{"id":4714,"date":"2018-08-04T23:42:17","date_gmt":"2018-08-04T15:42:17","guid":{"rendered":"https:\/\/blog.hoyo.idv.tw\/?p=4714"},"modified":"2025-09-18T00:12:59","modified_gmt":"2025-09-17T16:12:59","slug":"lets-encrypt-hoyo-idv-tw-%e9%80%9a%e9%85%8d%e7%b6%b2%e5%9f%9f%e8%ad%89%e6%9b%b8","status":"publish","type":"post","link":"https:\/\/blog.hoyo.idv.tw\/?p=4714","title":{"rendered":"Let\u2019s Encrypt - *.hoyo.idv.tw \u901a\u914d\u7db2\u57df\u8b49\u66f8"},"content":{"rendered":"<p>--<\/p>\n<h2>Wildcard \u7db2\u57df DNS \u81ea\u52d5\u5316<\/h2>\n<ul>\n<li>https:\/\/certbot.eff.org\/docs\/using.html#dns-plugins<\/li>\n<li>https:\/\/github.com\/siilike\/certbot-dns-standalone<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>\/etc\/letsencrypt\/renewal\/hoyo.idv.tw.conf<\/p>\n<pre class=\"lang:default decode:true \">version = 3.3.0\r\narchive_dir = \/etc\/letsencrypt\/archive\/hoyo.idv.tw\r\ncert = \/etc\/letsencrypt\/live\/hoyo.idv.tw\/cert.pem\r\nprivkey = \/etc\/letsencrypt\/live\/hoyo.idv.tw\/privkey.pem\r\nchain = \/etc\/letsencrypt\/live\/hoyo.idv.tw\/chain.pem\r\nfullchain = \/etc\/letsencrypt\/live\/hoyo.idv.tw\/fullchain.pem\r\n\r\n# Options used in the renewal process\r\n[renewalparams]\r\naccount = 7c452b545f2eab47bdcedc80af7cb9cb\r\npref_challs = dns-01,\r\nauthenticator = manual\r\nserver = https:\/\/acme-v02.api.letsencrypt.org\/directory\r\nkey_type = ecdsa<\/pre>\n<p>&nbsp;<\/p>\n<p>--<\/p>\n<h2>\u53c3\u8003<\/h2>\n<ul>\n<li><a href=\"https:\/\/medium.com\/@amou.ro\/lets-encrypt-wildcard-certificate-1af42b341fdd\" target=\"_blank\" rel=\"noopener\">Let\u2019s Encrypt Wildcard Certificate<\/a><\/li>\n<li><a href=\"https:\/\/nocilol.me\/archives\/lab\/letsencrypt-wildcard-certificate-support-is-live\/\" target=\"_blank\" rel=\"noopener\">Let's Encrypt\u73b0\u5df2\u6b63\u5f0f\u652f\u6301\u6cdb\u57df\u540d\u8bc1\u4e66<\/a><\/li>\n<\/ul>\n<p>--<\/p>\n<h2>\u53d6\u5f97\u00a0certbot-auto \u53ca\u57f7\u884c<\/h2>\n<pre class=\"lang:default decode:true\"># wget https:\/\/dl.eff.org\/certbot-auto\r\n# chmod a+x .\/certbot-auto<\/pre>\n<p>\u55ae\u4e00\u7db2\u7ad9<\/p>\n<pre class=\"lang:default decode:true \"># certbot certonly --webroot -w \/WEBSite\/www\/WWW\/ -d hoyo.idv.tw<\/pre>\n<p>\u901a\u914d\u7db2\u5740<\/p>\n<pre class=\"lang:default decode:true\"># .\/certbot-auto certonly --manual --preferred-challenges dns -d *.hoyo.idv.tw<\/pre>\n<p>\u57f7\u884c\uff0c\u8a18\u5f97\u7522\u751f\u4e00\u500b\u901a\u914d\u7db2\u57df\u4e00\u500b\u53ea\u6709\u7db2\u57df\u540d\u7a31\u8b49\u66f8\uff0c\u5982\u6b64\u55ae\u7368\u4f7f\u7528\u7db2\u57df\u540d\u7a31\u6642\u624d\u4e0d\u6703 SSL_ERROR_BAD_CERT_DOMAIN \u8b49\u66f8\u554f\u984c<\/p>\n<pre class=\"height-set:true lang:default decode:true\">[root@hoyoserver ~]# .\/certbot-auto certonly --manual --preferred-challenges dns -d *.hoyo.idv.tw -d hoyo.idv.tw\r\nSaving debug log to \/var\/log\/letsencrypt\/letsencrypt.log\r\nPlugins selected: Authenticator manual, Installer None\r\nCert is due for renewal, auto-renewing...\r\nRenewing an existing certificate\r\nPerforming the following challenges:\r\ndns-01 challenge for hoyo.idv.tw\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nNOTE: The IP of this machine will be publicly logged as having requested this\r\ncertificate. If you're running certbot in manual mode on a machine that is not\r\nyour server, please ensure you're okay with that.\r\n\r\nAre you OK with your IP being logged?\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n(Y)es\/(N)o: y\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nPlease deploy a DNS TXT record under the name\r\n_acme-challenge.hoyo.idv.tw with the following value:\r\n\r\n2ezwTObsoUiEdGvpi9t3_UTTwXl3_02MkAzXNUl4MJg\r\n\r\nBefore continuing, verify the record is deployed.\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nPress Enter to Continue\r\nWaiting for verification...\r\nCleaning up challenges\r\n\r\nIMPORTANT NOTES:\r\n - Congratulations! Your certificate and chain have been saved at:\r\n   \/etc\/letsencrypt\/live\/hoyo.idv.tw\/fullchain.pem\r\n   Your key file has been saved at:\r\n   \/etc\/letsencrypt\/live\/hoyo.idv.tw\/privkey.pem\r\n   Your cert will expire on 2019-01-11. To obtain a new or tweaked\r\n   version of this certificate in the future, simply run certbot-auto\r\n   again. To non-interactively renew *all* of your certificates, run\r\n   \"certbot-auto renew\"\r\n - If you like Certbot, please consider supporting our work by:\r\n\r\n   Donating to ISRG \/ Let's Encrypt:   https:\/\/letsencrypt.org\/donate\r\n   Donating to EFF:                    https:\/\/eff.org\/donate-le<\/pre>\n<p>\u7de8\u8f2f DNS<\/p>\n<pre class=\"lang:default decode:true\">vi \/etc\/named\/hoyo.idv.tw.db<\/pre>\n<pre class=\"lang:default decode:true \">_acme-challenge.hoyo.idv.tw. 600 IN TXT \"PR-w7263U8CSYKmH8gbydAWjVhXnS7QZdfHFysF7fCE\"\r\n_acme-challenge.hoyo.idv.tw. 601 IN TXT \"h_FU0vnvtDKAIRx-QCY0JPsQRUqyMp_Qu2iJQDtSEtY\"<\/pre>\n<p>\u91cd\u65b0\u555f\u52d5 DNS<\/p>\n<pre class=\"lang:default decode:true\"># systemctl restart named<\/pre>\n<p>\u9a57\u8b49<\/p>\n<pre class=\"height-set:true lang:default decode:true\">[root@hoyoserver ~]# dig _acme-challenge.hoyo.idv.tw txt\r\n\r\n; &lt;&lt;&gt;&gt; DiG 9.9.4-RedHat-9.9.4-61.el7 &lt;&lt;&gt;&gt; _acme-challenge.hoyo.idv.tw txt\r\n;; global options: +cmd\r\n;; Got answer:\r\n;; -&gt;&gt;HEADER&lt;&lt;- opcode: QUERY, status: NOERROR, id: 16167\r\n;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1\r\n\r\n;; OPT PSEUDOSECTION:\r\n; EDNS: version: 0, flags:; udp: 512\r\n;; QUESTION SECTION:\r\n;_acme-challenge.hoyo.idv.tw.   IN      TXT\r\n\r\n;; ANSWER SECTION:\r\n_acme-challenge.hoyo.idv.tw. 599 IN     TXT     \"2ezwTObsoUiEdGvpi9t3_UTTwXl3_02MkAzXNUl4MJg\"\r\n\r\n;; Query time: 54 msec\r\n;; SERVER: 8.8.8.8#53(8.8.8.8)\r\n;; WHEN: \u65e5 10\u6708 14 00:03:23 CST 2018\r\n;; MSG SIZE  rcvd: 112<\/pre>\n<p>Enter \u7e7c\u7e8c\u57f7\u884c\uff0c\u6c92\u554f\u984c\u51fa\u73fe\u4ee5\u4e0b\u756b\u9762\u5c31\u4ee3\u8868\u8b49\u66f8\u5efa\u7acb\u5b8c\u6210<\/p>\n<pre class=\"lang:default decode:true\">IMPORTANT NOTES:\r\n - Congratulations! Your certificate and chain have been saved at:\r\n   \/etc\/letsencrypt\/live\/hoyo.idv.tw\/fullchain.pem\r\n   Your key file has been saved at:\r\n   \/etc\/letsencrypt\/live\/hoyo.idv.tw\/privkey.pem\r\n   Your cert will expire on 2018-08-28. To obtain a new or tweaked\r\n   version of this certificate in the future, simply run certbot-auto\r\n   again. To non-interactively renew *all* of your certificates, run\r\n   \"certbot-auto renew\"\r\n - If you like Certbot, please consider supporting our work by:\r\n\r\n   Donating to ISRG \/ Let's Encrypt:   https:\/\/letsencrypt.org\/donate\r\n   Donating to EFF:                    https:\/\/eff.org\/donate-le<\/pre>\n<p>--<\/p>\n<h2>\u901a\u914d\u7db2\u57df\u4f7f\u7528 DNS \u8a8d\u8b49<\/h2>\n<pre class=\"lang:default decode:true\"># .\/certbot-auto certonly --manual --preferred-challenges dns -d *.hoyo.idv.tw -d hoyo.idv.tw<\/pre>\n<p>--<\/p>\n<h2>\u7db2\u9801\u8a8d\u8b49<\/h2>\n<p>\u4e0d\u904e\u8a8d\u8b49\u4e4b\u524d\u5fc5\u9808\u6ce8\u610f\u8981\u628a\u7db2\u5740 Rewrite \u95dc\u9589\uff0c\u4f8b\u5982 http \u8f49 https\uff0c\u5426\u5247\u6703\u5931\u6557<\/p>\n<p>--<\/p>\n<h2>Online dig<\/h2>\n<ul>\n<li><a href=\"https:\/\/toolbox.googleapps.com\/apps\/dig\/\" target=\"_blank\" rel=\"noopener\">G Suite \u5de5\u5177\u7bb1 Dig<\/a><\/li>\n<\/ul>\n<p>--<\/p>\n<p><img loading=\"lazy\" class=\"alignnone size-full wp-image-4716\" src=\"https:\/\/blog.hoyo.idv.tw\/wp-content\/uploads\/2018\/05\/Image-224.png\" alt=\"\" width=\"419\" height=\"486\" srcset=\"https:\/\/blog.hoyo.idv.tw\/wp-content\/uploads\/2018\/05\/Image-224.png 419w, https:\/\/blog.hoyo.idv.tw\/wp-content\/uploads\/2018\/05\/Image-224-259x300.png 259w\" sizes=\"(max-width: 419px) 100vw, 419px\" \/><\/p>\n<p>--<\/p>\n<h2>\u81ea\u52d5\u66f4\u65b0\u8b49\u66f8<\/h2>\n<ul>\n<li><a href=\"https:\/\/wangye.org\/blog\/archives\/1116\/\" target=\"_blank\" rel=\"noopener\">BIND9 DNS Challenge\u81ea\u52a8\u914d\u7f6eLetsencrypt\u901a\u914d\u7b26(Wildcard)HTTPS\u8bc1\u4e66<\/a><\/li>\n<li><a href=\"https:\/\/hacpai.com\/article\/1531709298417\" target=\"_blank\" rel=\"nofollow noopener\"> Let's Encrypt \u8bc1\u4e66\u751f\u6210\uff0ccertbot-auto \u751f\u6210 ssl \u901a\u7528\u8bc1\u4e66 \u914d\u7f6e https \u81ea\u52a8\u7eed\u671f <\/a><\/li>\n<li><a href=\"https:\/\/github.com\/certbot\/certbot\" target=\"_blank\" rel=\"noopener\" data-pjax=\"#js-repo-pjax-container\">certbot<\/a><\/li>\n<\/ul>\n<p><span style=\"color: #d94136;\">-\u76ee\u524d\u624b\u52d5\u66f4\u65b0\u4e2d-<\/span><\/p>\n<p>--<\/p>\n<h2>\u5176\u4ed6\u6ce8\u610f\u4e8b\u9805<\/h2>\n<ul>\n<li>\u5931\u6557\u7684\u6307\u4ee4\u4e5f\u6703\u7b97\u5728\u00a0<a href=\"https:\/\/letsencrypt.org\/docs\/rate-limits\/\" target=\"_blank\" rel=\"noopener\">Rate Limits<\/a><\/li>\n<li>SSL_ERROR_BAD_CERT_DOMAIN : hoyo.idv.tw <span style=\"color: #d94136;\"><strong>\u4e0d<\/strong><\/span>\u7b49\u65bc *.hoyo.idv.tw \uff0c\u5fc5\u9808\u4f7f\u7528 hoyo.idv.tw \u8b49\u66f8\u6216\u662f\u5c07 hoyo.idv.tw \u8f49\u5230 www.hoyo.idv.tw \u624d\u80fd\u5957\u7528\u901a\u914d\u7db2\u57df\u8b49\u66f8<\/li>\n<\/ul>\n<p>--<\/p>\n<h2>\u91cd\u65b0\u8a02\u95b1<\/h2>\n<p>\u842c\u4e00\u4e0d\u5c0f\u5fc3\u53d6\u6d88\u8a02\u95b1\uff0c\u5982\u679c\u662f Gmail \u53ef\u4ee5\u5728\u5e33\u865f\u5f8c\u9762 +1 \u4f86\u91cd\u65b0\u8a02\u95b1\uff0c\u5176\u4ed6 Mail Server \u672a\u6e2c\u8a66<\/p>\n<pre class=\"lang:default decode:true\">certbot update_account --email yourname+1@gmail.com<\/pre>\n<p>--<\/p>\n<div class=\"pvc_clear\"><\/div>\n<p class=\"pvc_stats all \" data-element-id=\"4714\" style=\"\"><i class=\"pvc-stats-icon medium\" aria-hidden=\"true\"><svg aria-hidden=\"true\" focusable=\"false\" data-prefix=\"far\" data-icon=\"chart-bar\" role=\"img\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewBox=\"0 0 512 512\" class=\"svg-inline--fa fa-chart-bar fa-w-16 fa-2x\"><path fill=\"currentColor\" d=\"M396.8 352h22.4c6.4 0 12.8-6.4 12.8-12.8V108.8c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v230.4c0 6.4 6.4 12.8 12.8 12.8zm-192 0h22.4c6.4 0 12.8-6.4 12.8-12.8V140.8c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v198.4c0 6.4 6.4 12.8 12.8 12.8zm96 0h22.4c6.4 0 12.8-6.4 12.8-12.8V204.8c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v134.4c0 6.4 6.4 12.8 12.8 12.8zM496 400H48V80c0-8.84-7.16-16-16-16H16C7.16 64 0 71.16 0 80v336c0 17.67 14.33 32 32 32h464c8.84 0 16-7.16 16-16v-16c0-8.84-7.16-16-16-16zm-387.2-48h22.4c6.4 0 12.8-6.4 12.8-12.8v-70.4c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v70.4c0 6.4 6.4 12.8 12.8 12.8z\" class=\"\"><\/path><\/svg><\/i> &nbsp;6,480&nbsp;total views<\/p>\n<div class=\"pvc_clear\"><\/div>\n","protected":false},"excerpt":{"rendered":"<p>-- Wildcard \u7db2\u57df ...<\/p>\n<div class=\"pvc_clear\"><\/div>\n<p class=\"pvc_stats all \" data-element-id=\"4714\" style=\"\"><i class=\"pvc-stats-icon medium\" aria-hidden=\"true\"><svg aria-hidden=\"true\" focusable=\"false\" data-prefix=\"far\" data-icon=\"chart-bar\" role=\"img\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewBox=\"0 0 512 512\" class=\"svg-inline--fa fa-chart-bar fa-w-16 fa-2x\"><path fill=\"currentColor\" d=\"M396.8 352h22.4c6.4 0 12.8-6.4 12.8-12.8V108.8c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v230.4c0 6.4 6.4 12.8 12.8 12.8zm-192 0h22.4c6.4 0 12.8-6.4 12.8-12.8V140.8c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v198.4c0 6.4 6.4 12.8 12.8 12.8zm96 0h22.4c6.4 0 12.8-6.4 12.8-12.8V204.8c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v134.4c0 6.4 6.4 12.8 12.8 12.8zM496 400H48V80c0-8.84-7.16-16-16-16H16C7.16 64 0 71.16 0 80v336c0 17.67 14.33 32 32 32h464c8.84 0 16-7.16 16-16v-16c0-8.84-7.16-16-16-16zm-387.2-48h22.4c6.4 0 12.8-6.4 12.8-12.8v-70.4c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v70.4c0 6.4 6.4 12.8 12.8 12.8z\" class=\"\"><\/path><\/svg><\/i> &nbsp;6,480&nbsp;total views<\/p>\n<div class=\"pvc_clear\"><\/div>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[287],"tags":[304,305],"_links":{"self":[{"href":"https:\/\/blog.hoyo.idv.tw\/index.php?rest_route=\/wp\/v2\/posts\/4714"}],"collection":[{"href":"https:\/\/blog.hoyo.idv.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.hoyo.idv.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.hoyo.idv.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.hoyo.idv.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4714"}],"version-history":[{"count":39,"href":"https:\/\/blog.hoyo.idv.tw\/index.php?rest_route=\/wp\/v2\/posts\/4714\/revisions"}],"predecessor-version":[{"id":14383,"href":"https:\/\/blog.hoyo.idv.tw\/index.php?rest_route=\/wp\/v2\/posts\/4714\/revisions\/14383"}],"wp:attachment":[{"href":"https:\/\/blog.hoyo.idv.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4714"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.hoyo.idv.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4714"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.hoyo.idv.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4714"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}