Skip to content

Instantly share code, notes, and snippets.

@daiki44

daiki44/apache.conf

Last active January 26, 2019 12:50
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save daiki44/12bb21e71739da70f8ef751c7ead2b8e to your computer and use it in GitHub Desktop.
Save daiki44/12bb21e71739da70f8ef751c7ead2b8e to your computer and use it in GitHub Desktop.
Download ZIP
無料でHTTPS化できる「Let's Encrypt」をやってみた ※install.sh付き ref: https://qiita.com/daiki_44/items/a3616390f277722b97e0
Raw
apache.conf
<VirtualHost *:443>
ServerAdmin hoge@hoge.com
ServerName encrypt.hoge.com
DocumentRoot /var/www/hoge
# ここはお好みで
<Directory /var/www/hoge>
# .htaccessの許可
AllowOverride All
</Directory>
# logを吐く場所
ErrorLog /var/log/httpd/hoge_ssl_error.log
CustomLog /var/log/httpd/hoge_ssl_access.log combined
# SSLを設定し、証明書を読み込ませる
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/encrypt.hoge.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/encrypt.hoge.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/encrypt.hoge.com/fullchain.pem
</VirtualHost>
Raw
certbot-auto.sh
$ certbot-auto certonly --webroot -w /var/www/hoge -d hoge.com --email hoge@hoge.com
// certbot-autoコマンドの詳細
certbot-auto certonly // 証明書の作成
--webroot // 既存のウェブサーバを使うモードを選択
-w /var/www/hoge // ドキュメント・ルートのパス
-d hoge.com // 認証するドメイン名
--email <メール>@<アドレス> // メールアドレス登録 (証明書期限切れの通知用)
Raw
certbot.sh
// curlで叩いてパスの通るところへ
$ sudo curl https://dl.eff.org/certbot-auto -o /usr/bin/certbot-auto
// 権限付与
$ sudo chmod 700 /usr/bin/certbot-auto
Raw
file2.txt
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/hoge/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/hoge/privkey.pem
Your cert will expire on 2017-12-23. To obtain a new or tweaked
version of this certificate in the future, simply run certbot-auto
again. To non-interactively renew *all* of your certificates, run
"certbot-auto renew"
- If you like Certbot, please consider supporting our work by:
Raw
file3.txt
$ sudo ll /etc/letsencrypt/live/
// ドメイン別でdirが出来る
drwxr-xr-x 2 root root 4096 Sep 25 2017 hoge.com
drwxr-xr-x 2 root root 4096 Sep 25 2017 foo.com
// 中身はシンボリックリンクが貼られている
$ sudo ll /etc/letsencrypt/live/
lrwxrwxrwx 1 root root 36 Sep 25 2017 cert.pem -> ../../archive/hoge.com/cert1.pem
lrwxrwxrwx 1 root root 37 Sep 25 2017 chain.pem -> ../../archive/hoge.com/chain1.pem
lrwxrwxrwx 1 root root 41 Sep 25 2017 fullchain.pem -> ../../archive/hoge.com/fullchain1.pem
lrwxrwxrwx 1 root root 39 Sep 25 2017 privkey.pem -> ../../archive/hoge.com/privkey1.pem
Raw
file5.txt
$ sudo service httpd graceful
Raw
file6.txt
// 毎月1日の午前4時に自動更新をするcron登録
// certbot-auto で証明書を更新し、apacheを再起動
$ sudo crontab -e
00 04 01 * * /usr/bin/certbot-auto renew --force-renew && service httpd graceful
Raw
file7.txt
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
Raw
file8.conf
<Directory "/var/www/hoge/.well-known">
<RequireAll>
Require all granted
</RequireAll>
</Directory>
Raw
httpd.conf
<VirtualHost *:443>
ServerAdmin hoge@hoge.com
ServerName hoge.com
DocumentRoot /var/www/hoge
# ここはお好みで
<Directory /var/www/hoge>
# .htaccessの許可
AllowOverride All
</Directory>
# logを吐く場所
ErrorLog /var/log/httpd/hoge_ssl_error.log
CustomLog /var/log/httpd/hoge_ssl_access.log combined
# SSLを設定し、証明書を読み込ませる
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/hoge.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/hoge.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/hoge.com/fullchain.pem
</VirtualHost>
Raw
install.sh
#!/bin/sh
#-------------------------------------
echo "パスの通っている場所を入力してください (ex. /usr/bin)"
read INSTALL_PATH
#-------------------------------------
#-------------------------------------
echo "RootDirectoryを入力してください (ex. /var/www/hoge)"
read WEBROOT
#-------------------------------------
#-------------------------------------
echo "対象ドメインを入力してください (ex. hoge.com)"
read DOMAIN
#-------------------------------------
#-------------------------------------
echo "管理用メールアドレスを入力してください (ex. hoge@hoge.com)"
read EMAIL
#-------------------------------------
# certbotが未インストール時のみインストール
if ! type certbot-auto > /dev/null 2>&1; then
sudo curl https://dl.eff.org/certbot-auto -o $INSTALL_PATH/certbot-auto
fi
# 権限付与
sudo chmod 700 $INSTALL_PATH/certbot-auto
# 証明書発行
sudo certbot-auto certonly --webroot -w $WEBROOT -d $DOMAIN --email $EMAIL
Raw
letsencrypt.sh
#!/bin/sh
#-------------------------------------
echo "パスの通っている場所を入力してください (ex. /usr/bin)"
read INSTALL_PATH
#-------------------------------------
#-------------------------------------
echo "RootDirectoryを入力してください (ex. /var/www/hoge)"
read WEBROOT
#-------------------------------------
#-------------------------------------
echo "対象ドメインを入力してください (ex. hoge.com)"
read DOMAIN
#-------------------------------------
#-------------------------------------
echo "管理用メールアドレスを入力してください (ex. hoge@hoge.com)"
read EMAIL
#-------------------------------------
# certbotが未インストール時のみインストール
if ! type certbot-auto > /dev/null 2>&1; then
sudo curl https://dl.eff.org/certbot-auto -o $INSTALL_PATH/certbot-auto
fi
# 権限付与
sudo chmod 700 $INSTALL_PATH/certbot-auto
# 証明書発行
sudo certbot-auto certonly --webroot -w $WEBROOT -d $DOMAIN --email $EMAIL
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment