SSL(証明書設定)Let's Encrypt

●Let's Encrypt を導入して、証明書の設定を行ってみる。

1)以下の流れで、導入を行ってみる。

# cd /usr/local

# git clone https://github.com/certbot/certbot

# cd certbot

2)以下、実行する。

# ./certbot-auto certonly --standalone -t

Upgrading certbot-auto 0.24.0 to 0.25.0...

Replacing certbot-auto...

Creating virtual environment...

Installing Python packages...

Installation succeeded.

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Plugins selected: Authenticator standalone, Installer None

Enter email address (used for urgent renewal and security notices) (Enter 'c' to

cancel): メールアドレスを入力する

-------------------------------------------------------------------------------

Please read the Terms of Service at

https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must

agree in order to register with the ACME server at

https://acme-v01.api.letsencrypt.org/directory

-------------------------------------------------------------------------------

(A)gree/(C)ancel: a

-------------------------------------------------------------------------------

Would you be willing to share your email address with the Electronic Frontier

Foundation, a founding partner of the Let's Encrypt project and the non-profit

organization that develops Certbot? We'd like to send you email about our work

encrypting the web, EFF news, campaigns, and ways to support digital freedom.

-------------------------------------------------------------------------------

(Y)es/(N)o: y

Please enter in your domain name(s) (comma and/or space separated)  (Enter 'c'

to cancel): ドメイン名を入力する。

8)以下、認証鍵の指定を行う。

vi /etc/nginx/conf.d/www.digihide.ga_http.conf

====追加内容================

  listen 443 ssl;

  ssl_certificate     /etc/letsencrypt/live/www.dighide.ga/fullchain.pem;

  ssl_certificate_key /etc/letsencrypt/live/www.dighide.ga/privkey.pem;

==========================

●赤字は、上記で作成した認証鍵

9)nginxを再起動を行えばSSLが適応されているはず。

10)有効期限が3ヶ月ということなので、更新を行う必要がある。

# ./certbot-auto renew