Last active
September 11, 2017 19:42
-
-
Save yasuken1990/8ba88554f92fec82290b5af404b8e9f8 to your computer and use it in GitHub Desktop.
【無償SSL】Let's Encrypt 使ってみる。 ref: http://qiita.com/yasuken/items/e45eb9efd16199512d4e
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ sudo su | |
// Apache インストール | |
# yum install httpd | |
// Apache 起動、自動起動オン | |
# systemctl start httpd.service | |
# systemctl enable httpd.service | |
// HTTP/HTTPS ウェルウンポート開放 | |
# firewall-cmd --permanent --zone=public --add-service=http | |
# firewall-cmd --permanent --zone=public --add-service=https | |
# firewall-cmd --reload | |
// SSLモジュール、OpenSSL インストール | |
# yum install mod_ssl openssl | |
// epel インストール | |
# yum install epel-release | |
// epel からcertbot、certbot-apache インストール | |
# yum --enablerepo=epel install certbot python-certbot-apache | |
// certonly コマンドで、SSL/TLS サーバ証明書を取得する | |
# certbot certonly | |
Saving debug log to /var/log/letsencrypt/letsencrypt.log | |
How would you like to authenticate with the ACME CA? | |
------------------------------------------------------------------------------- | |
1: Apache Web Server plugin - Beta (apache) | |
2: Place files in webroot directory (webroot) | |
3: Spin up a temporary webserver (standalone) | |
------------------------------------------------------------------------------- | |
// Apache 使用するので1 | |
Select the appropriate number [1-3] then [enter] (press 'c' to cancel): 1 | |
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org | |
// Domain を指定 | |
Please enter in your domain name(s) (comma and/or space separated) (Enter 'c' | |
to cancel):ssl-test.yasuken1990.com | |
Obtaining a new certificate | |
Performing the following challenges: | |
tls-sni-01 challenge for ssl-test.yasuken1990.com | |
We were unable to find a vhost with a ServerName or Address of ssl-test.yasuken1990.com. | |
Which virtual host would you like to choose? | |
(note: conf files with multiple vhosts are not yet supported) | |
------------------------------------------------------------------------------- | |
1: ssl.conf | | HTTPS | Enabled | |
------------------------------------------------------------------------------- | |
// 1を選ぶしかない件なので | |
Press 1 [enter] to confirm the selection (press 'c' to cancel): 1 | |
Waiting for verification... | |
Cleaning up challenges | |
Generating key (2048 bits): /etc/letsencrypt/keys/0000_key-certbot.pem | |
Creating CSR: /etc/letsencrypt/csr/0000_csr-certbot.pem | |
IMPORTANT NOTES: | |
- Congratulations! Your certificate and chain have been saved at | |
// /etc/letsencrypt/live/ssl-test.yasuken1990.com/ に色々作られた | |
/etc/letsencrypt/live/ssl-test.yasuken1990.com/fullchain.pem. Your | |
cert will expire on 2017-06-12. To obtain a new or tweaked version | |
of this certificate in the future, simply run certbot again. To | |
non-interactively renew *all* of your certificates, run "certbot | |
renew" | |
- If you like Certbot, please consider supporting our work by: | |
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate | |
Donating to | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#DocumentRoot "/var/www/html" | |
#ServerName www.example.com:443 | |
// コメントになっているので、コピーして自分の環境にあった設定をする | |
DocumentRoot "/var/www/html" | |
ServerName ssl-test.yasuken1990.com:443 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Apache再起動 | |
# systemctl restart httpd.service |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment