CentOS7.6にWordpressをインストールしてる。
Let’s encryptっていう、https化キットみたいなのがあって、とても簡単だから忘れないように張っておこう。
パッケージインストール
yum -y install epel-release yum -y install certbot python-certbot-apache certbot certonly --webroot -w /var/www/wordpress/ -d infracollege.vamdemicsystem.black
対話型で設定
# certbot --apache Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator apache, Installer apache Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org No names were found in your configuration files. Please enter in your domain name(s) (comma and/or space separated) (Enter 'c' to cancel): infracollege.vamdemicsystem.black ← ドメイン名を入力 Cert not yet due for renewal You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry. (ref: /etc/letsencrypt/renewal/infracollege.vamdemicsystem.black.conf) What would you like to do? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: Attempt to reinstall this existing certificate 2: Renew & replace the cert (limit ~5 per 7 days) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1 ← インストールするので1 Keeping the existing certificate We were unable to find a vhost with a ServerName or Address of infracollege.vamdemicsystem.black. Which virtual host would you like to choose? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: ssl.conf | | HTTPS | Enabled - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Press 1 [enter] to confirm the selection (press 'c' to cancel): 1 Deploying Certificate to VirtualHost /etc/httpd/conf.d/ssl.conf Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2 ← httpできたときにhttpsへURLをリダイレクトしたいので2 Created redirect file: le-redirect-infracollege.vamdemicsystem.black.conf Rollback checkpoint is empty (no changes made?) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations! You have successfully enabled https://infracollege.vamdemicsystem.black You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=infracollege.vamdemicsystem.black - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/infracollege.vamdemicsystem.black/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/infracollege.vamdemicsystem.black/privkey.pem Your cert will expire on 2019-06-23. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
ssl.confやらに自動的に設定してくれている。すごい
# cat /etc/httpd/conf.d/ssl.conf ServerName infracollege.vamdemicsystem.black Include /etc/letsencrypt/options-ssl-apache.conf SSLCertificateFile /etc/letsencrypt/live/infracollege.vamdemicsystem.black/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/infracollege.vamdemicsystem.black/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/infracollege.vamdemicsystem.black/chain.pem
いいと思う!
2 Comments
2 Records
たに wrote:
SSL証明書の更新も自動でやってくれたりするんですか?
yuta wrote:
cron仕込まないとっすね!
追記しておきます!