証明書の取得

# systemctl stop httpd
# certbot certonly -d $(hostname) --email=メールアドレス 
Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Apache Web Server plugin (apache)
2: Runs an HTTP server locally which serves the necessary validation files under
the /.well-known/acme-challenge/ request path. Suitable if there is no HTTP
server already running. HTTP challenge only (wildcards not supported).
(standalone)
3: Saves the necessary validation files to a .well-known/acme-challenge/
directory within the nominated webroot path. A separate HTTP server must be
running and serving files from the webroot path. HTTP challenge only (wildcards
not supported). (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-3] then [enter] (press 'c' to cancel): 2
Requesting a certificate for cockpit.magic-object.com and 7 more domains

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/cockpit.magic-object.com/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/cockpit.magic-object.com/privkey.pem
This certificate expires on 2025-09-24.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# systemctl start httpd

証明書の指定

# cd /etc/cockpit/ws-certs.d
# ln -fs /etc/letsencrypt/live/$(hostname)/fullchain.pem $(hostname).cert
# ln -fs /etc/letsencrypt/live/$(hostname)/privkey.pem $(hostname).key

ブラウザで確認