Go to Qiita Advent Calendar 2024 Top
LoginSignup
3
6

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 5 years have passed since last update.

@TETRA2000

ApacheでIP制限した環境でletsencryptする

Posted at

ApacheでIP制限した環境でletsencryptする

前提

こんな風に、特定のIPからの接続のみ許可している場合

<Directory "/var/www/html">
    <RequireAny>
        Require all denied
        Require ip **.**.**.**
    </RequireAny>
</Directory>

Apacheの設定変更

ACMEチャレンジに使われるディレクトリだけ開けておく

<Directory "/var/www/html/.well-known/acme-challenge">
    <RequireAll>
        Require all granted
    </RequireAll>
</Directory>

証明書取得

certbotを使う

certbot
https://certbot.eff.org/

./certbot-auto certonly --webroot  -w /var/www/html -d example.com

おまけ

Webサーバーへ一切の接続を許可できない場合、txtレコードを使った認証方法がある
https://www.xmisao.com/2016/04/18/get-free-certification-by-letsencrypt-dns-01-authentication.html

certbotでも対応している
http://letsencrypt.readthedocs.io/en/latest/using.html#manual

/certbot-auto certonly --preferred-challenges dns-01 --authenticator manual --domain example.com

あとは指示されたtxtレコードを追加するだけ

3
6
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
3
6

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?