Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Speaker Deck
PRO
Sign in
Sign up
for free
完全無料でワイルドカード証明書を手に入れよう / How to get wildcard certs without any charges
Ken Ojiri
August 23, 2019
Technology
0
150
完全無料でワイルドカード証明書を手に入れよう / How to get wildcard certs without any charges
2019年8月23日 TechLunch (NTTコミュニケーションズ 社内イベント) にて発表
Ken Ojiri
August 23, 2019
Tweet
Share
Other Decks in Technology
See All in Technology
clustervr
0
160
lancers_pr
4
1.4k
thockin
3
830
grapecity_dev
0
130
norioikedo
0
210
mamix1116
3
390
yshr1200
0
170
you
0
270
miyakemito
1
520
oracle4engineer
2
100
miura55
0
240
chaspy
6
1.2k
Featured
See All Featured
bryan
31
3.4k
rasmusluckow
318
18k
notwaldorf
15
1.8k
lauravandoore
11
1.5k
malarkey
119
16k
holman
288
130k
malarkey
192
8.6k
shlominoach
176
7.5k
3n
163
22k
marktimemedia
7
390
jensimmons
207
10k
lauravandoore
437
28k
Transcript
શແྉͰ ϫΠϧυΧʔυূ໌ॻΛ खʹೖΕΑ͏ ඌ৲݈
ϫΠϧυΧʔυূ໌ॻʁ 9W4VCKFDU"MUFSOBUJWF/BNF 4"/
ͳͥϫΠϧυΧʔυূ໌ॻ͕ ΄͍͠ͷ͔ wࠓ͞Βฏจ)551ͳ8FCαʔϏεΛ ৽نΦʔϓϯ͢ΔͳΜͯ͋Γ͑ͳ͍ wຊ൪ڥ͚ͩͰͳ͘ɺ$*ڥ։ൃ ڥ)5514Խ͍͕ͨ͠ɺ'2%/ຖ ʹূ໌ॻൃߦͳΜͯͬͯΒΕͳ͍
ʮશແྉͰϫΠϧυΧʔυ ূ໌ॻʯͷλω໌͔͠ wແྉυϝΠϯ 'SFFOPN wແྉ੩త8FCαΠτ(JU)VC1BHFT wແྉ%/4αʔό $MPVEqBSF%/4 wແྉ5-4ূ໌ॻ -FU`T&ODSZQU
ແྉυϝΠϯ'SFFOPN freenom.com
ແྉυϝΠϯ'SFFOPN w.tk .ml .ga .cf .gqͷ֤5-%Ͱɺ ηΧϯυϨϕϧ͕จࣈҎ্ͩͱແྉ w ʢྫʣgikai.mlແྉɻntt.cf༗ྉ wυϝΠϯͷ༗ޮظؒʙϲ݄
w ԆظݶΕͷिؒલ͔Βखଓ͖Մೳ w ແྉυϝΠϯԆͯ͠ͻ͖͖ͭͮແྉ w%/4αʔόఏڙ͍ͯ͠Δ͕ %/4ϨίʔυΛૢ࡞͢Δ"1*ແ͍
ແྉ੩త8FCαΠτ(JU)VC1BHFT
ແྉ%/4αʔό$MPVEqBSF%/4 w%/4Ϩίʔυૢ࡞ʹ"1*͑Δ ͪΖΜ(6*Մ
ແྉ5-4ূ໌ॻ-FU`T&ODSZQU w*43( *OUFSOFU4FDVSJUZ3FTFBSDI(SPVQ ͕ ແྉͰఏڙ͢Δ5-4αʔόূ໌ॻൃߦαʔϏε w"$.& "VUPNBUFE$FSUJpDBUF.BOBHFNFOU&OWJSPONFOU ϓϩτίϧΛ༻͍ͯূ໌ॻൃߦϓϩηεΛࣗಈԽ wυϝΠϯ ݖҖ%/4αʔό্ͷ%/4Ϩίʔυ
ͷཧݖݶͷ ॴ࣋Λ֬ೝ͢Δ͜ͱΛͬͯূ໌ॻൃߦՄೳͱఆ͢Δ ͍ΘΏΔυϝΠϯೝূ w݄͔Β"$.&Wϓϩτίϧͷਖ਼ࣜαϙʔτʹΑΓ ϫΠϧυΧʔυূ໌ॻͷൃߦՄೳʹ wূ໌ॻͷ༗ޮظؒൃߦޙؒ
ແྉ5-4ূ໌ॻ-FU`T&ODSZQU ূ໌ॻͷ༗ޮظؒൃߦޙؒ w தؒূ໌ॻ-FU`T&ODSZQUࣗͷ$"ʹ Ճ͑ͯ*EFO5SVTU$"ʹΑͬͯॺ໊ w ΄ͱΜͲͷ8FCΫϥΠΞϯτ*EFO5SVTU ͷϧʔτ$"ূ໌ॻΛϓϦΠϯετʔϧɹ Ϣʔβ͕ࣗ$"ূ໌ॻΛΠϯετʔϧ ͠ͳͯ͘0,
υϝΠϯऔಘ͔Βূ໌ॻήοτ ·ͰͷྲྀΕ ᶃ 'SFFOPNͰυϝΠϯऔಘ ᶄ (JU)VCʹ੩త8FCαΠτίϯςϯπΛQVTI͠ɺ(JU)VC 1BHFTΛ༗ޮԽ ᶅ $MPVEqBSFͰαΠτొˍ(JU)VC1BHFTͷΧελϜυϝ Πϯ༻%/4Ϩίʔυొ
ᶆ 'SFFOPNͰݖҖ%/4αʔόΛ$MPVEqBSF%/4ʹΓସ͑ ᶇ -FU`T&ODSZQUͰ$MPVEqBSF%/4ΛͬͯϫΠϧυΧʔυ ূ໌ॻήοτ
(JU)VC1BHFT
ΧελϜυϝΠϯͰ (JU)VC1BHFTΛ͓͏ͱ͢Δͱ
υϝΠϯऔಘ͔Βূ໌ॻήοτ ·ͰͷྲྀΕ ᶃ 'SFFOPNͰυϝΠϯऔಘ ᶄ (JU)VCʹ੩త8FCαΠτίϯςϯπΛQVTI͠ɺ(JU)VC 1BHFTΛ༗ޮԽ ᶅ $MPVEqBSFͰαΠτొˍ(JU)VC1BHFTͷΧελϜυϝ Πϯ༻%/4Ϩίʔυొ
ᶆ 'SFFOPNͰݖҖ%/4αʔόΛ$MPVEqBSF%/4ʹΓସ͑ ᶇ -FU`T&ODSZQUͰ$MPVEqBSF%/4ΛͬͯϫΠϧυΧʔυ ূ໌ॻήοτ
$MPVEqBSFͰαΠτొ
(JU)VC1BHFTͷ ΧελϜυϝΠϯ༻%/4Ϩίʔυొ w ͱ Ѽͷ %/4"ϨίʔυΛೖ w ͍ͣΕ$MPVEqBSF$%/Λ ௨ͯ͠ΞΫηε ˞ҙ
υϝΠϯऔಘ͔Βূ໌ॻήοτ ·ͰͷྲྀΕ ᶃ 'SFFOPNͰυϝΠϯऔಘ ᶄ (JU)VCʹ੩త8FCαΠτίϯςϯπΛQVTI͠ɺ(JU)VC 1BHFTΛ༗ޮԽ ᶅ $MPVEqBSFͰαΠτొˍ(JU)VC1BHFTͷΧελϜυϝ Πϯ༻%/4Ϩίʔυొ
ᶆ 'SFFOPNͰݖҖ%/4αʔόΛ$MPVEqBSF%/4ʹΓସ͑ ᶇ -FU`T&ODSZQUͰ$MPVEqBSF%/4ΛͬͯϫΠϧυΧʔυ ূ໌ॻήοτ
$MPVEqBSFΛ ݖҖ%/4αʔόʹ͢Δ
ݖҖ%/4αʔόมߋޭ ˞มߋྃ·ͰԿ͔ͱ͏ʂ
υϝΠϯऔಘ͔Βূ໌ॻήοτ ·ͰͷྲྀΕ ᶃ 'SFFOPNͰυϝΠϯऔಘ ᶄ (JU)VCʹ੩త8FCαΠτίϯςϯπΛQVTI͠ɺ(JU)VC 1BHFTΛ༗ޮԽ ᶅ $MPVEqBSFͰαΠτొˍ(JU)VC1BHFTͷΧελϜυϝ Πϯ༻%/4Ϩίʔυొ
ᶆ 'SFFOPNͰݖҖ%/4αʔόΛ$MPVEqBSF%/4ʹΓସ͑ ᶇ -FU`T&ODSZQUͰ$MPVEqBSF%/4ΛͬͯϫΠϧυΧʔυ ূ໌ॻήοτ
-FU`T&ODSZQU͔Βূ໌ॻΛ ήοτ͢Δํ๏ w"$.&WΫϥΠΞϯτΛࣗͰಈ͔͢ wͳΜ͔উखʹͬͯ͘ΕΔ wϓϩμΫτʹΈࠐ·Ε͍ͯΔ ࠓճίϨ
"$.&WΫϥΠΞϯτ https://letsencrypt.org/docs/client-options/ ࠓճBDNFTIΛ༻ wCBTIεΫϦϓτϕʔε wBMQJOFϕʔεͷ%PDLFSpMF͕ ͍͍ͭͯΔ w$MPVEqBSF%/4ͷ"1*ʹରԠ https://github.com/Neilpang/acme.sh
$MPVEqBSF"1*Ωʔ
BDNFTIͷ͍ํ ৽نൃߦ $ git clone https://github.com/Neilpang/acme.sh $ cd acme.sh
$ docker build -t acme.sh . $ cd .. $ docker run -t --rm \ -e CF_Email='hoge@hoge.com' \ -e CF_Key=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX \ -v $PWD:/acme.sh acme.sh \ --issue --dns dns_cf \ -d hogehoge.cf -d '*.hogehoge.cf' దͳ%PDLFSϗετʹ࡞ۀ༻σΟϨΫτϦΛ۷ͬͯɺ ͓ΉΖʹҎԼΛ࣮ߦ $MPVEqBSF"1*Ωʔ $MPVEqBSFΞΧϯτ*% ొϝΞυ ϫΠϧυΧʔυΛࢦఆ
ੜ͞ΕΔϑΝΠϧ $ tree . ├── account.conf ├── acme.sh │ ├──
acme.sh │ ʲதུʳ ├── ca │ └── acme-v02.api.letsencrypt.org │ ├── account.json │ ├── account.key │ └── ca.conf └── hogehoge.cf ├── ca.cer ├── hogehoge.cf.cer ├── hogehoge.cf.conf ├── hogehoge.cf.csr ├── hogehoge.cf.csr.conf ├── hogehoge.cf.key └── fullchain.cer ൿີݤϑΝΠϧ ূ໌ॻνΣΠϯϑΝΠϧ ূ໌ॻϑΝΠϧ
BDNFTIͷ͍ํ ߋ৽࠶ൃߦɾࢀরɾআ $ docker run -t --rm -v $PWD:/acme.sh
\ acme.sh --renew-all $ docker run -t --rm -v $PWD:/acme.sh \ acme.sh --list $ docker run -t --rm -v $PWD:/acme.sh \ acme.sh --remove -d hogehoge.cf ʲࢀরʳ ʲߋ৽࠶ൃߦʳ˞༗ޮظؒΓΛͬͨͷͷΈ"$.&࠶࣮ߦ ʲআʳ
ʲ2ʳ αϒυϝΠϯͰ͍͚Δͷʁ $ docker run -t --rm \ -e CF_Email='hoge@hoge.com'
\ -e CF_Key=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX \ -v $PWD:/acme.sh acme.sh \ --issue --dns dns_cf \ -d sub.hogehoge.cf -d '*.sub.hogehoge.cf' ʲ"ʳ͑͑ɺ͍͚·͢ ˞ূ໌ॻΛ࣮ࡍʹ͏ͱ͖ɺαϒυϝΠϯͷ%/4ϨίʔυొͳͲ͓Εͳ͘
෭࢈ w(JU)VCͰͪΌΜͱόʔδϣϯཧ͞Εɺ $%/ͬͨɺܹͳ੩త8FCαΠτ wΠϯτϥωοτͰ͏υϝΠϯͰ ࣗಈߋ৽ՄೳͳϫΠϧυΧʔυূ໌ॻ w*OUFSOFUSFBDIBCMFͳ8FCαʔό͕ͳͯ͘ɺ ݖҖ%/4αʔό͑͋͞Εূ໌ॻߋ৽͕Մೳ
͋Γ͕ͱ͏͍͟͝·ͨ͠