Help us understand the problem. What is going on with this article?

CentOS 7(さくらVPS) + ApacheにLet's Encryptの無料SSL導入

More than 1 year has passed since last update.

SSL証明書が無料で取れるLet's Encryptを導入

ApacheにVirtual Hostを設定

vim /etc/httpd/conf/httpd.conf

httpd.confの末尾に以下を追加

httpd.conf
NameVirtualHost *:80

<VirtualHost *:80>
    ServerAdmin [管理者のメールアドレス]
    DocumentRoot [HTMLのルートディレクトリパス]
    ServerName [ホスト名]
</VirtualHost>

Let's Encryptを設定

この項の処理は全部ここに書いてあります
https://certbot.eff.org/#centosrhel7-apache

ツールをインストール

yum install python-certbot-apache

ツールを実行

certbot --apache

対話式なので指示に従う

ApacheにSSL証明書を設定

  • httpd.confを設定
vim /etc/httpd/conf/httpd.conf
httpd.conf
NameVirtualHost *:80
NameVirtualHost *:443  //追加

//<VirtualHost *:80>の中を以下のように編集するとHTTPでのリクエストをHTTPSにリダイレクトする
<VirtualHost *:80>
    ServerName [ホスト名]
    <IfModule mod_rewrite.c>
        RewriteEngine on
        RewriteCond %{HTTPS} off
        RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
    </IfModule>
</VirtualHost>

//ここから下を追加
<VirtualHost *:443>
    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/[ドメイン名]/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/[ドメイン名]/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/[ドメイン名]/chain.pem

    ServerAdmin [管理者のメールアドレス]
    DocumentRoot [HTMLのルートディレクトリパス]
    ServerName [ホスト名]
</VirtualHost>

自動更新を設定

Let's Encryptの証明書は3ヶ月しか期限がないので自動更新するように設定する

正しく更新できるか確認

certbot renew --dry-run

Congratulations... と表示されることを確認

crontabに自動更新を設定

必要なとき(一般に有効期限が30日を切った場合らしい)のみ更新が実行されるので毎日スクリプトを実行して問題ない

vim /etc/crontab
//末尾に追加
1 5 * * * root certbot renew --quiet

それにしても無料でSSL証明書がしかもこんな簡単に設定できるとはなんていい時代になったんだろう…

参考

Why not register and get more from Qiita?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
Comments
No comments
Sign up for free and join this conversation.
If you already have a Qiita account
Why do not you register as a user and use Qiita more conveniently?
You need to log in to use this function. Qiita can be used more conveniently after logging in.
You seem to be reading articles frequently this month. Qiita can be used more conveniently after logging in.
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
ユーザーは見つかりませんでした