Let‘s Encrypt 新規登録

適当にやってたら出来たのでlogを編集して載せときます。多分真似しても出来ない可能性がありますけど、参考にどうぞ。

管理者として実行
C:\win-acme>wacs.exe

A simple Windows ACMEv2 client (WACS)
Software version 2.1.20.1185 (release, trimmed, standalone, 64-bit)
Connecting to https://acme-v02.api.letsencrypt.org/…
Scheduled task not configured yet
Please report issues at https://github.com/win-acme/win-acme

N: Create certificate (default settings)
M: Create certificate (full options)
R: Run renewals (0 currently due)
A: Manage renewals (0 total)
O: More options…
Q: Quit

Please choose from the menu: M

Running in mode: Interactive, Advanced
Source plugin IIS not available: No supported version of IIS detected.

Please specify how the list of domain names that will be included in the
certificate should be determined. If you choose for one of the “all bindings”
options, the list will automatically be updated for future renewals to
reflect the bindings at that time.

1: Read bindings from IIS
2: Manual input
3: CSR created by another program
C: Abort

How shall we determine the domain(s) to include in the certificate?: 2

Description: A host name to get a certificate for. This may be a
comma-separated list.

Host: hogehoge.plala.jp

Source generated using plugin Manual: hogehoge.plala.jp

Friendly name ‘[Manual] hogehoge.plala.jp’. to accept or type desired name:

The ACME server will need to verify that you are the owner of the domain
names that you are requesting the certificate for. This happens both during
initial setup and for every future renewal. There are two main methods of
doing so: answering specific http requests (http-01) or create specific dns
records (dns-01). For wildcard domains the latter is the only option. Various
additional plugins are available from https://github.com/win-acme/win-acme/.

1: [http-01] Save verification files on (network) path
2: [http-01] Serve verification files from memory
3: [http-01] Upload verification files via FTP(S)
4: [http-01] Upload verification files via SSH-FTP
5: [http-01] Upload verification files via WebDav
6: [dns-01] Create verification records manually (auto-renew not possible)
7: [dns-01] Create verification records with acme-dns (https://github.com/joohoi/acme-dns)
8: [dns-01] Create verification records with your own script
9: [tls-alpn-01] Answer TLS verification request from win-acme
C: Abort

How would you like prove ownership for the domain(s)?: 2

After ownership of the domain(s) has been proven, we will create a
Certificate Signing Request (CSR) to obtain the actual certificate. The CSR
determines properties of the certificate like which (type of) key to use. If
you are not sure what to pick here, RSA is the safe default.

1: Elliptic Curve key
2: RSA key
C: Abort

What kind of private key should be used for the certificate?: 2

When we have the certificate, you can store in one or more ways to make it
accessible to your applications. The Windows Certificate Store is the default
location for IIS (unless you are managing a cluster of them).

1: IIS Central Certificate Store (.pfx per host)
2: PEM encoded files (Apache, nginx, etc.)
3: PFX archive
4: Windows Certificate Store
5: No (additional) store steps

How would you like to store the certificate?: 2

Description: .pem files are exported to this folder.

File path: C:\certs\hogehoge.plala.jp

Description: Password to set for the private key .pem file.

1: None
2: Type/paste in console
3: Search in vault

Choose from the menu: 1

1: IIS Central Certificate Store (.pfx per host)
2: PEM encoded files (Apache, nginx, etc.)
3: PFX archive
4: Windows Certificate Store
5: No (additional) store steps

Would you like to store it in another way too?: 2

Description: .pem files are exported to this folder.

File path: C:\certs\hogehoge.plala.jp

Description: Password to set for the private key .pem file.

1: None
2: Type/paste in console
3: Search in vault

Choose from the menu: 1

1: IIS Central Certificate Store (.pfx per host)
2: PEM encoded files (Apache, nginx, etc.)
3: PFX archive
4: Windows Certificate Store
5: No (additional) store steps

Would you like to store it in another way too?: 2

Description: .pem files are exported to this folder.

File path: C:\certs\hogehoge.plala.jp

Description: Password to set for the private key .pem file.

1: None
2: Type/paste in console
3: Search in vault

Choose from the menu: 1

1: IIS Central Certificate Store (.pfx per host)
2: PEM encoded files (Apache, nginx, etc.)
3: PFX archive
4: Windows Certificate Store
5: No (additional) store steps

Would you like to store it in another way too?: 2

Description: .pem files are exported to this folder.

File path: C:\certs\hogehoge.plala.jp

Description: Password to set for the private key .pem file.

1: None
2: Type/paste in console
3: Search in vault

Choose from the menu: 1

1: IIS Central Certificate Store (.pfx per host)
2: PEM encoded files (Apache, nginx, etc.)
3: PFX archive
4: Windows Certificate Store
5: No (additional) store steps

Would you like to store it in another way too?: 2

Description: .pem files are exported to this folder.

File path: C:\certs\hogehoge.plala.jp

Description: Password to set for the private key .pem file.

1: None
2: Type/paste in console
3: Search in vault

Choose from the menu: 1

1: IIS Central Certificate Store (.pfx per host)
2: PEM encoded files (Apache, nginx, etc.)
3: PFX archive
4: Windows Certificate Store
5: No (additional) store steps

Would you like to store it in another way too?: 2

Description: .pem files are exported to this folder.

File path: c:/certs/hogehoge.plala.jp

Description: Password to set for the private key .pem file.

1: None
2: Type/paste in console
3: Search in vault

Choose from the menu: 1

1: IIS Central Certificate Store (.pfx per host)
2: PEM encoded files (Apache, nginx, etc.)
3: PFX archive
4: Windows Certificate Store
5: No (additional) store steps

Would you like to store it in another way too?: 2

Description: .pem files are exported to this folder.

File path: C:\certs\hogehoge.plala.jp

Description: Password to set for the private key .pem file.

1: None
2: Type/paste in console
3: Search in vault

Choose from the menu: 1

1: IIS Central Certificate Store (.pfx per host)
2: PEM encoded files (Apache, nginx, etc.)
3: PFX archive
4: Windows Certificate Store
5: No (additional) store steps

Would you like to store it in another way too?: 5

Installation plugin IIS not available: No supported version of IIS detected.

With the certificate saved to the store(s) of your choice, you may choose one
or more steps to update your applications, e.g. to configure the new
thumbprint, or to update bindings.

1: Create or update bindings in IIS
2: Start external script or program
3: No (additional) installation steps

Which installation step should run first?: 3

Cached order has status invalid, discarding
[hogehoge.plala.jp] Authorizing…
[hogehoge.plala.jp] Authorizing using http-01 validation (SelfHosting)
Unable to activate listener, this may be because of insufficient rights or a non-Microsoft webserver using port 80
An error occured while commiting validation configuration: プロセスはファイルにアクセスできません。別のプロセスが使用中です。
An error occured during post-validation cleanup: Cannot access a disposed object.
Object name: ‘System.Net.HttpListener’.

Create certificate failed, retry? (y/n*) – yes

Cached order has status pending, discarding
[hogehoge.plala.jp] Authorizing…
[hogehoge.plala.jp] Authorizing using http-01 validation (SelfHosting)
Unable to activate listener, this may be because of insufficient rights or a non-Microsoft webserver using port 80
An error occured while commiting validation configuration: プロセスはファイルにアクセスできません。別のプロセスが使用中です。
An error occured during post-validation cleanup: Cannot access a disposed object.
Object name: ‘System.Net.HttpListener’.

Create certificate failed, retry? (y/n*) – no

Create certificate failed: Commit failed
– No certificate generated

N: Create certificate (default settings)
M: Create certificate (full options)
R: Run renewals (0 currently due)
A: Manage renewals (0 total)
O: More options…
Q: Quit

Please choose from the menu: N

Running in mode: Interactive, Simple
Source plugin IIS not available: No supported version of IIS detected.

1: Read bindings from IIS
2: Manual input
3: CSR created by another program
C: Abort

How shall we determine the domain(s) to include in the certificate?: 2

Description: A host name to get a certificate for. This may be a
comma-separated list.

Host: hogehoge.plala.jp

Source generated using plugin Manual: hogehoge.plala.jp
Installation plugin IIS not available: No supported version of IIS detected.

With the certificate saved to the store(s) of your choice, you may choose one
or more steps to update your applications, e.g. to configure the new
thumbprint, or to update bindings.

1: Create or update bindings in IIS
2: Start external script or program
3: No (additional) installation steps

Which installation step should run first?: 3

First chance error calling into ACME server, retrying with new nonce…
Cached order has status pending, discarding
[hogehoge.plala.jp] Authorizing…
[hogehoge.plala.jp] Authorizing using http-01 validation (SelfHosting)
[hogehoge.plala.jp] Authorization result: invalid
[hogehoge.plala.jp] {
“type”: “urn:ietf:params:acme:error:connection”,
“detail”: “Fetching http://hogehoge.plala.jp/.well-known/acme-challenge/-IbbQ35K05MX2IUgG-k2asIvCtxc26ATQy8W7yNJFUA: Timeout during connect (likely firewall problem)”,
“status”: 400
}

Create certificate failed, retry? (y/n*) – yes

Cached order has status pending, discarding
[hogehoge.plala.jp] Authorizing…
[hogehoge.plala.jp] Authorizing using http-01 validation (SelfHosting)
[hogehoge.plala.jp] Authorization result: invalid
[hogehoge.plala.jp] {
“type”: “urn:ietf:params:acme:error:connection”,
“detail”: “Fetching http://hogehoge.plala.jp/.well-known/acme-challenge/-qYxS5-E4p5M1VlqCtgD05l5o4hcBM7fB4Ag9QLOpK0: Timeout during connect (likely firewall problem)”,
“status”: 400
}

Create certificate failed, retry? (y/n*) – yes

Cached order has status invalid, discarding
[hogehoge.plala.jp] Authorizing…
[hogehoge.plala.jp] Authorizing using http-01 validation (SelfHosting)
[hogehoge.plala.jp] Authorization result: invalid
[hogehoge.plala.jp] {
“type”: “urn:ietf:params:acme:error:connection”,
“detail”: “Fetching http://hogehoge.plala.jp/.well-known/acme-challenge/pL6f4iAknAGcaNBhctE6zA8D1LVss29HYQrKmMa2EuA: Timeout during connect (likely firewall problem)”,
“status”: 400
}

Create certificate failed, retry? (y/n*) – yes

First chance error calling into ACME server, retrying with new nonce…
Cached order has status invalid, discarding
[hogehoge.plala.jp] Authorizing…
[hogehoge.plala.jp] Authorizing using http-01 validation (SelfHosting)
[hogehoge.plala.jp] Authorization result: valid
Downloading certificate [Manual] hogehoge.plala.jp
Store with CertificateStore…
Installing certificate in the certificate store
Adding certificate [Manual] hogehoge.plala.jp @ 2022/2/20 19:42:17 to store My
Installing with None…
Adding Task Scheduler entry with the following settings

Name win-acme renew (acme-v02.api.letsencrypt.org)
Path C:\apps\win-acme
Command wacs.exe –renew –baseuri “https://acme-v02.api.letsencrypt.org/”
Start at 09:00:00
Random delay 04:00:00
Time limit 02:00:00
Adding renewal for [Manual] hogehoge.plala.jp
Next renewal scheduled at 2022/4/16 19:42:09
Certificate [Manual] hogehoge.plala.jp created N: Create certificate (default settings)
M: Create certificate (full options)
R: Run renewals (0 currently due)
A: Manage renewals (1 total)
O: More options…
Q: Quit Please choose from the menu: q

C:\win-acme>

幸せに暮らすために

To live happily

コメントを残すコメントをキャンセル

コメントを残す コメントをキャンセル

コメントを残すコメントをキャンセル