「Apache」の版間の差分
ナビゲーションに移動
検索に移動
29行目: | 29行目: | ||
*-d domain | *-d domain | ||
# certbot certonly --webroot -w /var/www/html/ -d www.typea.info | # certbot certonly --webroot -w /var/www/html/ -d www.typea.info | ||
+ | |||
+ | certbot certonly --webroot -w /var/www/html/ -d repo.typea.info | ||
+ | Saving debug log to /var/log/letsencrypt/letsencrypt.log | ||
+ | Plugins selected: Authenticator webroot, Installer None | ||
+ | Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org | ||
+ | Obtaining a new certificate | ||
+ | Performing the following challenges: | ||
+ | http-01 challenge for repo.typea.info | ||
+ | Using the webroot path /var/www/html for all unmatched domains. | ||
+ | Waiting for verification... | ||
+ | Cleaning up challenges | ||
+ | |||
+ | IMPORTANT NOTES: | ||
+ | - Congratulations! Your certificate and chain have been saved at: | ||
+ | /etc/letsencrypt/live/repo.typea.info/fullchain.pem | ||
+ | Your key file has been saved at: | ||
+ | /etc/letsencrypt/live/repo.typea.info/privkey.pem | ||
+ | Your cert will expire on 2020-07-25. To obtain a new or tweaked | ||
+ | version of this certificate in the future, simply run certbot | ||
+ | again. To non-interactively renew *all* of your certificates, run | ||
+ | "certbot renew" | ||
+ | - If you like Certbot, please consider supporting our work by: | ||
+ | |||
+ | Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate | ||
+ | Donating to EFF: https://eff.org/donate-le | ||
+ | |||
*[https://weblabo.oscasierra.net/letsencrypt-renew-cron/ Let's Encrypt の証明書自動更新手順] | *[https://weblabo.oscasierra.net/letsencrypt-renew-cron/ Let's Encrypt の証明書自動更新手順] |
2020年4月26日 (日) 02:40時点における版
目次
Apache
Web Server
SSL
Let's Encrypt
https://weblabo.oscasierra.net/letsencrypt-2/
- Let's Encrypt の証明書導入
- Let’s Encrypt における証明書発行の手順はほとんどが自動化されている。
- Let’s Encrypt のサーバーと、Certbot クライアントソフトウェアにより自動化されている。
- 最初にすべきことは、証明書を設定しようとしているマシンに Certbot クライアントをインストール
- Certbot クライアントが、 Let’s Encrypt のサーバーとやり取りすることで証明書の発行と設定を自動的に行ってくれる
- 発行される証明書は、いわゆる「DV証明書」という種類の証明
- Let’s Encrypt サーバーは、発行する証明書の対象のドメインの所有者自身が発行要求をしてきたことを確認した上で、SSL/TLSサーバー証明書を発行
- 証明書の発行を要求された Let’s Encrypt サーバーは、発行しようとしている証明書のドメインの80番ポートにアクセスし、特定の内容のファイルが存在していることを確認
- ファイルが取得できればドメインの所有者が発行要求を出していることを確認できまる
Certbot クライアントをインストール
# yum install epel-release # yum install certbot python-certbot-apache
SSL/TLS証明書の作成
- -w DocumentRoot : /var/www/html/
- -d domain
# certbot certonly --webroot -w /var/www/html/ -d www.typea.info
certbot certonly --webroot -w /var/www/html/ -d repo.typea.info Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org Obtaining a new certificate Performing the following challenges: http-01 challenge for repo.typea.info Using the webroot path /var/www/html for all unmatched domains. Waiting for verification... Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/repo.typea.info/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/repo.typea.info/privkey.pem Your cert will expire on 2020-07-25. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
サブドメインも対応
# certbot certonly --webroot -w /var/www/html/ -d typea.info -d www.typea.info
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - You have an existing certificate that contains a portion of the domains you requested (ref: /etc/letsencrypt/renewal/www.typea.info.conf) It contains these names: www.typea.info You requested these names for the new certificate: typea.info, www.typea.info. Do you want to expand and replace this existing certificate with the new certificate? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (E)xpand/(C)ancel: E Renewing an existing certificate Performing the following challenges: http-01 challenge for typea.info Using the webroot path /var/www/html for all unmatched domains. Waiting for verification... Cleaning up challenges IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/www.typea.info/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/www.typea.info/privkey.pem Your cert will expire on 2020-07-24. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
Other products
© 2006 矢木浩人