More than 1 year has passed since last update.

posted at

updated at

Let’s Encrypt for Amazon Linux (Nginx)


Amazon Linux

【AWS公式】Certificate Automation: Amazon Linux での Let's Encrypt と Certbot の使用

$ cd /etc/nginx/
$ sudo yum-config-manager --enable epel
$ wget https://dl.eff.org/certbot-auto
$ chmod a+x /etc/nginx/certbot-auto
$ sudo /etc/nginx/certbot-auto --nginx --debug

Amazon Linux 2

Certificate Automation: Amazon Linux 2 での Let's Encrypt と Certbot の使用

$ cd /home/ec2-user
$ sudo wget -r --no-parent -A 'epel-release-*.rpm' https://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/
$ sudo rpm -Uvh dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/epel-release-*.rpm
$ sudo yum-config-manager --enable epel*
$ sudo yum repolist all
$ sudo yum install certbot-nginx
# sudo certbot --nginx


Enter email address (used for urgent renewal and security notices) (Enter 'c' to
$ info@example.com
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf. You must agree
in order to register with the ACME server at
$ A

Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about EFF and
our work to encrypt the web, protect its users and defend digital rights.
$ N
Which names would you like to activate HTTPS for?
1: example.com
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):
$ 2

Congratulations! 言われたらおk


$ crontab -e
39 1,13 * * * root certbot renew --no-self-upgrade
#毎日、01:39 と 13:39 にコマンドが実行

※Amazon Linuxが動かなかったけどAmazon Linux2やったら効くかもしらん


Lets Encryptで証明書更新時にcryptographyのエラーが出た時の対処法
Let’s Encryptでvirtualenv: error: unrecognized arguments: –no-site-packages



2021年にLet’s Encryptのルート証明書が変更!影響や備えておくべきこととは?


$ openssl s_client -connect [ドメイン]:443 -showcerts

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
What you can do with signing up