Qiita Teams that are logged in
You are not logged in to any team

Log in to Qiita Team
Community
OrganizationAdvent CalendarQiitadon (β)
Service
Qiita JobsQiita ZineQiita Blog
2
Help us understand the problem. What is going on with this article?
@ki6ool

Let’s Encrypt for Amazon Linux (Nginx)

紆余曲折あったが最終的に公式に従うことにする

【AWS公式】Certificate Automation: Amazon Linux での Let's Encrypt と Certbot の使用
Certbot

$ cd /etc/nginx/
$ sudo yum-config-manager --enable epel
$ wget https://dl.eff.org/certbot-auto
$ chmod a+x /etc/nginx/certbot-auto
$ sudo /etc/nginx/certbot-auto --nginx --debug
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): 
$ info@example.com
#通知宛先メールアドレス
-------------------------------------------------------------------------------
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf. You must agree
in order to register with the ACME server at
https://acme-v01.api.letsencrypt.org/directory
-------------------------------------------------------------------------------
(A)gree/(C)ancel:
$ A

-------------------------------------------------------------------------------
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about EFF and
our work to encrypt the web, protect its users and defend digital rights.
-------------------------------------------------------------------------------
(Y)es/(N)o:
$ N
Which names would you like to activate HTTPS for?
-------------------------------------------------------------------------------
1: example.com
-------------------------------------------------------------------------------
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):
$ 2
#httpsへのリダイレクト

Congratulations! 言われたらおk

証明書の更新を自動化設定するには

$ crontab -e
39 1,13 * * * root certbot renew --no-self-upgrade
#毎日、01:39 と 13:39 にコマンドが実行

詳細は上記リンク先のAWS公式ドキュメントを参照。
※更新されるかは未検証

エラーになる場合

Lets Encryptで証明書更新時にcryptographyのエラーが出た時の対処法
Let’s Encryptでvirtualenv: error: unrecognized arguments: –no-site-packages

上記2つの解説で大体いける

備考

2021年にLet’s Encryptのルート証明書が変更!影響や備えておくべきこととは?
Firefoxでエラーが出るとか嫌な予感がしたが出なかったので良しとした。

SSL有効確認

$ openssl s_client -connect [ドメイン]:443 -showcerts
2
Help us understand the problem. What is going on with this article?
Why not register and get more from Qiita?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
ki6ool
絶対ワードプレス使うマン

Comments

No comments
Sign up for free and join this conversation.
Sign Up
If you already have a Qiita account Login
2
Help us understand the problem. What is going on with this article?