無料で利用できるSSL「Let'sEncrypt」でSSL化【Apach+CentOS】
証明書取得
1, git install
$ yum -y install curl-devel expat-devel gettext-devel openssl-devel zlib-devel perl-ExtUtils-MakeMaker
$ wget https://www.kernel.org/pub/software/scm/git/git-2.4.0.tar.gz
$ tar zxvf git-2.4.0.tar.gz
$ sudo yum clean all
$ cd git-2.4.0
$ ./configure --prefix=/usr/local/
※エラーが出たら適宜Install
//# yum -y install gcc
$ make
$ sudo make install
$ git --version
git version 2.4.0
2,Cerbot Install
cd /usr/local/
git clone https://github.com/certbot/certbot
cd certbot/
./certbot-auto
※ダイアログでNOを選択
$ ./certbot-auto certonly --standalone -d www.domain_name.com
※メールアドレス入力
※利用規約同意
$ sudo service httpd stop
$ ./certbot-auto certonly --standalone -d www.domain_name.com
$sudo service httpd start
$sudo ls -1 /etc/letsencrypt/live/www.domain_name.com
バーチャルホスト設定
sudo vi /etc/httpd/conf/httpd.conf
NameVirtualHost *:443
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/www.domain_name.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.domain_name.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/www.domain_name.com/fullchain.pem
ServerAdmin root@www.domain_name.com
DocumentRoot /home/user/www/html/etc
ServerName www.domain_name.com
<Directory "/home/user/www/html/etc">
Options -MultiViews
AllowOverride All
</Directory>
</VirtualHost>
$sudo service httpd restart
参考サイト
Let’s Encrypt サーバー証明書の取得と自動更新設定メモ | あぱーブログ
Let's Encrypt の使い方 - Let's Encrypt 総合ポータル
さくらVPSで、Let's Encryptのサーバ証明書を使って、SSL対応のサイトを作る設定手順
SSL証明書更新
cd /usr/local/
cd certbot/
./certbot-auto renew
有効期限確認
http://comodo.jp/
httpsにリダイレクト
NameVirtualHost *:80
<VirtualHost *:80>
ServerName www.domain_name.com:80
Redirect permanent / https://www.domain_name.com/
DocumentRoot /home/agsupply/www/html/fishin/
<Directory /home/agsupply/www/html/fishin/>
Allow from all
</Directory>
</VirtualHost>
<VirtualHost *:80>
ServerName agsupply.biz:80
Redirect permanent / https://www.domain_name.com/
sudo service httpd restart