ZeroSSL
ç¡æçºè¡ã§ãã SSL ãµãŒã蚌ææž ZeroSSLïŒãŒããšã¹ãšã¹ãšã«ïŒã«ã€ããŠãŸãšããŠããŸãã
ZeroSSL 㯠Let’s Encrypt ãç¡æçºè¡ã§ãã Web ãµã€ãã®äžã€ã§ãããã
ç¬èªã® CAïŒèšŒææžçºè¡å±ïŒã«ãªããŸããã2020幎5æã«ãªãªãŒã¹ãåºããŠããŸãã
äžé蚌ææžã®äžå±€ã¯ Sectigo ã«ãªã£ãŠããŸãã
Sectigo 㯠Comodo ãã SSL ãµãŒã蚌ææžã®ãã©ã³ããå€æŽããŠããŠã
çŸåšææã®ãµãŒã蚌ææžãšããŠæ¯æãããŠããŸãã
ð Caddy ã ZeroSSL ã®èšŒææžçºè¡ã«å¯Ÿå¿ããŠããŸãã
ACME ã䜿çšããå Žå㯠Web ãµã€ãã§ã®çºè¡æ°å¶éãçºçããŸããã
Let’s Encrypt ãšã¬ãŒãå¶éãç°ãªããLet’s Encrypt ã®æ¡çšãé£ããå Žåã
ZeroSSL ãçšããŠã® SSL åãå®çŸã§ããããã«ãªããŸããã
Caddy 2.3 ãã Let’s Encrypt ã®çºè¡ã«å€±æããå Žåã
ZeroSSL ã§ã®çºè¡ãè©Šã¿ãããã«ãªããŸããã
ZeroSSL ãåªå
çã«çºè¡ãã䜿çšããäºãã§ããŸãã
éå¶è
ã«ãã ZeroSSL ãçšãããµã³ãã«ããŒãžãå
¬éããŠããŸãã
ãã©ãŠã¶ã®æ©èœãçšã㊠ZeroSSL ã䜿çšãããŠããäºã確èªã§ããŸãã
ç®æ¬¡
å ¬åŒãµã€ã
- Â ZeroSSL
- Â status.zerossl.com
- Â GitHub zerossl
- Â Twitter @zerosslHQ
2020幎9æçŸåšãFacebook ããŒãžãååšããŸãããæçš¿ããããŸããã
ZeroSSL ãæ¡çšããŠããé¢é£ãµã€ã
Let’s Encrypt ãç¡æçºè¡ã§ãã Web ãµã€ãã®äžã€ã§ãããã
2020幎5æãã ZeroSSL ãžåãæ¿ããŸããã
ãããããŒãžã¯åŸæ¥ãšäžç·ã§ãããã¢ã«ãŠã³ã㯠ZeroSSL å
±éã§ã
çºè¡ãã®ãã®ã¯ ZeroSSL ãšåã Web ã·ã¹ãã ã§é²è¡ããŸãã
ZeroSSL ã®ç¡æç¯å²
Web äžããçºè¡ããå Žåã1 ã¢ã«ãŠã³ãïŒã¡ãŒã«ã¢ãã¬ã¹ïŒã§
ç¡æçºè¡ã§ãã蚌ææžã¯ 90 æ¥æéã®èšŒææž 3 ã€ãŸã§ãšãªããŸãã
SSL For Free ã¯ã·ã¹ãã å
±éãªã®ã§ã2 ãµã€ãå
±é㧠3 ã€ãŸã§ãã
ä»ã® Web ãµã€ããåãã·ã¹ãã ãæ¡çšããŠããå Žåãå
±éã«ãªããšèŠãããŸãã
2020幎9æçŸåšã ãã®æéã¯æŽæ°æã«ãã«ãŠã³ãã®å¯Ÿè±¡ã§ãã
ãããã£ãŠãWeb äžã§ã®èšŒææžçºè¡ã»æŽæ°ã¯ç¡æã§ã¯ãŸãšãã«äœ¿çšã§ããã
å®è³ªææã§äœ¿çšããäºããããŸãã
ACME ãçšããå Žåã¯ãã®å¶éããããŸããã
90 æ¥èšŒææžãç¡å¶éã§çºè¡ã»æŽæ°ããäºãã§ããŸãã
å
¬åŒããã¥ã¡ã³ãã«èšèŒããããŸããããAPI ãç¡å¶éã®å¯Ÿè±¡ãšãªãå¯èœæ§ããããŸãã
ãã®ãããå°ãªããŠã ACME ãçšããèªåçºè¡ã»æŽæ°ã¯
ZeroSSL ãç¡æ䜿çšããããã®å¿
é æ¡ä»¶ãšãªããŸãã
Web çºè¡ã»æŽæ°æé
SSL ãµãŒã蚌ææžã®çºè¡ãšè±èªãµã€ãã«æ
£ããŠããã®ã§ããã°ã
åé¡ãªãé²ããããã§ããããSSL for Free ãæé ã¯äžç·ã§ãã
- Web ãµã€ãã®ãããããŒãžãã蚌ææžãçºè¡ããããã¡ã€ã³åãå
¥åããŸãã
www ãªã©ããµããã¡ã€ã³ãããå Žåã¯ãæ確ã«ãããå«ããŠäžããã - ã¢ã«ãŠã³ããç»é²ããŸããã¡ãŒã«ã¢ãã¬ã¹ãšãã¹ã¯ãŒããå
¥åããŸãã
ãã§ã«çæããŠããå Žåã¯ãããçšããŠãã°ã€ã³ããŸãã - New Cerificate ç»é¢ã«ãªããŸãã
å ¥åããŠãããã¡ã€ã³åãå ¥ã£ãŠããã®ã確èªããNext Step ã§é²ããŸãã - 蚌ææžã®æéãéžæããŸããç¡æ察象㯠90-Daay Certificate ã§ãã
- CSR & Contact ãšãªããŸããã蚌ææžã«çºè¡è
ãæèšããå¿
èŠããªããã°
Auto-Generate CSR ãæå¹ã«ããç¶æ ã§ããŸããŸãããæå¹ãããã©ã«ãã§ãã - ãã©ã³ã®éžæã§ããFree ã«ãªã£ãŠããäºã確èªããŸãã
- ãã¡ã€ã³ã®èªèšŒã«ãªããŸãã次ãéžæã§ããŸãã ãã¡ã€ã³èªèšŒ
- ã¡ãŒã«ã¢ãã¬ã¹ãç¹å®å@ãã¡ã€ã³å ã«èªèšŒã¡ãŒã«ãéãããŸãã
- ããŒã ãµãŒããCNAME ãŸãŒã³ãèšå®ããŸãã
- HTTP ãã¡ã€ã«ã¢ããããŒããããã¹ããã¡ã€ã«ãããŠã³ããŒããããµãŒããžå ¥ããŸãã
- ç¡äºã«èªèšŒã§ãããšãããã«èšŒææžãçºè¡ãããŸãã
.zip ãã¡ã€ã«ã§ããŠã³ããŒãã§ããŸãã
ãã¡ã€ã³èªèšŒ
ZeroSSL ã§ã¯æ¬¡ã®ããããã§ãã¡ã€ã³èªèšŒãè¡ããŸãã
ãã¡ã€ã³æ
å ± WHOIS ã¯åç
§ã»äœ¿çšããŠããªãããã
WHOIS ãã©ã€ãã·ãŒïŒå矩代è¡ïŒã解é€ããå¿
èŠã¯ãããŸããã
ã¡ãŒã«ã¢ãã¬ã¹
ã¡ãŒã«ã¢ãã¬ã¹ã«ããèªèšŒã¯ææã®ãã¡ã€ã³èªèšŒãè¡ã SSL ãµãŒã蚌ææžã§ã¯
ããªãã¿ã®èªèšŒæ¹æ³ã§ããLet’s Encrypt ã¯ãã®èªèšŒæ¹æ³ãæäŸããŠããŸããã
次ã®ã¡ãŒã«ã¢ãã¬ã¹ããéžæã§ããŸãã
admin@ãã¡ã€ã³å
administrator@ãã¡ã€ã³å
hostmaster@ãã¡ã€ã³å
postmaster@ãã¡ã€ã³å
webmaster@ãã¡ã€ã³å
ãµããã¡ã€ã³ã§ç³è«ããŠããå Žåããµããã¡ã€ã³ãšãã¡ã€ã³ã§éžæã§ããŸãã
éžæããã¡ãŒã«ã¢ãã¬ã¹ã«èªèšŒã¡ãŒã«ãéãããŸãã
å±ããèªèšŒã¡ãŒã«ã«ã¯ Verification Key ãèšèŒãããŠããŸãã
ãã®æååã Web ãµã€ããžå
¥åããŠäžããã
ããŒã ãµãŒã
CNAME ãŸãŒã³ã§æå®ããŸããç»é¢ã«è¡šç€ºãããŸãã
- Name ç³è«ãããã¡ã€ã³åã«ãµããã¡ã€ã³ãä»å ãããŠããŸãã
ä»å ãããŠãããµããã¡ã€ã³ã§ã¬ã³ãŒããè¿œå ããäºã«ãªããŸãã - Point To å€ãšããŠæå®ããŸãã
ãââââ.comodoca.comããšè¡šç€ºãããŠããŸããããªãé·ãå€ã§ãã - TTL ã3600 (ãŸã㯠ããå°ãã)ããšãããŸãã
æ°èŠè¿œå ã«ãªãã®ã§ãç¹ã«åœ±é¿ã¯ãããŸããã
ã¬ã³ãŒãã®è¿œå ãè¡ã£ãåŸãWeb ãµã€ããžæ»ã£ãŠé²ããŠäžããã
ããŒã ãµãŒãã«ãã£ãŠç¢ºèªã§ããã®ã«æéãèŠãããããããŸããã
HTTP ãã¡ã€ã«ã¢ããããŒã
.txt ãã¡ã€ã«ãããŠã³ããŒããããã¡ã€ã³å/.well-known/pki-validation/
å
ã«ã¢ããããŒããhttp://ãã¡ã€ã³å/.well-known/pki-validation/âââ.txt
ã§åç
§ã§ããç¶æ
ã«ããŸãã
Apache 㧠.htaccess
ãçšããŠããå Žåãªã©ãã¢ããããŒãå
ã«ã泚æäžããã
REST API
 Documentation - REST API | ZeroSSL
ææã¢ã«ãŠã³ãã§æäŸããããã«èšèŒããããŸããã
éå¶è
ã確èªãããšãããç¡æã¢ã«ãŠã³ãã§ã API ã¢ã¯ã»ã¹ãã§ããŠããŸãã
ãããã API ãçšããŠç¡å¶éã«èšŒææžãçºè¡ããäºãèæ
®ããŠããããã§ãããã
ãµãŒãããŒãã£ãŒã§ã®å¯Ÿå¿
 Documentation - ACME | ZeroSSL
ACME ã«ããçºè¡ãè¡ãã¢ããªã»ãµãŒãã¹ã§ã
ACME CA ãšã³ããã€ã³ããèšå®ã»å€æŽã§ããå Žåã¯
ZeroSSL ã§ã®çºè¡ã容æã«å¯èœã«ãªããŸãã
2020幎7æ ACME ã®ããã¥ã¡ã³ããå
¬éãããŸããã
ããã«ããããµãŒãããŒãã£ãŒã§ã® ZeroSSL èªåçºè¡ã»æŽæ°ãå¯èœã«ãªã£ãŠããŸãã
ACME ãçšããå Žåã90 æ¥èšŒææžã®çºè¡ã»æŽæ°ã¯ç¡å¶éã«ãªããŸãã
acme.sh
 acmesh-official/acme.sh | GitHub
ã·ã§ã«ã¹ã¯ãªããã§èšŒææžã®çºè¡ãã§ããäžã€ã§ãã
 Change default CA to ZeroSSL | GitHub acmesh-official/acme.sh Wiki
2021幎8æã®çºè¡ããããã©ã«ãã§ã®çºè¡ã ZeroSSL ã«ãªããŸãã
ããã¯æŽæ°ã察象ã§ãããªãã·ã§ã³ã®èšå®ã§å€æŽãã§ããŸãã
ä»ã®ã¡ãªãããšããŠã¯ root ãå¿
èŠãšããããŠãŒã¶ãŒã¬ãã«ã§çºè¡ã»æŽæ°ã§ããŸãã
Caddy v2
 Using ZeroSSL’s ACME endpoint | Caddy Forum
ð Caddy | ãµãããð FU-SEN
å
ã
Caddy 2 ã§ã¯ ACME ãšã³ããã€ã³ããš API ããŒãçšããŠäœ¿çšã§ããŸãããã
Caddy 2.2 ãã API ããŒã®ä»£ããã« EABïŒããŒIDã»Mac ããŒïŒã«å¯Ÿå¿ããŠããŸãã
ããã«ãã ZeroSSL 蚌ææžã Caddy ã§å®¹æã«äœ¿çšã§ããããã«ãªããŸããã
API ããŒããã³ EAB 㯠ZeroSSL Web ãµã€ããããã°ã€ã³ããæã® Developer ããŒãžãã
API ããŒã®ç¢ºèªã»ãªã»ããããã³ EAB IDã»Mac ããŒã®çºè¡ãè¡ããŸãã
Caddy 2.3 ããã Let’s Encrypt ã®çºè¡ã«å€±æããå Žåã¯ã
ZeroSSL ã®çºè¡ãè©Šã¿ãããã«ãªããŸããã
 Caddy was posted on the ZeroSSL website | Caddy Forum
ZeroSSL ã®å¯Ÿå¿ã¯åœåããŒãžéå¶è ããã©ãŒã©ã ã«æçš¿ããŠããã®ããã£ããã§ããã
CapRover
ãµãŒãã€ã³ã¹ããŒã«åã® PaaS ã§ãã CapRover ã¯ã
ç°¡åã«ã¢ããªã§ HTTPS ãæå¹ã«ã§ããŸãã
 Using ZeroSSL with CapRover #1515 | GitHub caprover/caprover Discussions
é垞㯠Let’s Encrypt ãçºè¡ããŸããã
éå¶è
ã代ããã« ZeroSSL ãçºè¡ããäºã«æåããŠããŸãã
zerossl-bot
 zerossl/zerossl-bot | GitHub
å
ŒΌ
¬éæ段ã Certbot ãã ZeroSSL ACME ãµãŒããž
èšå®ãäžæžãå€æŽããŠããã¹ã¯ãªããã§ãã
Q&A
Let’s Encrypt ãã ZeroSSL ãžåãæ¿ããã¡ãªããã¯ïŒ
ZeroSSL 㯠Web ãµã€ãã§ã®å Žåã
ç¡æã§çºè¡ã§ããå¶é㯠90 æ¥æéã®èšŒææž 3 ã€ãŸã§ããšãªã£ãŠããŸãã
ããããå€ãã®èšŒææžãèŠããå Žåã 1 幎æéã®èšŒææžã¯æåã§ãã
Let’s Encrypt 㯠90 æ¥æéã®èšŒææžã®ã¿ã§ãããçºè¡æ°å¶éã¯ãããã§ãã
ãã«ããã¡ã€ã³èšŒææžãã¯ã€ã«ãã«ãŒã蚌ææžãç¡æã§çºè¡ã§ããŸãã
ãã§ã«å€ãã®ã¢ããªããµãŒããWeb ãµãŒãã¹ã§æ¡çšãããŠããå®çžŸãããã
Let’s Encrypt ã®äœ¿çšã«æºè¶³ããŠããã°ãZeroSSL ã®ç§»è¡ã¯æ€èšããªãã§ãããã
äžæ¹ Public Suffix List ã«ç»é²ãããŠããªãäžç¹å®å€æ°ã䜿çšãããµããã¡ã€ã³ã§ã
Let’s Encrypt ã䜿çšãããšã¬ãŒãå¶éã§çºè¡ã»æŽæ°ã§äžå
·åãçºçããå Žåã
代ããã« ZeroSSL ãéžæããã¡ãªããããããŸãã
ã¬ãŒãå¶éã¯ãããŸããïŒ
ZeroSSL ã§ã¯çŸåšã®ãšããã¬ãŒãå¶éãèšããŠããªãããã§ãã
ãã®ä»£ããã Web äžãã㯠1 ã€ã®ã¢ã«ãŠã³ãïŒã¡ãŒã«ã¢ãã¬ã¹ïŒã§
90 æ¥èšŒææžã 3 ã€ãŸã§ç¡æãšããå¶éãšãªããŸãã
ACME ãçšããçºè¡ã»æŽæ°ã§ã¯ãã®å¶éããªã䜿çšã§ããã®ã§ã
ZeroSSL ãç¡æã§ãŸãšãã«äœ¿çšããã®ã¯å¿
é æ¡ä»¶ãšãªããŸãã
ãªããACME ã§çºè¡ããã蚌ææžã 100 ãè¶
ãããšã
Web äžã§ã¯æ¬¡ã®ã¡ãã»ãŒãžã衚瀺ããã蚌ææžã®äžèŠ§ãåç
§ã§ããªããªããŸãã
ãã ããã¡ãã»ãŒãžã«ãããšããã
ãã®å¶éã¯ããã·ã¥ããŒãïŒWeb ã§ã®è¡šç€ºïŒã API ã§ã®å¶éãšãªãã
ACME ã§ã®çºè¡ã¯ 100 ãè¶
ããŠãçºè¡ãå¯èœã§ããäºã確èªããŠããŸãã
ACME ãçšããçºè¡ã§ããã°ãå¶éãªãç¡æã§äœ¿çšãç¶ããããããšããäºã«ãªããŸãã
蚌ææžçºè¡ãã¿ã€ã ã¢ãŠãã§å€±æããŸãã
ããŒãžéå¶è
ã®çµéšäžãLet’s Encrypt ã«æ¯ã¹ãŠèšŒææžçºè¡ã«æéãèŠããŸãã
ãã®ããã蚌ææžçºè¡ã®åŸ
ã¡æéãçãç°å¢ã§ã¯
ã¿ã€ã ã¢ãŠãã§å€±æããç¶æ
ã«ãªãå ŽåããããŸãã
ããã§ãçºè¡æç¶ããé²è¡ããŠããŠã蚌ææžãçºè¡ãããŠããäºããããŸãã®ã§ã
Web äžã§ã®çºè¡ã§ããã°ã1ïœ2 åçµéåŸã«èšŒææžã®ç¶æ³ã確èªããŠã¿ãŠäžããã
ããŸãã«ãæéãèŠããå Žå㯠ZeroSSL ã®ãµãŒããäžèª¿ã®å¯èœæ§ããããŸãã®ã§ã
æ°æéïœæ°æ¥ãããŠãå床çºè¡ãè©ŠããŠã¿ãŠãè¯ãã§ãããã
è€æ°ç°å¢ã§äœ¿çšããæã蚌ææžãçºè¡ã§ããŸããã
ZeroSSL åŽã®ä»æ§ã«ãããEABïŒExternalAccountBindingïŒãçšããŠ
ACME ã§ã®èšŒææžçºè¡ãè¡ããšç¹å®ã® 1 ç°å¢ã§ããçºè¡ããäºãã§ããŸããã
è€æ°ç°å¢ã§äœ¿çšããå Žåã¯ãã¡ãŒã«ã¢ãã¬ã¹ ãŸã㯠API ããŒã䜿çšããŠäžããã
2022幎10æçŸåšãããŒãžéå¶è
ãè€æ°ãµãŒã㧠EAB ãçšã㊠ZeroSSL ã䜿çšãã
åé¡ãªã ZeroSSL ãçºè¡ãããããã«ãªã£ãŠããäºã確èªããŠããŸãã
issues ã§ã close ãä¿ãç¶æ
ã«ãªã£ãŠããŠã解決ã§ããŠããèªèã®ããã§ãã
å®éããŒãžéå¶è
ã EAB ãçšããŠè€æ°ç°å¢ã§ ZeroSSL ãçºè¡ãè©Šã¿ã
æ£åžžã«çºè¡ã§ããŠããäºã確èªã§ããŠããŸãã