ConohaVpsを使ってみる【初めてのVPS】

Conohaにて、初めてのVPSに挑戦。メモ的な備考録です。

無料で利用できるSSL「Let'sEncrypt」でSSL化【Apach+CentOS】

*1

証明書取得

1, git install
$ yum -y install curl-devel expat-devel gettext-devel openssl-devel zlib-devel perl-ExtUtils-MakeMaker


$ wget https://www.kernel.org/pub/software/scm/git/git-2.4.0.tar.gz
$ tar zxvf git-2.4.0.tar.gz

$ sudo yum clean all

$ cd git-2.4.0
$ ./configure --prefix=/usr/local/
※エラーが出たら適宜Install
//# yum -y install gcc

$ make
$ sudo make install
$ git --version
git version 2.4.0

 

2,Cerbot Install

cd /usr/local/
git clone https://github.com/certbot/certbot

cd certbot/
./certbot-auto

※ダイアログでNOを選択

$ ./certbot-auto certonly --standalone -d www.domain_name.com
※メールアドレス入力
利用規約同意

$ sudo service httpd stop

$ ./certbot-auto certonly --standalone -d www.domain_name.com
$sudo service httpd start

$sudo ls -1 /etc/letsencrypt/live/www.domain_name.com

 

バーチャルホスト設定

sudo vi /etc/httpd/conf/httpd.conf

 

NameVirtualHost *:443
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/www.domain_name.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.domain_name.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/www.domain_name.com/fullchain.pem
ServerAdmin root@www.domain_name.com
DocumentRoot /home/user/www/html/etc
ServerName www.domain_name.com
<Directory "/home/user/www/html/etc">
Options -MultiViews
AllowOverride All
</Directory>
</VirtualHost>

$sudo service httpd restart

参考サイト

Let’s Encrypt サーバー証明書の取得と自動更新設定メモ | あぱーブログ

Let's Encrypt の使い方 - Let's Encrypt 総合ポータル

さくらVPSで、Let's Encryptのサーバ証明書を使って、SSL対応のサイトを作る設定手順

 

SSL証明書更新

cd /usr/local/
cd certbot/
./certbot-auto renew

有効期限確認
http://comodo.jp/

 

httpsにリダイレクト

vi /etc/httpd/conf/httpd.conf

NameVirtualHost *:80
<VirtualHost *:80>
ServerName www.domain_name.com:80
Redirect permanent / https://www.domain_name.com/
DocumentRoot /home/agsupply/www/html/fishin/
<Directory /home/agsupply/www/html/fishin/>
Allow from all
</Directory>
</VirtualHost>
<VirtualHost *:80>
ServerName agsupply.biz:80
Redirect permanent / https://www.domain_name.com/

sudo service httpd restart

*1:CentOS6.8-64bit

cat /etc/redhat-release

arch

Apache2.2.15

sudo httpd -v