#author("2017-05-22T16:23:06+00:00","default:kazuma","kazuma") #author("2017-05-22T16:23:42+00:00","default:kazuma","kazuma") [[letsencrypt]] * 概要 [#e161ad90] letsencryptを使ってSSL証明書を設置する手順です。 * 手順 [#fcc2200b] # cd /usr/local/ # git clone https://github.com/certbot/certbot # cd certbot/ # ./certbot-auto -n # ./certbot-auto certonly --webroot \ -w /var/www/example -d example.com \ -m sample@example.com \ --agree-tos -n *webサーバーの設定 [#td0b0a42] *** apacheの場合(CentOS6(sysvinit),apache2.2の場合) [#n6a9f7f2] 下記設定で80番にきた受付をすべてhttpsへリダイレクトさせる。 # vim httpd.conf <-- 80番の設定 RewriteEngine On RewriteCond %{SERVER_PORT} !^443$ RewriteRule /.*$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] # vim ssl.conf DocumentRoot <-- 80番の設定と同じ ServerName <-- 80番の設定と同じ 下記へ変更する SSLCertificateFile /etc/letsencrypt/live/inakikaku.jp/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/inakikaku.jp/privkey.pem SSLCACertificateFile /etc/letsencrypt/live/inakikaku.jp/chain.pem SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem SSLCACertificateFile /etc/letsencrypt/live/example.com/chain.pem # serivce httpd configtest # service httpd graceful *自動更新設定 [#tf41cd71] # crontab -e 00 05 01 * * /usr/local/certbot/certbot-auto renew --force-renewal && /bin/systemctl reload httpd