Help us understand the problem. What is going on with this article?

Ubuntu18.04でlets' encryptを使って証明書を取得する方法

概要

 一度lets' encryptを使ってみたかったので。
 後、Gitから取得の手順が多く、apt-getでとってくる手順が見つかななかったので。

certbot の設定

インストール

$ sudo apt-get install certbot

起動

$ sudo systemctl start certbot

証明書の取得

certbotの実行

$ sudo certbot certonly --standalone -t
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None

メールアドレスを入力

Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): <メールアドレス>

ライセンス

 「A」を入力します。

-------------------------------------------------------------------------------
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v01.api.letsencrypt.org/directory
-------------------------------------------------------------------------------
(A)gree/(C)ancel:A

メールアドレスの共有

 「N」を入力します。

-------------------------------------------------------------------------------
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about EFF and
our work to encrypt the web, protect its users and defend digital rights.
-------------------------------------------------------------------------------
(Y)es/(N)o: N

ドメインの入力

Please enter in your domain name(s) (comma and/or space separated)  (Enter 'c'
to cancel): <ドメイン名>

成功時のメッセージ

 以下のようなメッセージが出れば成功。

Obtaining a new certificate
Performing the following challenges:
http-01 challenge for iam.dancing-robot.club
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/<ドメイン名>/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/iam.dancing-robot.club/privkey.pem
   Your cert will expire on 2020-01-03. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

トラブルの場合

 「Congratulations!」が出ないで下のようなメッセージが出る場合は、Apacheやnginxのサービスを一度止めて再度取得を試みてください。

Problem binding to port 80: Could not bind to IPv4 or IPv6.

証明書のパス

 以下に格納されています。

$ sudo find /etc/letsencrypt/ -type f
/etc/letsencrypt/keys/0000_key-certbot.pem
/etc/letsencrypt/keys/0002_key-certbot.pem
/etc/letsencrypt/keys/0001_key-certbot.pem
/etc/letsencrypt/live/<ドメイン名>/README
/etc/letsencrypt/archive/<ドメイン名>/fullchain1.pem
/etc/letsencrypt/archive/<ドメイン名>/privkey1.pem
/etc/letsencrypt/archive/<ドメイン名>/cert1.pem
/etc/letsencrypt/archive/<ドメイン名>/chain1.pem
/etc/letsencrypt/renewal/<ドメイン名>.conf
/etc/letsencrypt/csr/0000_csr-certbot.pem
/etc/letsencrypt/csr/0002_csr-certbot.pem
/etc/letsencrypt/csr/0001_csr-certbot.pem
/etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory/364597c9523af380e31e93a1783eed80/private_key.json
/etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory/364597c9523af380e31e93a1783eed80/meta.json
/etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory/364597c9523af380e31e93a1783eed80/regr.json
/etc/letsencrypt/cli.ini

更新の自動化(Apacheやnginxを使用しない場合)

 rootのcronに以下のように設定する。
 例では、毎月1日のAM3時に更新されます。

$ sudo crontab -e
### Let's Encrypt
0 3 1 * * /usr/bin/certbot renew
Why do not you register as a user and use Qiita more conveniently?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
Comments
Sign up for free and join this conversation.
If you already have a Qiita account
Why do not you register as a user and use Qiita more conveniently?
You need to log in to use this function. Qiita can be used more conveniently after logging in.
You seem to be reading articles frequently this month. Qiita can be used more conveniently after logging in.
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away