Last active
January 26, 2019 12:50
-
-
Save daiki44/12bb21e71739da70f8ef751c7ead2b8e to your computer and use it in GitHub Desktop.
無料でHTTPS化できる「Let's Encrypt」をやってみた ※install.sh付き ref: https://qiita.com/daiki_44/items/a3616390f277722b97e0
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<VirtualHost *:443> | |
ServerAdmin hoge@hoge.com | |
ServerName encrypt.hoge.com | |
DocumentRoot /var/www/hoge | |
# ここはお好みで | |
<Directory /var/www/hoge> | |
# .htaccessの許可 | |
AllowOverride All | |
</Directory> | |
# logを吐く場所 | |
ErrorLog /var/log/httpd/hoge_ssl_error.log | |
CustomLog /var/log/httpd/hoge_ssl_access.log combined | |
# SSLを設定し、証明書を読み込ませる | |
SSLEngine on | |
SSLCertificateFile /etc/letsencrypt/live/encrypt.hoge.com/cert.pem | |
SSLCertificateKeyFile /etc/letsencrypt/live/encrypt.hoge.com/privkey.pem | |
SSLCertificateChainFile /etc/letsencrypt/live/encrypt.hoge.com/fullchain.pem | |
</VirtualHost> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ certbot-auto certonly --webroot -w /var/www/hoge -d hoge.com --email hoge@hoge.com | |
// certbot-autoコマンドの詳細 | |
certbot-auto certonly // 証明書の作成 | |
--webroot // 既存のウェブサーバを使うモードを選択 | |
-w /var/www/hoge // ドキュメント・ルートのパス | |
-d hoge.com // 認証するドメイン名 | |
--email <メール>@<アドレス> // メールアドレス登録 (証明書期限切れの通知用) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// curlで叩いてパスの通るところへ | |
$ sudo curl https://dl.eff.org/certbot-auto -o /usr/bin/certbot-auto | |
// 権限付与 | |
$ sudo chmod 700 /usr/bin/certbot-auto |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
IMPORTANT NOTES: | |
- Congratulations! Your certificate and chain have been saved at: | |
/etc/letsencrypt/live/hoge/fullchain.pem | |
Your key file has been saved at: | |
/etc/letsencrypt/live/hoge/privkey.pem | |
Your cert will expire on 2017-12-23. To obtain a new or tweaked | |
version of this certificate in the future, simply run certbot-auto | |
again. To non-interactively renew *all* of your certificates, run | |
"certbot-auto renew" | |
- If you like Certbot, please consider supporting our work by: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ sudo ll /etc/letsencrypt/live/ | |
// ドメイン別でdirが出来る | |
drwxr-xr-x 2 root root 4096 Sep 25 2017 hoge.com | |
drwxr-xr-x 2 root root 4096 Sep 25 2017 foo.com | |
// 中身はシンボリックリンクが貼られている | |
$ sudo ll /etc/letsencrypt/live/ | |
lrwxrwxrwx 1 root root 36 Sep 25 2017 cert.pem -> ../../archive/hoge.com/cert1.pem | |
lrwxrwxrwx 1 root root 37 Sep 25 2017 chain.pem -> ../../archive/hoge.com/chain1.pem | |
lrwxrwxrwx 1 root root 41 Sep 25 2017 fullchain.pem -> ../../archive/hoge.com/fullchain1.pem | |
lrwxrwxrwx 1 root root 39 Sep 25 2017 privkey.pem -> ../../archive/hoge.com/privkey1.pem |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ sudo service httpd graceful |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// 毎月1日の午前4時に自動更新をするcron登録 | |
// certbot-auto で証明書を更新し、apacheを再起動 | |
$ sudo crontab -e | |
00 04 01 * * /usr/bin/certbot-auto renew --force-renew && service httpd graceful |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
RewriteEngine On | |
RewriteCond %{HTTPS} off | |
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R,L] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<Directory "/var/www/hoge/.well-known"> | |
<RequireAll> | |
Require all granted | |
</RequireAll> | |
</Directory> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<VirtualHost *:443> | |
ServerAdmin hoge@hoge.com | |
ServerName hoge.com | |
DocumentRoot /var/www/hoge | |
# ここはお好みで | |
<Directory /var/www/hoge> | |
# .htaccessの許可 | |
AllowOverride All | |
</Directory> | |
# logを吐く場所 | |
ErrorLog /var/log/httpd/hoge_ssl_error.log | |
CustomLog /var/log/httpd/hoge_ssl_access.log combined | |
# SSLを設定し、証明書を読み込ませる | |
SSLEngine on | |
SSLCertificateFile /etc/letsencrypt/live/hoge.com/cert.pem | |
SSLCertificateKeyFile /etc/letsencrypt/live/hoge.com/privkey.pem | |
SSLCertificateChainFile /etc/letsencrypt/live/hoge.com/fullchain.pem | |
</VirtualHost> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
#------------------------------------- | |
echo "パスの通っている場所を入力してください (ex. /usr/bin)" | |
read INSTALL_PATH | |
#------------------------------------- | |
#------------------------------------- | |
echo "RootDirectoryを入力してください (ex. /var/www/hoge)" | |
read WEBROOT | |
#------------------------------------- | |
#------------------------------------- | |
echo "対象ドメインを入力してください (ex. hoge.com)" | |
read DOMAIN | |
#------------------------------------- | |
#------------------------------------- | |
echo "管理用メールアドレスを入力してください (ex. hoge@hoge.com)" | |
read EMAIL | |
#------------------------------------- | |
# certbotが未インストール時のみインストール | |
if ! type certbot-auto > /dev/null 2>&1; then | |
sudo curl https://dl.eff.org/certbot-auto -o $INSTALL_PATH/certbot-auto | |
fi | |
# 権限付与 | |
sudo chmod 700 $INSTALL_PATH/certbot-auto | |
# 証明書発行 | |
sudo certbot-auto certonly --webroot -w $WEBROOT -d $DOMAIN --email $EMAIL |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
#------------------------------------- | |
echo "パスの通っている場所を入力してください (ex. /usr/bin)" | |
read INSTALL_PATH | |
#------------------------------------- | |
#------------------------------------- | |
echo "RootDirectoryを入力してください (ex. /var/www/hoge)" | |
read WEBROOT | |
#------------------------------------- | |
#------------------------------------- | |
echo "対象ドメインを入力してください (ex. hoge.com)" | |
read DOMAIN | |
#------------------------------------- | |
#------------------------------------- | |
echo "管理用メールアドレスを入力してください (ex. hoge@hoge.com)" | |
read EMAIL | |
#------------------------------------- | |
# certbotが未インストール時のみインストール | |
if ! type certbot-auto > /dev/null 2>&1; then | |
sudo curl https://dl.eff.org/certbot-auto -o $INSTALL_PATH/certbot-auto | |
fi | |
# 権限付与 | |
sudo chmod 700 $INSTALL_PATH/certbot-auto | |
# 証明書発行 | |
sudo certbot-auto certonly --webroot -w $WEBROOT -d $DOMAIN --email $EMAIL |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment