| ページ一覧 | ブログ | twitter |  書式 | 書式(表) |

MyMemoWiki

「Apache」の版間の差分

提供: MyMemoWiki
ナビゲーションに移動 検索に移動
29行目: 29行目:
 
*-d domain
 
*-d domain
 
  # certbot certonly --webroot -w /var/www/html/ -d www.typea.info
 
  # certbot certonly --webroot -w /var/www/html/ -d www.typea.info
 +
 +
certbot certonly --webroot -w /var/www/html/ -d repo.typea.info
 +
Saving debug log to /var/log/letsencrypt/letsencrypt.log
 +
Plugins selected: Authenticator webroot, Installer None
 +
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
 +
Obtaining a new certificate
 +
Performing the following challenges:
 +
http-01 challenge for repo.typea.info
 +
Using the webroot path /var/www/html for all unmatched domains.
 +
Waiting for verification...
 +
Cleaning up challenges
 +
 +
IMPORTANT NOTES:
 +
- Congratulations! Your certificate and chain have been saved at:
 +
  /etc/letsencrypt/live/repo.typea.info/fullchain.pem
 +
  Your key file has been saved at:
 +
  /etc/letsencrypt/live/repo.typea.info/privkey.pem
 +
  Your cert will expire on 2020-07-25. To obtain a new or tweaked
 +
  version of this certificate in the future, simply run certbot
 +
  again. To non-interactively renew *all* of your certificates, run
 +
  "certbot renew"
 +
- If you like Certbot, please consider supporting our work by:
 +
 +
  Donating to ISRG / Let's Encrypt:  https://letsencrypt.org/donate
 +
  Donating to EFF:                    https://eff.org/donate-le
 +
  
 
*[https://weblabo.oscasierra.net/letsencrypt-renew-cron/ Let's Encrypt の証明書自動更新手順]
 
*[https://weblabo.oscasierra.net/letsencrypt-renew-cron/ Let's Encrypt の証明書自動更新手順]

2020年4月26日 (日) 02:40時点における版

Apache

IHS | WAS |

Web Server

SSL

Let's Encrypt

https://weblabo.oscasierra.net/letsencrypt-2/

  • Let's Encrypt の証明書導入
    • Let’s Encrypt における証明書発行の手順はほとんどが自動化されている。
    • Let’s Encrypt のサーバーと、Certbot クライアントソフトウェアにより自動化されている。
    • 最初にすべきことは、証明書を設定しようとしているマシンに Certbot クライアントをインストール
    • Certbot クライアントが、 Let’s Encrypt のサーバーとやり取りすることで証明書の発行と設定を自動的に行ってくれる
    • 発行される証明書は、いわゆる「DV証明書」という種類の証明
    • Let’s Encrypt サーバーは、発行する証明書の対象のドメインの所有者自身が発行要求をしてきたことを確認した上で、SSL/TLSサーバー証明書を発行
    • 証明書の発行を要求された Let’s Encrypt サーバーは、発行しようとしている証明書のドメインの80番ポートにアクセスし、特定の内容のファイルが存在していることを確認
    • ファイルが取得できればドメインの所有者が発行要求を出していることを確認できまる
Certbot クライアントをインストール
# yum install epel-release
# yum install certbot python-certbot-apache
SSL/TLS証明書の作成
  • -w DocumentRoot : /var/www/html/
  • -d domain
# certbot certonly --webroot -w /var/www/html/ -d www.typea.info

certbot certonly --webroot -w /var/www/html/ -d repo.typea.info Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org Obtaining a new certificate Performing the following challenges: http-01 challenge for repo.typea.info Using the webroot path /var/www/html for all unmatched domains. Waiting for verification... Cleaning up challenges

IMPORTANT NOTES:

- Congratulations! Your certificate and chain have been saved at:
  /etc/letsencrypt/live/repo.typea.info/fullchain.pem
  Your key file has been saved at:
  /etc/letsencrypt/live/repo.typea.info/privkey.pem
  Your cert will expire on 2020-07-25. To obtain a new or tweaked
  version of this certificate in the future, simply run certbot
  again. To non-interactively renew *all* of your certificates, run
  "certbot renew"
- If you like Certbot, please consider supporting our work by:
  Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
  Donating to EFF:                    https://eff.org/donate-le


サブドメインも対応
# certbot certonly --webroot -w /var/www/html/ -d typea.info -d www.typea.info
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/www.typea.info.conf)

It contains these names: www.typea.info

You requested these names for the new certificate: typea.info, www.typea.info.

Do you want to expand and replace this existing certificate with the new
certificate?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(E)xpand/(C)ancel: E
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for typea.info
Using the webroot path /var/www/html for all unmatched domains.
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/www.typea.info/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/www.typea.info/privkey.pem
   Your cert will expire on 2020-07-24. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Other products