Porkbunでドメイン取得、使用メモ

ドメイン取得:ficusonline.com

ドメインの登録・更新費用が比較的安価で、世界中のユーザから使い勝手の良さやサポートで高い評価を得ている porkbun の使用メモ。no-ip提供の無料サブドメインからの乗換え(従来のURLからはリダイレクトされます)。

.com 登録時(1年有効):$9.73 更新費用:$9.73/年 移転費用:$9.73

以下のサービスが含まれます。

  • dns
  • email forwarding
  • ssl
  • whois privacy
  • dejigamaflipper

How to verify your domain with Google Search Console

DNS-01 チャレンジ(Certbot)

CertbotによるTLS認証手続きで、ルートドメインを取得済であれば、http-01チャレンジ(HTTP認証)よりもdns-01チャレンジ(DNS認証)を利用した方が、サブドメイン毎に認証手続きをする手間などが省け便利です。

DNS認証の具体例については下記を参照して下さい。

DNS認証には、プラグインを使用する方法とmanualオプションを利用する方法がありますが、manualの場合、TXTテキストを90日以内に更新する必要があるため更新コマンドは利用できません。

Plugin Auth Inst Notes Challenge types (and port)
DNS plugins Y N This category of plugins automates obtaining a certificate by modifying DNS records to prove you have control over a domain. Doing domain validation in this way is the only way to obtain wildcard certificates from Let’s Encrypt. dns-01 (53)
manual Y N Obtain a certificate by manually following instructions to perform domain validation yourself. Certificates created this way do not support autorenewal. Autorenewal may be enabled by providing an authentication hook script to automate the domain validation steps. http-01 (80) or dns-01 (53)

Third-party plugins

ドメインを提供しているサードパーティ向けcertbotのプラグインは、オフィシャルまたは有志により提供されています。

There are also a number of third-party plugins for the client, provided by other developers. Many are beta/experimental, but some are already in widespread use:

Plugin Auth Inst Notes
haproxy Y Y Integration with the HAProxy load balancer
s3front Y Y Integration with Amazon CloudFront distribution of S3 buckets
gandi Y N Obtain certificates via the Gandi LiveDNS API
varnish Y N Obtain certificates via a Varnish server
external-auth Y Y A plugin for convenient scripting
pritunl N Y Install certificates in pritunl distributed OpenVPN servers
proxmox N Y Install certificates in Proxmox Virtualization servers
dns-standalone Y N Obtain certificates via an integrated DNS server
dns-ispconfig Y N DNS Authentication using ISPConfig as DNS server
dns-clouddns Y N DNS Authentication using CloudDNS API
dns-lightsail Y N DNS Authentication using Amazon Lightsail DNS API
dns-inwx Y Y DNS Authentication for INWX through the XML API
dns-azure Y N DNS Authentication using Azure DNS
dns-godaddy Y N DNS Authentication using Godaddy DNS
dns-yandexcloud Y N DNS Authentication using Yandex Cloud DNS
dns-bunny Y N DNS Authentication using BunnyDNS
njalla Y N DNS Authentication for njalla
DuckDNS Y N DNS Authentication for DuckDNS
Porkbun Y N DNS Authentication for Porkbun
Infomaniak Y N DNS Authentication using Infomaniak Domains API
dns-multi Y N DNS authentication of 100+ providers using go-acme/lego
dns-dnsmanager Y N DNS Authentication for dnsmanager.io
standalone-nfq Y N HTTP Authentication that works with any webserver (Linux only)

If you’re interested, you can also write your own plugin.


Porkbun Certbot DNS認証プラグイン

PorkbunからAPIキーを取得しporkbun.iniファイルを作成。(アクセス権は600)

porkbun.ini

dns_porkbun_key=<your-porkbun-api-key>
dns_porkbun_secret=<your-porkbun-api-secret>

DockerによりPorkbun Certbotプラグイン実行

$ docker run -it --rm --name certbot_porkbun -v "$PWD/letsencrypt:/etc/letsencrypt" -v "/var/log/letsencrypt:/var/log/letsencrypt" -v "$PWD/porkbun.ini:/conf/porkbun.ini" infinityofspace/certbot_dns_porkbun:latest \
   certonly \
     --non-interactive \
     --agree-tos \
     --email <your-email-address> \
     --preferred-challenges dns \
     --authenticator dns-porkbun \
     --dns-porkbun-credentials /conf/porkbun.ini \
     --dns-porkbun-propagation-seconds 60 \
     -d "example.com" -d "*.example.com"

認証ドメインの確認

$ docker run -it --rm --name certbot_porkbun -v "$PWD/letsencrypt:/etc/letsencrypt" -v "/var/log/letsencrypt:/var/log/letsencrypt" -v "$PWD/porkbun.ini:/conf/porkbun.ini" infinityofspace/certbot_dns_porkbun:latest \ 
  certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: example.com
    Serial Number: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    Key Type: ECDSA
    Domains: example.com *.example.com
    Expiry Date: 2023-xx-xx 00:54:35+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/example.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/example.com/privkey.pem

更新(クローンジョブに登録)

$ docker run -it --rm --name certbot_porkbun -v "$PWD/letsencrypt:/etc/letsencrypt" -v "/var/log/letsencrypt:/var/log/letsencrypt" -v "$PWD/porkbun.ini:/conf/porkbun.ini" infinityofspace/certbot_dns_porkbun:latest \ 
  renew

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/example.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Certificate not yet due for renewal

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The following certificates are not due for renewal yet:
  /etc/letsencrypt/live/example.com/fullchain.pem expires on 2023-xx-xx (skipped)
No renewals were attempted.

Cerbot Command Line Options

User Guide — Certbot 2.6.0 documentation