Edited at

Let’s Encrypt for Amazon Linux + Nginx

その昔諦めたけれど できたのでのこす

(正式にサポートされていないとのこと)

$ cd /etc/nginx/

$ wget https://dl.eff.org/certbot-auto
$ chmod a+x certbot-auto
$ sudo ./certbot-auto --nginx --debug

Enter email address (used for urgent renewal and security notices) (Enter 'c' to

cancel):
$ info@example.com
#通知宛先メールアドレス

-------------------------------------------------------------------------------

Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf. You must agree
in order to register with the ACME server at
https://acme-v01.api.letsencrypt.org/directory
-------------------------------------------------------------------------------
(A)gree/(C)ancel:
$ A


-------------------------------------------------------------------------------
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about EFF and
our work to encrypt the web, protect its users and defend digital rights.
-------------------------------------------------------------------------------
(Y)es/(N)o:
$ N

Which names would you like to activate HTTPS for?

-------------------------------------------------------------------------------
1: example.com
-------------------------------------------------------------------------------
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):

######
おそらくnginx.confのserve_rnameのリストを取ってきている
選択すると自動で443の saever{} を書いてくれる。
で80の server {} をコメントアウトしてくれる。素晴らしい。
server_nameがのリストがない場合はドメインを入力するとやってくれる。素晴らしい。
######

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.

-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):
$ 2
#httpsへのリダイレクト

Congratulations! 言われたらおk


クーロンで自動更新

$ crontab -e

0 0 1 * * /etc/nginx/certbot-auto renew --post-hook "service nginx reload"
#毎月1日0時0分に更新

が、

certbot: error: argument --post-hook: expected one argument

って言われて更新できないので

0 0 1 * * /etc/nginx/certbot-auto renew "service nginx reload"

--post-hook 消したら多分いける

次回更新時に

0 0 1 * * /etc/nginx/certbot-auto renew --deploy-hook "service nginx reload"

でできるか試してみる

参考:

[Sy] Amazon Linux(2017.09 release) + Nginx の環境で Let's Encrypt の SSL/TLS 証明書を取得して HTTPS の設定をする手順

Let's EncryptのSSL証明書更新時にサービスを再起動する