認
- 05:20:40: サーバーからのレスポンスで、
status: pendingという状態が維持され、検証がまだ行われていないことがわかる。 - IPアドレス 推定リージョン / クラウドプロバイダ
(Baseline Requirementsが要求しているMulti-Perspective Issuance Corroborationにおいて、Primary Network Perspectiveが1か所、remote Network Perspectivesが4か所であることが分かる。2026年12月15日までに求めているremote Network Perspectives5か所は満たされていない模様)23.178.112.214Cloudflare, Inc.が所有するIPアドレス47.129.143.3AWS(シンガポール:ap-southeast-1)54.213.33.241AWS(米国オレゴン州ボードマン:us-west-2)3.149.6.234AWS(米国オハイオ州ヒリアード)13.60.209.235AWS(米国オハイオ州:us-east-2) - 23.178.112.214 – – [20/Apr/2025:05:20:39 +0000] “GET /.well-known/acme-challenge/3ahf-MSSBNFe8tN8fRvHHPyi-hINh3mGHJO7iBblSrc HTTP/1.1” 200 87 “-” “Mozilla/5.0 (compatible; Let’s Encrypt validation server; +https://www.letsencrypt.org)” “-“
- 47.129.143.3 – – [20/Apr/2025:05:20:39 +0000] “GET /.well-known/acme-challenge/3ahf-MSSBNFe8tN8fRvHHPyi-hINh3mGHJO7iBblSrc HTTP/1.1” 200 87 “-” “Mozilla/5.0 (compatible; Let’s Encrypt validation server; +https://www.letsencrypt.org)” “-“
- 54.213.33.241 – – [20/Apr/2025:05:20:39 +0000] “GET /.well-known/acme-challenge/3ahf-MSSBNFe8tN8fRvHHPyi-hINh3mGHJO7iBblSrc HTTP/1.1” 200 87 “-” “Mozilla/5.0 (compatible; Let’s Encrypt validation server; +https://www.letsencrypt.org)” “-“
- 3.149.6.234 – – [20/Apr/2025:05:20:40 +0000] “GET /.well-known/acme-challenge/3ahf-MSSBNFe8tN8fRvHHPyi-hINh3mGHJO7iBblSrc HTTP/1.1” 200 87 “-” “Mozilla/5.0 (compatible; Let’s Encrypt validation server; +https://www.letsencrypt.org)” “-“
- 13.60.209.235 – – [20/Apr/2025:05:20:40 +0000] “GET /.well-known/acme-challenge/3ahf-MSSBNFe8tN8fRvHHPyi-hINh3mGHJO7iBblSrc HTTP/1.1” 200 87 “-” “Mozilla/5.0 (compatible; Let’s Encrypt validation server; +https://www.letsencrypt.org)” “-“
- 05:20:40: サーバーからのレスポンスで、
- 検証用トークンの反復処理
- 05:20:43: 再度、CertbotはPOSTリクエストを送信し、検証結果の進捗を確認。この段階で、HTTP-01チャレンジが
valid(有効)として認識され、検証が成功したことが記録される。
- 05:20:43: 再度、CertbotはPOSTリクエストを送信し、検証結果の進捗を確認。この段階で、HTTP-01チャレンジが
- 証明書署名要求(CSR)の送信
- 05:20:44: Certbotは証明書署名要求(CSR)をLet’s Encryptに送信。CSRには証明書に関する情報が含まれており、これに基づいて証明書が発行される。
- 証明書発行完了
- 05:20:44: 最後に、Certbotは
finalizeエンドポイントにリクエストを送り、証明書の発行プロセスが完了。
- 05:20:44: 最後に、Certbotは
- CTログサーバーに Precertificate を登録
- 05:20:45: Precertificate が以下のログサーバーに登録される
- CTログサーバーに Leaf certificate を登録
- 05:20:45: Leaf certificate が以下のログサーバーに登録される
- 証明書のデプロイ(Nginxの設定で未設定だった部分を対応後に実施)
- 05:26:55: Nginx 設定ファイル(
/etc/nginx/conf.d/xxxxx.conf)に証明書をデプロイ - 05:26:56: HTTP から HTTPS へのリダイレクト設定を追加
- 05:26:55: Nginx 設定ファイル(
- 証明書の適用完了
- 05:26:57:
https://xxxxx.example.comで HTTPS が有効になったことを確認 - 05:26:58: EFF メーリングリストにサブスクライブするためのリクエストを送信
- 05:26:58: サブスクライブ成功の確認メッセージを受信
- 05:26:57:
/var/log/letsencrypt/letsencrypt.log
[opc@instance-20250419-1712 conf.d]$ cat /var/log/letsencrypt/letsencrypt.log
2025-04-20 05:18:50,898:DEBUG:certbot._internal.main:certbot version: 3.1.0
2025-04-20 05:18:50,899:DEBUG:certbot._internal.main:Location of certbot entry point: /bin/certbot
2025-04-20 05:18:50,899:DEBUG:certbot._internal.main:Arguments: ['--nginx']
2025-04-20 05:18:50,899:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2025-04-20 05:18:50,914:DEBUG:certbot._internal.log:Root logging level set at 30
2025-04-20 05:18:50,919:DEBUG:certbot._internal.plugins.selection:Requested authenticator nginx and installer nginx
2025-04-20 05:18:51,209:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * nginx
Description: Nginx Web Server plugin
Interfaces: Authenticator, Installer, Plugin
Entry point: EntryPoint(name='nginx', value='certbot_nginx._internal.configurator:NginxConfigurator', group='certbot.plugins')
Initialized: <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7f7fdba75310>
Prep: True
2025-04-20 05:18:51,210:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7f7fdba75310> and installer <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7f7fdba75310>
2025-04-20 05:18:51,210:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator nginx, Installer nginx
2025-04-20 05:20:05,919:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2025-04-20 05:20:05,926:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2025-04-20 05:20:06,408:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 1042
2025-04-20 05:20:06,409:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 20 Apr 2025 05:20:06 GMT
Content-Type: application/json
Content-Length: 1042
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"csK6qj-lVvY": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"profiles": {
"classic": "https://letsencrypt.org/docs/profiles#classic",
"shortlived": "https://letsencrypt.org/docs/profiles#shortlived (not yet generally available)",
"tlsserver": "https://letsencrypt.org/docs/profiles#tlsserver (not yet generally available)"
},
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-03/renewalInfo",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2025-04-20 05:20:12,270:DEBUG:acme.client:Requesting fresh nonce
2025-04-20 05:20:12,270:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2025-04-20 05:20:12,403:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2025-04-20 05:20:12,403:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 20 Apr 2025 05:20:12 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: y-2E8Cztz3iyhic2OrST8zE2rl5AmB_SmdCcej26l7DeGezUJSY
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
2025-04-20 05:20:12,404:DEBUG:acme.client:Storing nonce: y-2E8Cztz3iyhic2OrST8zE2rl5AmB_SmdCcej26l7DeGezUJSY
2025-04-20 05:20:12,404:DEBUG:acme.client:JWS payload:
b'{\n "contact": [\n "mailto:xxxxxx@gmail.com"\n ],\n "termsOfServiceAgreed": true\n}'
2025-04-20 05:20:12,407:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-acct:
{
"protected": "省略",
"signature": "省略",
"payload": "省略"
}
2025-04-20 05:20:12,623:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-acct HTTP/1.1" 201 527
2025-04-20 05:20:12,624:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Sun, 20 Apr 2025 05:20:12 GMT
Content-Type: application/json
Content-Length: 527
Connection: keep-alive
Boulder-Requester: 2351510427
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf>;rel="terms-of-service"
Location: https://acme-v02.api.letsencrypt.org/acme/acct/2351510427
Replay-Nonce: y-2E8Czti6LRJY5H7teWyAEQxiIlStpEU8QXpwqYTu4pt0OUd2Q
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"key": {
"kty": "RSA",
"n": "省略",
"e": "AQAB"
},
"contact": [
"mailto:xxxxxx@gmail.com"
],
"createdAt": "2025-04-20T05:20:12.52884458Z",
"status": "valid"
}
2025-04-20 05:20:12,624:DEBUG:acme.client:Storing nonce: y-2E8Czti6LRJY5H7teWyAEQxiIlStpEU8QXpwqYTu4pt0OUd2Q
2025-04-20 05:20:17,956:DEBUG:certbot._internal.display.obj:Notifying user: Account registered.
2025-04-20 05:20:17,957:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x7f7fdb67c3d0>)>), contact=('mailto:xxxxxx@gmail.com',), agreement=None, status='valid', terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/2351510427', new_authzr_uri=None, terms_of_service='https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf'), 5ca94fad79f02a535d8c2a2e034a0eb6, Meta(creation_dt=datetime.datetime(2025, 4, 20, 5, 20, 12, tzinfo=<UTC>), creation_host='instance-20250419-1712.subnet省略.vcn省略.oraclevcn.com', register_to_eff='xxxxxx@gmail.com'))>
2025-04-20 05:20:17,959:DEBUG:certbot.util:Not suggesting name "_"
Traceback (most recent call last):
File "/usr/lib/python3.9/site-packages/certbot/util.py", line 389, in get_filtered_names
filtered_names.add(enforce_le_validity(name))
File "/usr/lib/python3.9/site-packages/certbot/util.py", line 579, in enforce_le_validity
raise errors.ConfigurationError(
certbot.errors.ConfigurationError: _ contains an invalid character. Valid characters are A-Z, a-z, 0-9, ., and -.
2025-04-20 05:20:37,629:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for xxxxx.example.com
2025-04-20 05:20:37,631:DEBUG:acme.client:JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "xxxxx.example.com"\n }\n ]\n}'
2025-04-20 05:20:37,633:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "省略",
"signature": "省略",
"payload": "省略"
}
2025-04-20 05:20:37,898:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 353
2025-04-20 05:20:37,899:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Sun, 20 Apr 2025 05:20:37 GMT
Content-Type: application/json
Content-Length: 353
Connection: keep-alive
Boulder-Requester: 2351510427
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/2351510427/376000173727
Replay-Nonce: y-2E8Czt7O_y6OP8CfVUtmmzuvpzxKFHaRGht3ZFpGpg1DrUDas
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"status": "pending",
"expires": "2025-04-27T05:20:37Z",
"identifiers": [
{
"type": "dns",
"value": "xxxxx.example.com"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz/2351510427/508302394397"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/2351510427/376000173727"
}
2025-04-20 05:20:37,899:DEBUG:acme.client:Storing nonce: y-2E8Czt7O_y6OP8CfVUtmmzuvpzxKFHaRGht3ZFpGpg1DrUDas
2025-04-20 05:20:37,900:DEBUG:acme.client:JWS payload:
b''
2025-04-20 05:20:37,902:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/2351510427/508302394397:
{
"protected": "省略",
"signature": "省略",
"payload": ""
}
2025-04-20 05:20:38,047:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/2351510427/508302394397 HTTP/1.1" 200 827
2025-04-20 05:20:38,047:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 20 Apr 2025 05:20:37 GMT
Content-Type: application/json
Content-Length: 827
Connection: keep-alive
Boulder-Requester: 2351510427
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: JYccJeq-WexPVjOj90UTOIQ18rOPaWfDsuH2oJuZBPs8YR_iIN8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "xxxxx.example.com"
},
"status": "pending",
"expires": "2025-04-27T05:20:37Z",
"challenges": [
{
"type": "http-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/2351510427/508302394397/xHE8QQ",
"status": "pending",
"token": "3ahf-MSSBNFe8tN8fRvHHPyi-hINh3mGHJO7iBblSrc"
},
{
"type": "dns-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/2351510427/508302394397/zvhfZw",
"status": "pending",
"token": "3ahf-MSSBNFe8tN8fRvHHPyi-hINh3mGHJO7iBblSrc"
},
{
"type": "tls-alpn-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/2351510427/508302394397/e1QfhA",
"status": "pending",
"token": "3ahf-MSSBNFe8tN8fRvHHPyi-hINh3mGHJO7iBblSrc"
}
]
}
2025-04-20 05:20:38,048:DEBUG:acme.client:Storing nonce: JYccJeq-WexPVjOj90UTOIQ18rOPaWfDsuH2oJuZBPs8YR_iIN8
2025-04-20 05:20:38,048:INFO:certbot._internal.auth_handler:Performing the following challenges:
2025-04-20 05:20:38,048:INFO:certbot._internal.auth_handler:http-01 challenge for xxxxx.example.com
2025-04-20 05:20:38,053:DEBUG:certbot_nginx._internal.http_01:Using default addresses 80 and [::]:80 ipv6only=on for authentication.
2025-04-20 05:20:38,054:DEBUG:certbot_nginx._internal.http_01:Generated server block:
[[['server'], [['listen', '80'], ['listen', '[::]:80'], ['server_name', 'xxxxx.example.com'], ['root', '/var/lib/letsencrypt/http_01_nonexistent'], [['location', '=', '/.well-known/acme-challenge/3ahf-MSSBNFe8tN8fRvHHPyi-hINh3mGHJO7iBblSrc'], [['default_type', 'text/plain'], ['return', '200', '3ahf-MSSBNFe8tN8fRvHHPyi-hINh3mGHJO7iBblSrc.sCfgljfXeZjjwZ0RXigjEFs1b_DMNK9yvuKyJXd61L0']]]]]]
2025-04-20 05:20:38,055:DEBUG:certbot.reverter:Creating backup of /etc/nginx/nginx.conf
2025-04-20 05:20:38,056:DEBUG:certbot.reverter:Creating backup of /etc/nginx/mime.types
2025-04-20 05:20:38,057:DEBUG:certbot_nginx._internal.parser:Writing nginx conf tree to /etc/nginx/nginx.conf:
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
server_names_hash_bucket_size 128;
include /etc/letsencrypt/le_http_01_cert_challenge.conf;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 4096;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
listen 80;
listen [::]:80;
server_name _;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
error_page 404 /404.html;
location = /404.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
# Settings for a TLS enabled server.
#
# server {
# listen 443 ssl http2;
# listen [::]:443 ssl http2;
# server_name _;
# root /usr/share/nginx/html;
#
# ssl_certificate "/etc/pki/nginx/server.crt";
# ssl_certificate_key "/etc/pki/nginx/private/server.key";
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 10m;
# ssl_ciphers PROFILE=SYSTEM;
# ssl_prefer_server_ciphers on;
#
# # Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
#
# error_page 404 /404.html;
# location = /40x.html {
# }
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# }
# }
}
2025-04-20 05:20:39,070:DEBUG:acme.client:JWS payload:
b'{}'
2025-04-20 05:20:39,073:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall/2351510427/508302394397/xHE8QQ:
{
"protected": 省略",
"signature": "省略",
"payload": "e30"
}
2025-04-20 05:20:39,231:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall/2351510427/508302394397/xHE8QQ HTTP/1.1" 200 195
2025-04-20 05:20:39,231:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 20 Apr 2025 05:20:39 GMT
Content-Type: application/json
Content-Length: 195
Connection: keep-alive
Boulder-Requester: 2351510427
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz/2351510427/508302394397>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall/2351510427/508302394397/xHE8QQ
Replay-Nonce: JYccJeq-1RbWIAh0v1ZcZN4BZOGEqSHSYG_rcZsA5jhYhFouzXU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"type": "http-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/2351510427/508302394397/xHE8QQ",
"status": "pending",
"token": "3ahf-MSSBNFe8tN8fRvHHPyi-hINh3mGHJO7iBblSrc"
}
2025-04-20 05:20:39,231:DEBUG:acme.client:Storing nonce: JYccJeq-1RbWIAh0v1ZcZN4BZOGEqSHSYG_rcZsA5jhYhFouzXU
2025-04-20 05:20:39,232:INFO:certbot._internal.auth_handler:Waiting for verification...
2025-04-20 05:20:40,233:DEBUG:acme.client:JWS payload:
b''
2025-04-20 05:20:40,235:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/2351510427/508302394397:
{
"protected": "省略",
"signature": "省略",
"payload": ""
}
2025-04-20 05:20:40,379:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/2351510427/508302394397 HTTP/1.1" 200 827
2025-04-20 05:20:40,379:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 20 Apr 2025 05:20:40 GMT
Content-Type: application/json
Content-Length: 827
Connection: keep-alive
Boulder-Requester: 2351510427
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: JYccJeq-lo7m2FRR6Ip-0mQIv8OcvQjMJRUWjpXvWCug8WRGkgQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "xxxxx.example.com"
},
"status": "pending",
"expires": "2025-04-27T05:20:37Z",
"challenges": [
{
"type": "tls-alpn-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/2351510427/508302394397/e1QfhA",
"status": "pending",
"token": "3ahf-MSSBNFe8tN8fRvHHPyi-hINh3mGHJO7iBblSrc"
},
{
"type": "dns-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/2351510427/508302394397/zvhfZw",
"status": "pending",
"token": "3ahf-MSSBNFe8tN8fRvHHPyi-hINh3mGHJO7iBblSrc"
},
{
"type": "http-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/2351510427/508302394397/xHE8QQ",
"status": "pending",
"token": "3ahf-MSSBNFe8tN8fRvHHPyi-hINh3mGHJO7iBblSrc"
}
]
}
2025-04-20 05:20:40,380:DEBUG:acme.client:Storing nonce: JYccJeq-lo7m2FRR6Ip-0mQIv8OcvQjMJRUWjpXvWCug8WRGkgQ
2025-04-20 05:20:43,383:DEBUG:acme.client:JWS payload:
b''
2025-04-20 05:20:43,386:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/2351510427/508302394397:
{
"protected": "省略",
"signature": "省略",
"payload": ""
}
2025-04-20 05:20:43,543:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/2351510427/508302394397 HTTP/1.1" 200 778
2025-04-20 05:20:43,543:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 20 Apr 2025 05:20:43 GMT
Content-Type: application/json
Content-Length: 778
Connection: keep-alive
Boulder-Requester: 2351510427
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: y-2E8Cztnc8vIKvHBNyvpU9fwb5RF53iIT82eivDAfbpsmfZFno
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "xxxxx.example.com"
},
"status": "valid",
"expires": "2025-05-20T05:20:42Z",
"challenges": [
{
"type": "http-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/2351510427/508302394397/xHE8QQ",
"status": "valid",
"validated": "2025-04-20T05:20:39Z",
"token": "3ahf-MSSBNFe8tN8fRvHHPyi-hINh3mGHJO7iBblSrc",
"validationRecord": [
{
"url": "http://xxxxx.example.com/.well-known/acme-challenge/3ahf-MSSBNFe8tN8fRvHHPyi-hINh3mGHJO7iBblSrc",
"hostname": "xxxxx.example.com",
"port": "80",
"addressesResolved": [
"64.110.98.37"
],
"addressUsed": "64.110.98.37"
}
]
}
]
}
2025-04-20 05:20:43,544:DEBUG:acme.client:Storing nonce: y-2E8Cztnc8vIKvHBNyvpU9fwb5RF53iIT82eivDAfbpsmfZFno
2025-04-20 05:20:43,544:DEBUG:certbot._internal.error_handler:Calling registered functions
2025-04-20 05:20:43,544:INFO:certbot._internal.auth_handler:Cleaning up challenges
2025-04-20 05:20:44,707:DEBUG:certbot._internal.client:CSR: CSR(file=None, data=b'-----BEGIN CERTIFICATE REQUEST-----省略-----END CERTIFICATE REQUEST-----\n', form='pem')
2025-04-20 05:20:44,707:DEBUG:certbot._internal.client:Will poll for certificate issuance until 2025-04-20 05:22:14.707882
2025-04-20 05:20:44,708:DEBUG:acme.client:JWS payload:
b'{\n "csr": "省略"\n}'
2025-04-20 05:20:44,710:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/finalize/2351510427/376000173727:
{
"protected": "省略",
"signature": "省略",
"payload": "省略"
}
2025-04-20 05:20:45,897:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/finalize/2351510427/376000173727 HTTP/1.1" 200 455
2025-04-20 05:20:45,898:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 20 Apr 2025 05:20:45 GMT
Content-Type: application/json
Content-Length: 455
Connection: keep-alive
Boulder-Requester: 2351510427
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/2351510427/376000173727
Replay-Nonce: JYccJeq-8JendyBWeOkdg_W9N5KWyclOqg179yez-O5p6YH_-MY
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"status": "valid",
"expires": "2025-04-27T05:20:37Z",
"identifiers": [
{
"type": "dns",
"value": "xxxxx.example.com"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz/2351510427/508302394397"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/2351510427/376000173727",
"certificate": "https://acme-v02.api.letsencrypt.org/acme/cert/06488727952b0055effc2bb1f675cc09cf39"
}
2025-04-20 05:20:45,898:DEBUG:acme.client:Storing nonce: JYccJeq-8JendyBWeOkdg_W9N5KWyclOqg179yez-O5p6YH_-MY
2025-04-20 05:20:46,900:DEBUG:acme.client:JWS payload:
b''
2025-04-20 05:20:46,902:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/order/2351510427/376000173727:
{
"protected": "省略",
"signature": "省略",
"payload": ""
}
2025-04-20 05:20:47,044:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/order/2351510427/376000173727 HTTP/1.1" 200 455
2025-04-20 05:20:47,045:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 20 Apr 2025 05:20:46 GMT
Content-Type: application/json
Content-Length: 455
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: JYccJeq-QAHRCrI4tu27nSNCcj1xKG_NEAP-FqGxlTyHW0pES2k
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"status": "valid",
"expires": "2025-04-27T05:20:37Z",
"identifiers": [
{
"type": "dns",
"value": "xxxxx.example.com"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz/2351510427/508302394397"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/2351510427/376000173727",
"certificate": "https://acme-v02.api.letsencrypt.org/acme/cert/06488727952b0055effc2bb1f675cc09cf39"
}
2025-04-20 05:20:47,045:DEBUG:acme.client:Storing nonce: JYccJeq-QAHRCrI4tu27nSNCcj1xKG_NEAP-FqGxlTyHW0pES2k
2025-04-20 05:20:47,045:DEBUG:acme.client:JWS payload:
b''
2025-04-20 05:20:47,047:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/cert/06488727952b0055effc2bb1f675cc09cf39:
{
"protected": "省略",
"signature": "省略",
"payload": ""
}
2025-04-20 05:20:47,191:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/cert/06488727952b0055effc2bb1f675cc09cf39 HTTP/1.1" 200 2913
2025-04-20 05:20:47,192:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 20 Apr 2025 05:20:47 GMT
Content-Type: application/pem-certificate-chain
Content-Length: 2913
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/cert/06488727952b0055effc2bb1f675cc09cf39/1>;rel="alternate"
Replay-Nonce: JYccJeq-SFDVA_HJJVMglbS5wlLdPhd7ryesSE87iaJmSRK3oQU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
-----BEGIN CERTIFICATE-----
MIIDtjCCAzugAwIBAgISBkiHJ5UrAFXv/Cux9nXMCc85MAoGCCqGSM49BAMDMDIx
CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
NjAeFw0yNTA0MjAwNDIyMTRaFw0yNTA3MTkwNDIyMTNaMB4xHDAaBgNVBAMTE3Qy
MDI1LndvcmxkLXRscy5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASe+KMV
04p1KDEbjSQVRPJj7M+12bqqHuton050UaJrbh+/kppPbKtyyj/6a4mAhkVasMHK
ad3JuEu/VHNQ9Xkqo4ICQzCCAj8wDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQG
CCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBS9Pwuu
MpoqXf734C4LsmgfQq44ITAfBgNVHSMEGDAWgBSTJ0aYA6lRaI6Y1sRCSNsjv1iU
0jBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9lNi5vLmxlbmNy
Lm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL2U2LmkubGVuY3Iub3JnLzAeBgNVHREE
FzAVghN0MjAyNS53b3JsZC10bHMuY29tMBMGA1UdIAQMMAowCAYGZ4EMAQIBMC0G
A1UdHwQmMCQwIqAgoB6GHGh0dHA6Ly9lNi5jLmxlbmNyLm9yZy81OC5jcmwwggED
BgorBgEEAdZ5AgQCBIH0BIHxAO8AdgDM+w9qhXEJZf6Vm1PO6bJ8IumFXA2Xjbap
flTA/kwNsAAAAZZRpFBzAAAEAwBHMEUCIGCje6aH+PvnW4Ku4d9kFM72gbXHj+Fo
CXGTnhC52lo3AiEAox9/oQuGDryoSK79kKw4w66DwDo/7VwVGHnXLGLFO18AdQCv
GBoo1oyj4KmKTJxnqwn4u7wiuq68sTijoZ3T+bYDDQAAAZZRpFHjAAAEAwBGMEQC
IC2tB0hUjNC4IYgTsUlXWbyror39fw2UDn5iydBmecQNAiAsse27p9IQ9o+4HVG1
6AuTCqqiGwrhwPQRu1iTT9ECTjAKBggqhkjOPQQDAwNpADBmAjEAhpu+zCdCibxg
XRRHQkmQK0LfCXrola4F/U9fGYkq0unjsFopZoQXVTRnaY+MQCWtAjEAm+2G8D0D
Gn1HK/sdKc7bLUHCmb+JHc3aUUVI6VkLWVdMdUEj1YaNrK9FrQnBMBT5
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEVzCCAj+gAwIBAgIRALBXPpFzlydw27SHyzpFKzgwDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDELMAkGA1UEAxMCRTYwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATZ8Z5G
h/ghcWCoJuuj+rnq2h25EqfUJtlRFLFhfHWWvyILOR/VvtEKRqotPEoJhC6+QJVV
6RlAN2Z17TJOdwRJ+HB7wxjnzvdxEP6sdNgA1O1tHHMWMxCcOrLqbGL0vbijgfgw
gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSTJ0aYA6lRaI6Y1sRCSNsj
v1iU0jAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB
AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g
BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu
Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAfYt7SiA1sgWGCIpunk46r4AExIRc
MxkKgUhNlrrv1B21hOaXN/5miE+LOTbrcmU/M9yvC6MVY730GNFoL8IhJ8j8vrOL
pMY22OP6baS1k9YMrtDTlwJHoGby04ThTUeBDksS9RiuHvicZqBedQdIF65pZuhp
eDcGBcLiYasQr/EO5gxxtLyTmgsHSOVSBcFOn9lgv7LECPq9i7mfH3mpxgrRKSxH
pOoZ0KXMcB+hHuvlklHntvcI0mMMQ0mhYj6qtMFStkF1RpCG3IPdIwpVCQqu8GV7
s8ubknRzs+3C/Bm19RFOoiPpDkwvyNfvmQ14XkyqqKK5oZ8zhD32kFRQkxa8uZSu
h4aTImFxknu39waBxIRXE4jKxlAmQc4QjFZoq1KmQqQg0J/1JF8RlFvJas1VcjLv
YlvUB2t6npO6oQjB3l+PNf0DpQH7iUx3Wz5AjQCi6L25FjyE06q6BZ/QlmtYdl/8
ZYao4SRqPEs/6cAiF+Qf5zg2UkaWtDphl1LKMuTNLotvsX99HP69V2faNyegodQ0
LyTApr/vT01YPE46vNsDLgK+4cL6TrzC/a4WcmF5SRJ938zrv/duJHLXQIku5v0+
EwOy59Hdm0PT/Er/84dDV0CSjdR/2XuZM3kpysSKLgD1cKiDA+IRguODCxfO9cyY
Ig46v9mFmBvyH04=
-----END CERTIFICATE-----
2025-04-20 05:20:47,192:DEBUG:acme.client:Storing nonce: JYccJeq-SFDVA_HJJVMglbS5wlLdPhd7ryesSE87iaJmSRK3oQU
2025-04-20 05:20:47,193:DEBUG:certbot._internal.storage:Creating directory /etc/letsencrypt/archive.
2025-04-20 05:20:47,193:DEBUG:certbot._internal.storage:Creating directory /etc/letsencrypt/live.
2025-04-20 05:20:47,193:DEBUG:certbot._internal.storage:Writing README to /etc/letsencrypt/live/README.
2025-04-20 05:20:47,194:DEBUG:certbot._internal.storage:Creating directory /etc/letsencrypt/archive/xxxxx.example.com.
2025-04-20 05:20:47,194:DEBUG:certbot._internal.storage:Creating directory /etc/letsencrypt/live/xxxxx.example.com.
2025-04-20 05:20:47,194:DEBUG:certbot._internal.storage:Writing certificate to /etc/letsencrypt/live/xxxxx.example.com/cert.pem.
2025-04-20 05:20:47,194:DEBUG:certbot._internal.storage:Writing private key to /etc/letsencrypt/live/xxxxx.example.com/privkey.pem.
2025-04-20 05:20:47,195:DEBUG:certbot._internal.storage:Writing chain to /etc/letsencrypt/live/xxxxx.example.com/chain.pem.
2025-04-20 05:20:47,195:DEBUG:certbot._internal.storage:Writing full chain to /etc/letsencrypt/live/xxxxx.example.com/fullchain.pem.
2025-04-20 05:20:47,195:DEBUG:certbot._internal.storage:Writing README to /etc/letsencrypt/live/xxxxx.example.com/README.
2025-04-20 05:20:47,208:DEBUG:certbot.configuration:Var account=5ca94fad79f02a535d8c2a2e034a0eb6 (set by user).
2025-04-20 05:20:47,209:DEBUG:certbot._internal.plugins.selection:Requested authenticator nginx and installer nginx
2025-04-20 05:20:47,209:DEBUG:certbot._internal.plugins.selection:Requested authenticator nginx and installer nginx
2025-04-20 05:20:47,210:DEBUG:certbot._internal.storage:Writing new config /etc/letsencrypt/renewal/xxxxx.example.com.conf.
2025-04-20 05:20:47,212:DEBUG:certbot._internal.display.obj:Notifying user:
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/xxxxx.example.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/xxxxx.example.com/privkey.pem
This certificate expires on 2025-07-19.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
2025-04-20 05:20:47,212:DEBUG:certbot._internal.display.obj:Notifying user: Deploying certificate
2025-04-20 05:20:47,219:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python3.9/site-packages/certbot/_internal/client.py", line 658, in deploy_certificate
self.installer.deploy_cert(
File "/usr/lib/python3.9/site-packages/certbot_nginx/_internal/configurator.py", line 245, in deploy_cert
vhosts = self.choose_vhosts(domain, create_if_no_match=True)
File "/usr/lib/python3.9/site-packages/certbot_nginx/_internal/configurator.py", line 356, in choose_vhosts
vhosts = [self._vhost_from_duplicated_default(target_name, True,
File "/usr/lib/python3.9/site-packages/certbot_nginx/_internal/configurator.py", line 405, in _vhost_from_duplicated_default
default_vhost = self._get_default_vhost(domain, allow_port_mismatch, port)
File "/usr/lib/python3.9/site-packages/certbot_nginx/_internal/configurator.py", line 443, in _get_default_vhost
raise errors.MisconfigurationError("Could not automatically find a matching server "
certbot.errors.MisconfigurationError: Could not automatically find a matching server block for xxxxx.example.com. Set the `server_name` directive to use the Nginx installer.
2025-04-20 05:20:47,219:DEBUG:certbot._internal.error_handler:Calling registered functions
2025-04-20 05:20:47,392:DEBUG:certbot._internal.display.obj:Notifying user: Could not install certificate
2025-04-20 05:20:47,394:DEBUG:certbot._internal.display.obj:Notifying user: NEXT STEPS:
2025-04-20 05:20:47,394:DEBUG:certbot._internal.display.obj:Notifying user: - The certificate was saved, but could not be installed (installer: nginx). After fixing the error shown below, try installing it again by running:
certbot install --cert-name xxxxx.example.com
2025-04-20 05:20:47,394:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/bin/certbot", line 8, in <module>
sys.exit(main())
File "/usr/lib/python3.9/site-packages/certbot/main.py", line 19, in main
return internal_main.main(cli_args)
File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 1873, in main
return config.func(config, plugins)
File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 1459, in run
raise installer_err
File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 1443, in run
_install_cert(config, le_client, domains, new_lineage)
File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 1058, in _install_cert
le_client.deploy_certificate(domains, path_provider.key_path, path_provider.cert_path,
File "/usr/lib/python3.9/site-packages/certbot/_internal/client.py", line 658, in deploy_certificate
self.installer.deploy_cert(
File "/usr/lib/python3.9/site-packages/certbot_nginx/_internal/configurator.py", line 245, in deploy_cert
vhosts = self.choose_vhosts(domain, create_if_no_match=True)
File "/usr/lib/python3.9/site-packages/certbot_nginx/_internal/configurator.py", line 356, in choose_vhosts
vhosts = [self._vhost_from_duplicated_default(target_name, True,
File "/usr/lib/python3.9/site-packages/certbot_nginx/_internal/configurator.py", line 405, in _vhost_from_duplicated_default
default_vhost = self._get_default_vhost(domain, allow_port_mismatch, port)
File "/usr/lib/python3.9/site-packages/certbot_nginx/_internal/configurator.py", line 443, in _get_default_vhost
raise errors.MisconfigurationError("Could not automatically find a matching server "
certbot.errors.MisconfigurationError: Could not automatically find a matching server block for xxxxx.example.com. Set the `server_name` directive to use the Nginx installer.
2025-04-20 05:20:47,398:ERROR:certbot._internal.log:Could not automatically find a matching server block for xxxxx.example.com. Set the `server_name` directive to use the Nginx installer.
2025-04-20 05:26:31,704:DEBUG:certbot._internal.main:certbot version: 3.1.0
2025-04-20 05:26:31,704:DEBUG:certbot._internal.main:Location of certbot entry point: /bin/certbot
2025-04-20 05:26:31,704:DEBUG:certbot._internal.main:Arguments: ['--nginx', '-d', 'xxxxx.example.com']
2025-04-20 05:26:31,704:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2025-04-20 05:26:31,715:DEBUG:certbot._internal.log:Root logging level set at 30
2025-04-20 05:26:31,716:DEBUG:certbot._internal.plugins.selection:Requested authenticator nginx and installer nginx
2025-04-20 05:26:32,019:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * nginx
Description: Nginx Web Server plugin
Interfaces: Authenticator, Installer, Plugin
Entry point: EntryPoint(name='nginx', value='certbot_nginx._internal.configurator:NginxConfigurator', group='certbot.plugins')
Initialized: <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7f4336576310>
Prep: True
2025-04-20 05:26:32,019:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7f4336576310> and installer <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7f4336576310>
2025-04-20 05:26:32,020:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator nginx, Installer nginx
2025-04-20 05:26:32,208:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/2351510427', new_authzr_uri=None, terms_of_service=None), 5ca94fad79f02a535d8c2a2e034a0eb6, Meta(creation_dt=datetime.datetime(2025, 4, 20, 5, 20, 12, tzinfo=<UTC>), creation_host='instance-20250419-1712.subnet省略.vcn省略.oraclevcn.com', register_to_eff='xxxxxx@gmail.com'))>
2025-04-20 05:26:32,209:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2025-04-20 05:26:32,211:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2025-04-20 05:26:32,649:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 1042
2025-04-20 05:26:32,650:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 20 Apr 2025 05:26:32 GMT
Content-Type: application/json
Content-Length: 1042
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"profiles": {
"classic": "https://letsencrypt.org/docs/profiles#classic",
"shortlived": "https://letsencrypt.org/docs/profiles#shortlived (not yet generally available)",
"tlsserver": "https://letsencrypt.org/docs/profiles#tlsserver (not yet generally available)"
},
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-03/renewalInfo",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert",
"x8zt5rMx1JU": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417"
}
2025-04-20 05:26:32,656:DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): e6.o.lencr.org:80
2025-04-20 05:26:32,810:DEBUG:urllib3.connectionpool:http://e6.o.lencr.org:80 "POST / HTTP/1.1" 200 346
2025-04-20 05:26:32,811:DEBUG:certbot.ocsp:OCSP response for certificate /etc/letsencrypt/archive/xxxxx.example.com/cert1.pem is signed by the certificate's issuer.
2025-04-20 05:26:32,813:DEBUG:certbot.ocsp:OCSP certificate status for /etc/letsencrypt/archive/xxxxx.example.com/cert1.pem is: OCSPCertStatus.GOOD
2025-04-20 05:26:32,816:DEBUG:certbot._internal.display.obj:Notifying user: Certificate not yet due for renewal
2025-04-20 05:26:54,871:INFO:certbot._internal.main:Keeping the existing certificate
2025-04-20 05:26:54,872:DEBUG:certbot._internal.display.obj:Notifying user: Deploying certificate
2025-04-20 05:26:55,207:DEBUG:certbot.crypto_util:Generating RSA key (2048 bits): /var/lib/letsencrypt/snakeoil/0000_key.pem
2025-04-20 05:26:55,222:INFO:certbot_nginx._internal.configurator:Deploying Certificate to VirtualHost /etc/nginx/conf.d/xxxxx.conf
2025-04-20 05:26:55,222:DEBUG:certbot._internal.display.obj:Notifying user: Successfully deployed certificate for xxxxx.example.com to /etc/nginx/conf.d/xxxxx.conf
2025-04-20 05:26:55,222:DEBUG:certbot.reverter:Creating backup of /etc/nginx/conf.d/xxxxx.conf
2025-04-20 05:26:55,223:DEBUG:certbot.reverter:Creating backup of /etc/nginx/mime.types
2025-04-20 05:26:55,223:DEBUG:certbot.reverter:Creating backup of /etc/nginx/nginx.conf
2025-04-20 05:26:55,224:DEBUG:certbot_nginx._internal.parser:Writing nginx conf tree to /etc/nginx/conf.d/xxxxx.conf:
server {
listen 80;
server_name xxxxx.example.com;
root /var/www/html; # 適切なドキュメントルートに変更してください
index index.html;
location / {
try_files $uri $uri/ =404;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/xxxxx.example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/xxxxx.example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
2025-04-20 05:26:56,308:INFO:certbot_nginx._internal.configurator:Redirecting all traffic on port 80 to ssl in /etc/nginx/conf.d/xxxxx.conf
2025-04-20 05:26:56,309:DEBUG:certbot.reverter:Creating backup of /etc/nginx/conf.d/xxxxx.conf
2025-04-20 05:26:56,309:DEBUG:certbot.reverter:Creating backup of /etc/nginx/mime.types
2025-04-20 05:26:56,310:DEBUG:certbot.reverter:Creating backup of /etc/nginx/nginx.conf
2025-04-20 05:26:56,311:DEBUG:certbot_nginx._internal.parser:Writing nginx conf tree to /etc/nginx/conf.d/xxxxx.conf:
server {
server_name xxxxx.example.com;
root /var/www/html; # 適切なドキュメントルートに変更してください
index index.html;
location / {
try_files $uri $uri/ =404;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/xxxxx.example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/xxxxx.example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = xxxxx.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name xxxxx.example.com;
return 404; # managed by Certbot
}
2025-04-20 05:26:57,327:DEBUG:certbot._internal.display.obj:Notifying user: Congratulations! You have successfully enabled HTTPS on https://xxxxx.example.com
2025-04-20 05:26:57,327:INFO:certbot._internal.eff:Subscribe to the EFF mailing list (email: xxxxxx@gmail.com).
2025-04-20 05:26:57,327:DEBUG:certbot._internal.eff:Sending POST request to https://supporters.eff.org/subscribe/certbot:
{'data_type': 'json', 'email': 'xxxxxx@gmail.com', 'form_id': 'eff_supporters_library_subscribe_form'}
2025-04-20 05:26:57,329:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): supporters.eff.org:443
2025-04-20 05:26:58,116:DEBUG:urllib3.connectionpool:https://supporters.eff.org:443 "POST /subscribe/certbot HTTP/1.1" 307 180
2025-04-20 05:26:58,247:DEBUG:urllib3.connectionpool:https://supporters.eff.org:443 "POST /donate/functions/certbot_subscribe HTTP/1.1" 200 None
2025-04-20 05:26:58,249:DEBUG:certbot._internal.eff:Received response:
b'{"status":true,"message":"Subscribed"}'
2025-04-20 05:26:58,251:DEBUG:certbot._internal.display.obj:Notifying user: If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-lecron設定
cron で 1日1回 自動更新する設定。
certbotを毎日1回実行するようにcrontabに追加。
sudo crontab -e- 以下の行を追加(例:毎日3時に実行)
0 3 * * * certbot renew --quiet --post-hook "systemctl reload nginx"2025年4月7日にリリースされた、Certbot 4.0.0以降は、証明書の有効期限が3分の1未満になった時点で、更新可能とみなされる。Certbot 4.0.0より前のバージョンでは、有効期限のしきい値は30日に固定されていた。
This command attempts to renew any previously-obtained certificates which are ready for renewal. As of Certbot 4.0.0, a certificate is considered ready for renewal when less than 1/3rd of its lifetime remains. For certificates with a lifetime of 10 days or less, that threshold is 1/2 of the lifetime. Prior to Certbot 4.0.0 the threshold was a fixed 30 days.
(日本語)
このコマンドは、更新可能な状態にある、以前に取得した証明書を更新しようとする。Certbot 4.0.0以降、証明書の有効期限が3分の1未満になった時点で、更新可能とみなされる。有効期限が10日以下の証明書の場合、有効期限のしきい値は有効期限の2分の1になる。Certbot 4.0.0より前のバージョンでは、有効期限のしきい値は30日に固定されていた。
