1
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 3 years have passed since last update.

Let's Encrypt 構築+自動更新

Posted at

概要

今更な情報だけど、載せておく。
Let's Encrypt の SSL 証明書の発行と更新
CentOS 6CentOS 7 で手順が異なる事に注意する。


CentOS 6

Let's Encrypt のコマンド(certbot-auto)は Python 2.7 のインストールが必要。

コマンド(パッケージインストール)
yum install centos-release-SCL
yum update
yum install scl-utils python27 python27-scldevel
scl enable python27 bash
python -V
コマンド(Certbot-autoインストール)
curl https://dl.eff.org/certbot-auto -o /usr/bin/certbot-auto
chmod 700 /usr/bin/certbot-auto
コマンド(Python2.7の自動有効化設定)
vi /etc/profile.d/python27.sh
source /etc/profile
python --version
/etc/profile.d/python27.sh
#!/bin/bash
source /opt/rh/python27/enable
export X_SCLS="`scl enable python27 'echo $X_SCLS'`"
/etc/letsencrypt/renewal/<ドメイン>.conf
[renewalparams]
authenticator = webroot
[[webroot_map]]
<ドメイン> = /var/www/html
コマンド(証明書発行)
certbot-auto certonly --webroot -w /var/www/html -d <ドメイン> --email mainte@domain.co.jp -n --agree-tos
certbot-auto certonly --webroot -w /var/www/html -d www.<ドメイン> --email mainte@domain.co.jp -n --agree-tos
certbot-auto certonly --webroot -w /var/www/html -d mail.<ドメイン> --email mainte@domain.co.jp -n --agree-tos
コマンド(更新)
scl enable python27 "/usr/bin/certbot-auto renew"
Cron設定
#-- Crats Let's Encrypt Settings
PATH=/opt/rh/python27/root/usr/bin:/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin
00	01	*	*	*	scl enable python27 "/usr/bin/certbot-auto renew --quiet --no-self-upgrade --post-hook \"service httpd restart; service postfix restart; service dovecot restart;\"" 

CentOS 7

コマンド(パッケージインストール)
yum install mod_ssl
yum install epel-release
yum install certbot
コマンド(証明書発行)
certbot certonly --webroot -w /var/www/html -d <ドメイン> --email mainte@domain.co.jp -n --agree-tos
certbot certonly --webroot -w /var/www/html -d www.<ドメイン> --email mainte@domain.co.jp -n --agree-tos
certbot certonly --webroot -w /var/www/html -d mail.<ドメイン> --email mainte@domain.co.jp -n --agree-tos
コマンド(更新)
/bin/certbot renew
Cron設定
#-- Crats Let's Encrypt Settings
00	01	*	*	*	/bin/certbot renew --post-hook "systemctl restart httpd.service; systemctl restart postfix.service; systemctl restart dovecot.service"

1
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
1
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?