完全無料でワイルドカード証明書を手に入れよう / How to get wildcard certs without any charges

׬શແྉͰ ϫΠϧυΧʔυূ໌ॻΛ खʹೖΕΑ͏ ඌ৲݈

ϫΠϧυΧʔυূ໌ॻʁ 9W4VCKFDU"MUFSOBUJWF/BNF 4"/

ͳͥϫΠϧυΧʔυূ໌ॻ͕ ΄͍͠ͷ͔ wࠓ͞Βฏจ)551ͳ8FCαʔϏεΛ ৽نΦʔϓϯ͢ΔͳΜͯ͋Γ͑ͳ͍ wຊ൪؀ڥ͚ͩͰͳ͘ɺ$*؀ڥ΍։ൃ ؀ڥ΋)5514Խ͍͕ͨ͠ɺ'2%/ຖ ʹূ໌ॻൃߦͳΜͯ΍ͬͯΒΕͳ͍

ʮ׬શແྉͰϫΠϧυΧʔυ ূ໌ॻʯͷλω໌͔͠ wແྉυϝΠϯ 'SFFOPN wແྉ੩త8FCαΠτ(JU)VC1BHFT wແྉ%/4αʔό $MPVEqBSF%/4 wແྉ5-4ূ໌ॻ -FU`T&ODSZQU

ແྉυϝΠϯ'SFFOPN freenom.com

ແྉυϝΠϯ'SFFOPN w.tk .ml .ga .cf .gqͷ֤5-%Ͱɺ  ηΧϯυϨϕϧ͕จࣈҎ্ͩͱແྉ w ʢྫʣgikai.ml͸ແྉɻntt.cf͸༗ྉ wυϝΠϯͷ༗ޮظؒ͸ʙϲ݄
w Ԇ௕͸ظݶ੾Εͷिؒલ͔Βखଓ͖Մೳ w ແྉυϝΠϯ͸Ԇ௕ͯ͠΋ͻ͖͖ͭͮແྉ w%/4αʔό΋ఏڙ͍ͯ͠Δ͕  %/4ϨίʔυΛૢ࡞͢Δ"1*͸ແ͍

ແྉ੩త8FCαΠτ(JU)VC1BHFT

ແྉ%/4αʔό$MPVEqBSF%/4 w%/4Ϩίʔυૢ࡞ʹ"1*΋࢖͑Δ ΋ͪΖΜ(6*΋Մ

ແྉ5-4ূ໌ॻ-FU`T&ODSZQU w*43( *OUFSOFU4FDVSJUZ3FTFBSDI(SPVQ ͕  ແྉͰఏڙ͢Δ5-4αʔόূ໌ॻൃߦαʔϏε w"$.& "VUPNBUFE$FSUJpDBUF.BOBHFNFOU&OWJSPONFOU ϓϩτίϧΛ༻͍ͯূ໌ॻൃߦϓϩηεΛࣗಈԽ wυϝΠϯ ݖҖ%/4αʔό্ͷ%/4Ϩίʔυ
ͷ؅ཧݖݶͷ ॴ࣋Λ֬ೝ͢Δ͜ͱΛ΋ͬͯূ໌ॻൃߦՄೳͱ൑ఆ͢Δ ͍ΘΏΔυϝΠϯೝূ w೥݄͔Β"$.&Wϓϩτίϧͷਖ਼ࣜαϙʔτʹΑΓ ϫΠϧυΧʔυূ໌ॻͷൃߦ΋Մೳʹ wূ໌ॻͷ༗ޮظؒ͸ൃߦޙ೔ؒ

ແྉ5-4ূ໌ॻ-FU`T&ODSZQU ূ໌ॻͷ༗ޮظؒ͸ൃߦޙ೔ؒ w தؒূ໌ॻ͸-FU`T&ODSZQUࣗ਎ͷ$"ʹ Ճ͑ͯ*EFO5SVTU$"ʹΑͬͯ΋ॺ໊ w ΄ͱΜͲͷ8FCΫϥΠΞϯτ͸*EFO5SVTU ͷϧʔτ$"ূ໌ॻΛϓϦΠϯετʔϧɹ ‎Ϣʔβࣗ਎͕$"ূ໌ॻΛΠϯετʔϧ ͠ͳͯ͘΋0,

υϝΠϯऔಘ͔Βূ໌ॻήοτ ·ͰͷྲྀΕ ᶃ 'SFFOPNͰυϝΠϯऔಘ ᶄ (JU)VCʹ੩త8FCαΠτίϯςϯπΛQVTI͠ɺ(JU)VC 1BHFTΛ༗ޮԽ ᶅ $MPVEqBSFͰαΠτొ࿥ˍ(JU)VC1BHFTͷΧελϜυϝ Πϯ༻%/4Ϩίʔυొ࿥
ᶆ 'SFFOPNͰݖҖ%/4αʔόΛ$MPVEqBSF%/4ʹ੾Γସ͑ ᶇ -FU`T&ODSZQUͰ$MPVEqBSF%/4Λ࢖ͬͯϫΠϧυΧʔυ ূ໌ॻήοτ

(JU)VC1BHFT

ΧελϜυϝΠϯͰ  (JU)VC1BHFTΛ࢖͓͏ͱ͢Δͱ

$MPVEqBSFͰαΠτొ࿥

(JU)VC1BHFTͷ  ΧελϜυϝΠϯ༻%/4Ϩίʔυొ࿥ w ͱ  Ѽͷ  %/4"ϨίʔυΛ౤ೖ w ͍ͣΕ΋$MPVEqBSF$%/Λ ௨ͯ͠ΞΫηε ˞೚ҙ

$MPVEqBSFΛ  ݖҖ%/4αʔόʹ͢Δ

ݖҖ%/4αʔόมߋ੒ޭ ˞มߋ׬ྃ·ͰԿ෼͔଴ͱ͏ʂ

-FU`T&ODSZQU͔Βূ໌ॻΛ ήοτ͢Δํ๏ w"$.&WΫϥΠΞϯτΛࣗ෼Ͱಈ͔͢ wͳΜ͔উखʹ΍ͬͯ͘ΕΔ wϓϩμΫτʹ૊Έࠐ·Ε͍ͯΔ ࠓճ͸ίϨ

"$.&WΫϥΠΞϯτ https://letsencrypt.org/docs/client-options/ ࠓճ͸BDNFTIΛ࢖༻ wCBTIεΫϦϓτϕʔε wBMQJOFϕʔεͷ%PDLFSpMF͕ ͍͍ͭͯΔ w$MPVEqBSF%/4ͷ"1*ʹରԠ https://github.com/Neilpang/acme.sh

$MPVEqBSF"1*Ωʔ

BDNFTIͷ࢖͍ํ ৽نൃߦ $ git clone https://github.com/Neilpang/acme.sh $ cd acme.sh
$ docker build -t acme.sh . $ cd .. $ docker run -t --rm \ -e CF_Email='[email protected]' \ -e CF_Key=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX \ -v $PWD:/acme.sh acme.sh \ --issue --dns dns_cf \ -d hogehoge.cf -d '*.hogehoge.cf' ద౰ͳ%PDLFSϗετʹ࡞ۀ༻σΟϨΫτϦΛ۷ͬͯɺ ͓΋ΉΖʹҎԼΛ࣮ߦ $MPVEqBSF"1*Ωʔ $MPVEqBSFΞΧ΢ϯτ*% ొ࿥ϝΞυ ϫΠϧυΧʔυΛࢦఆ

ੜ੒͞ΕΔϑΝΠϧ $ tree . ├── account.conf ├── acme.sh │ ├──
acme.sh │ ʲதུʳ ├── ca │ └── acme-v02.api.letsencrypt.org │ ├── account.json │ ├── account.key │ └── ca.conf └── hogehoge.cf ├── ca.cer ├── hogehoge.cf.cer ├── hogehoge.cf.conf ├── hogehoge.cf.csr ├── hogehoge.cf.csr.conf ├── hogehoge.cf.key └── fullchain.cer ൿີݤϑΝΠϧ ূ໌ॻνΣΠϯϑΝΠϧ ূ໌ॻϑΝΠϧ

BDNFTIͷ࢖͍ํ ߋ৽࠶ൃߦɾࢀরɾ࡟আ $ docker run -t --rm -v $PWD:/acme.sh
\ acme.sh --renew-all $ docker run -t --rm -v $PWD:/acme.sh \ acme.sh --list $ docker run -t --rm -v $PWD:/acme.sh \ acme.sh --remove -d hogehoge.cf ʲࢀরʳ ʲߋ৽࠶ൃߦʳ˞༗ޮظؒ࢒Γ೔Λ੾ͬͨ΋ͷͷΈ"$.&࠶࣮ߦ ʲ࡟আʳ

ʲ2ʳ  αϒυϝΠϯͰ΋͍͚Δͷʁ $ docker run -t --rm \ -e CF_Email='[email protected]'
\ -e CF_Key=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX \ -v $PWD:/acme.sh acme.sh \ --issue --dns dns_cf \ -d sub.hogehoge.cf -d '*.sub.hogehoge.cf' ʲ"ʳ͑͑ɺ͍͚·͢ ˞ূ໌ॻΛ࣮ࡍʹ࢖͏ͱ͖͸ɺαϒυϝΠϯͷ%/4Ϩίʔυొ࿥ͳͲ͓๨Εͳ͘

෭࢈෺ w(JU)VCͰͪΌΜͱόʔδϣϯ؅ཧ͞Εɺ  $%/΋࢖ͬͨɺܹ଎ͳ੩త8FCαΠτ wΠϯτϥωοτͰ࢖͏υϝΠϯͰ΋  ࣗಈߋ৽ՄೳͳϫΠϧυΧʔυূ໌ॻ w*OUFSOFUSFBDIBCMFͳ8FCαʔό͕ͳͯ͘΋ɺ ݖҖ%/4αʔό͑͋͞Ε͹ূ໌ॻߋ৽͕Մೳ

͋Γ͕ͱ͏͍͟͝·ͨ͠

完全無料でワイルドカード証明書を手に入れよう / How to get wildcard certs without any charges

完全無料でワイルドカード証明書を手に入れよう / How to get wildcard certs without any charges

Ken Ojiri

More Decks by Ken Ojiri

Other Decks in Technology

Featured

Transcript

׬શແྉͰ ϫΠϧυΧʔυূ໌ॻΛ खʹೖΕΑ͏ ඌ৲݈

ϫΠϧυΧʔυূ໌ॻʁ 9W4VCKFDU"MUFSOBUJWF/BNF 4"/

ͳͥϫΠϧυΧʔυূ໌ॻ͕ ΄͍͠ͷ͔ wࠓ͞Βฏจ)551ͳ8FCαʔϏεΛ ৽نΦʔϓϯ͢ΔͳΜͯ͋Γ͑ͳ͍ wຊ൪؀ڥ͚ͩͰͳ͘ɺ$*؀ڥ΍։ൃ ؀ڥ΋)5514Խ͍͕ͨ͠ɺ'2%/ຖ ʹূ໌ॻൃߦͳΜͯ΍ͬͯΒΕͳ͍

ʮ׬શແྉͰϫΠϧυΧʔυ ূ໌ॻʯͷλω໌͔͠ wແྉυϝΠϯ 'SFFOPN wແྉ੩త8FCαΠτ(JU)VC1BHFT wແྉ%/4αʔό $MPVEqBSF%/4 wແྉ5-4ূ໌ॻ -FU`T&ODSZQU

ແྉυϝΠϯ'SFFOPN freenom.com

ແྉυϝΠϯ'SFFOPN w.tk .ml .ga .cf .gqͷ֤5-%Ͱɺ  ηΧϯυϨϕϧ͕จࣈҎ্ͩͱແྉ w ʢྫʣgikai.ml͸ແྉɻntt.cf͸༗ྉ wυϝΠϯͷ༗ޮظؒ͸ʙϲ݄

ແྉ੩త8FCαΠτ(JU)VC1BHFT

ແྉ%/4αʔό$MPVEqBSF%/4 w%/4Ϩίʔυૢ࡞ʹ"1΋࢖͑Δ ΋ͪΖΜ(6΋Մ

ແྉ5-4ূ໌ॻ-FU`T&ODSZQU w43( OUFSOFU4FDVSJUZ3FTFBSDI(SPVQ ͕  ແྉͰఏڙ͢Δ5-4αʔόূ໌ॻൃߦαʔϏε w"$.& "VUPNBUFE$FSUJpDBUF.BOBHFNFOU&OWJSPONFOU ϓϩτίϧΛ༻͍ͯূ໌ॻൃߦϓϩηεΛࣗಈԽ wυϝΠϯ ݖҖ%/4αʔό্ͷ%/4Ϩίʔυ

ແྉ5-4ূ໌ॻ-FU`T&ODSZQU ূ໌ॻͷ༗ޮظؒ͸ൃߦޙ೔ؒ w தؒূ໌ॻ͸-FU`T&ODSZQUࣗ਎ͷ$"ʹ Ճ͑ͯEFO5SVTU$"ʹΑͬͯ΋ॺ໊ w ΄ͱΜͲͷ8FCΫϥΠΞϯτ͸EFO5SVTU ͷϧʔτ$"ূ໌ॻΛϓϦΠϯετʔϧɹ ‎Ϣʔβࣗ਎͕$"ূ໌ॻΛΠϯετʔϧ ͠ͳͯ͘΋0,

υϝΠϯऔಘ͔Βূ໌ॻήοτ ·ͰͷྲྀΕ ᶃ 'SFFOPNͰυϝΠϯऔಘ ᶄ (JU)VCʹ੩త8FCαΠτίϯςϯπΛQVTI͠ɺ(JU)VC 1BHFTΛ༗ޮԽ ᶅ $MPVEqBSFͰαΠτొ࿥ˍ(JU)VC1BHFTͷΧελϜυϝ Πϯ༻%/4Ϩίʔυొ࿥

(JU)VC1BHFT

ΧελϜυϝΠϯͰ  (JU)VC1BHFTΛ࢖͓͏ͱ͢Δͱ

υϝΠϯऔಘ͔Βূ໌ॻήοτ ·ͰͷྲྀΕ ᶃ 'SFFOPNͰυϝΠϯऔಘ ᶄ (JU)VCʹ੩త8FCαΠτίϯςϯπΛQVTI͠ɺ(JU)VC 1BHFTΛ༗ޮԽ ᶅ $MPVEqBSFͰαΠτొ࿥ˍ(JU)VC1BHFTͷΧελϜυϝ Πϯ༻%/4Ϩίʔυొ࿥

$MPVEqBSFͰαΠτొ࿥

(JU)VC1BHFTͷ  ΧελϜυϝΠϯ༻%/4Ϩίʔυొ࿥ w ͱ  Ѽͷ  %/4"ϨίʔυΛ౤ೖ w ͍ͣΕ΋$MPVEqBSF$%/Λ ௨ͯ͠ΞΫηε ˞೚ҙ

υϝΠϯऔಘ͔Βূ໌ॻήοτ ·ͰͷྲྀΕ ᶃ 'SFFOPNͰυϝΠϯऔಘ ᶄ (JU)VCʹ੩త8FCαΠτίϯςϯπΛQVTI͠ɺ(JU)VC 1BHFTΛ༗ޮԽ ᶅ $MPVEqBSFͰαΠτొ࿥ˍ(JU)VC1BHFTͷΧελϜυϝ Πϯ༻%/4Ϩίʔυొ࿥

$MPVEqBSFΛ  ݖҖ%/4αʔόʹ͢Δ

ݖҖ%/4αʔόมߋ੒ޭ ˞มߋ׬ྃ·ͰԿ෼͔଴ͱ͏ʂ

υϝΠϯऔಘ͔Βূ໌ॻήοτ ·ͰͷྲྀΕ ᶃ 'SFFOPNͰυϝΠϯऔಘ ᶄ (JU)VCʹ੩త8FCαΠτίϯςϯπΛQVTI͠ɺ(JU)VC 1BHFTΛ༗ޮԽ ᶅ $MPVEqBSFͰαΠτొ࿥ˍ(JU)VC1BHFTͷΧελϜυϝ Πϯ༻%/4Ϩίʔυొ࿥

-FU`T&ODSZQU͔Βূ໌ॻΛ ήοτ͢Δํ๏ w"$.&WΫϥΠΞϯτΛࣗ෼Ͱಈ͔͢ wͳΜ͔উखʹ΍ͬͯ͘ΕΔ wϓϩμΫτʹ૊Έࠐ·Ε͍ͯΔ ࠓճ͸ίϨ

"$.&WΫϥΠΞϯτ https://letsencrypt.org/docs/client-options/ ࠓճ͸BDNFTIΛ࢖༻ wCBTIεΫϦϓτϕʔε wBMQJOFϕʔεͷ%PDLFSpMF͕ ͍͍ͭͯΔ w$MPVEqBSF%/4ͷ"1*ʹରԠ https://github.com/Neilpang/acme.sh

$MPVEqBSF"1*Ωʔ

BDNFTIͷ࢖͍ํ ৽نൃߦ $ git clone https://github.com/Neilpang/acme.sh $ cd acme.sh

ੜ੒͞ΕΔϑΝΠϧ $ tree . ├── account.conf ├── acme.sh │ ├──

BDNFTIͷ࢖͍ํ ߋ৽࠶ൃߦɾࢀরɾ࡟আ $ docker run -t --rm -v $PWD:/acme.sh

ʲ2ʳ  αϒυϝΠϯͰ΋͍͚Δͷʁ $ docker run -t --rm \ -e CF_Email='[email protected]'

෭࢈෺ w(JU)VCͰͪΌΜͱόʔδϣϯ؅ཧ͞Εɺ  $%/΋࢖ͬͨɺܹ଎ͳ੩త8FCαΠτ wΠϯτϥωοτͰ࢖͏υϝΠϯͰ΋  ࣗಈߋ৽ՄೳͳϫΠϧυΧʔυূ໌ॻ w*OUFSOFUSFBDIBCMFͳ8FCαʔό͕ͳͯ͘΋ɺ ݖҖ%/4αʔό͑͋͞Ε͹ূ໌ॻߋ৽͕Մೳ

͋Γ͕ͱ͏͍͟͝·ͨ͠