alphavantage APIとか使って、株アプリを作ってる
準備
Let's EncryptはフリーのSSL証明書
導入した後の証明書更新のときは、
80番ポートを開放していることが必要である。
これからSSL証明書の更新手順を説明してみよう
一応、バックアップをとる
$ cp -pr /etc/letsencrypt/ /etc/letsencrypt.20230701
SSL証明書更新 (dry-run)
$ sudo certbot renew --webroot -w /var/www/html/wordpress01 --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/stonehills.tokyo.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Simulating renewal of an existing certificate for stonehills.tokyo
Performing the following challenges:
http-01 challenge for stonehills.tokyo
Using the webroot path /var/www/html/wordpress01 for all unmatched domains.
Waiting for verification...
Cleaning up challenges
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/stonehills.tokyo/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations, all simulated renewals succeeded:
/etc/letsencrypt/live/stonehills.tokyo/fullchain.pem (success)SSL証明書更新
$ sudo certbot renew --webroot -w /var/www/html/wordpress01
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/stonehills.tokyo.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate for stonehills.tokyo
Performing the following challenges:
http-01 challenge for stonehills.tokyo
Using the webroot path /var/www/html/wordpress01 for all unmatched domains.
Waiting for verification...
Cleaning up challenges
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/stonehills.tokyo/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations, all renewals succeeded:
/etc/letsencrypt/live/stonehills.tokyo/fullchain.pem (success)$ sudo systemctl restart apache2
ブラウザから、SSL証明書の更新日が変更されていることを確認する
Cronに登録した
3か月に一度有効期限が切れる。 毎回更新するのは面倒なので、結局cronに登録した。$ cronta -e
これは毎月1日午前1時に証明書更新する場合
0 1 01 * * sudo certbot renew --webroot -w /var/www/html/wordpress01
0 2 01 * * sudo systemctl restart apache2