#certbot -d cycht.org.tw -d www.cycht.org.tw -d main.cycht.org.tw
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Certbot has detected that apache version < 2.4.11 or compiled against openssl < 1.0.2l. Since these are deprecated, the configuration file being installed at /etc/letsencrypt/options-ssl-apache.conf will not receive future updates. To get the latest configuration version, update apache.
Requesting a certificate for cycht.org.tw and 2 more domains
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/cycht.org.tw/fullchain.pem
Key is saved at: /etc/letsencrypt/live/cycht.org.tw/privkey.pem
This certificate expires on 2025-12-18.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
Deploying certificate
Some rewrite rules copied from /etc/httpd/sites-enabled/www.cycht.org.tw.conf were disabled in the vhost for your HTTPS site located at /etc/httpd/sites-available/www.cycht.org.tw-le-ssl.conf because they have the potential to create redirection loops.
Successfully deployed certificate for cycht.org.tw to /etc/httpd/sites-available/www.cycht.org.tw-le-ssl.conf
Successfully deployed certificate for www.cycht.org.tw to /etc/httpd/sites-available/www.cycht.org.tw-le-ssl.conf
Some rewrite rules copied from /etc/httpd/sites-enabled/main.cycht.org.tw.conf were disabled in the vhost for your HTTPS site located at /etc/httpd/sites-available/main.cycht.org.tw-le-ssl.conf because they have the potential to create redirection loops.
Successfully deployed certificate for main.cycht.org.tw to /etc/httpd/sites-available/main.cycht.org.tw-le-ssl.conf
Congratulations! You have successfully enabled HTTPS on https://cycht.org.tw, https://www.cycht.org.tw, and https://main.cycht.org.tw
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
Test ssl
https://www.ssllabs.com/ssltest/analyze.html?d=greencom.tw&latest
DNS CAA | No (more info) |
5. Publish Your CAA Policy
Add the following CAA records to your domain's DNS. Your DNS must be hosted with a service that supports CAA.
Generic
For Google Cloud DNS, Route 53, DNSimple, and other hosted DNS services
Name | Type | Value |
---|---|---|
greencom.tw. | CAA | 0 issue ";" |
Standard Zone File
For BIND ≥9.9.6, PowerDNS ≥4.0.0, NSD ≥4.0.1, Knot DNS ≥2.2.0
greencom.tw. IN CAA 0 issue ";"
Legacy Zone File (RFC 3597 Syntax)
For BIND <9.9.6, NSD <4.0.1, Windows Server 2016
greencom.tw. IN TYPE257 \# 8 000569737375653B
tinydns
:greencom.tw:257:\000\005\151\163\163\165\145\073
dnsmasq
--dns-rr=greencom.tw,257,000569737375653B