Help us understand the problem. What is going on with this article?

certbotでlets encryptを設定する

いつもはawsだとelastic load balancer(ELB)のapplication load balancer(ALB)で設定するんですが、
今回は久しぶりにlightsailを触ることになったので、lets encryptをcertbotで設定しました。

環境

[aws lightsail]
OS: ubuntu
server: nginx

コマンド

事前準備

$ git --version
git version 2.17.1

上記でgit version が表示されれば、下記のinstallは必要ないです。

$ sudo apt install git

certbotの準備

$ cd ~

$ git clone https://github.com/certbot/certbot

$ sudo mv certbot /usr/local

$ cd /usr/local/certbot/

$ ./certbot-auto --help
Requesting to rerun ./certbot-auto with root privileges...
Usage: certbot-auto [OPTIONS]
A self-updating wrapper script for the Certbot ACME client. When run, updates
to both this script and certbot will be downloaded and installed. After
ensuring you have the latest versions installed, certbot will be invoked with
all arguments you have provided.

Help for certbot itself cannot be provided until it is installed.

  --debug                                   attempt experimental installation
  -h, --help                                print this help
  -n, --non-interactive, --noninteractive   run without asking for user input
  --no-bootstrap                            do not install OS dependencies
  --no-self-upgrade                         do not download updates
  --os-packages-only                        install OS dependencies and exit
  --install-only                            install certbot, upgrade if needed, and exit
  -v, --verbose                             provide more output
  -q, --quiet                               provide only update/error output;
                                            implies --non-interactive

All arguments are accepted and forwarded to the Certbot client when run.

これでcertbotを使う準備は整いました。

ドメインに紐づくSSLを取得する

必要なものを用意する

・ドメイン
・www.hoge.com
・メールアドレス
webmaster@www.hoge.com

$ ./certbot-auto certonly --standalone -d www.hoge.com -m webmaster@www.hoge.com --agree-tos -n

certbotが動かない場合

nginxが動いている場合はcertbotがうまく動かない場合があるのでnginxを止めてから上記のコマンドを実行する。

$ sudo service nginx stop

$ ./certbot-auto certonly --standalone -d www.hoge.com -m webmaster@www.hoge.com --agree-tos -n

nginxにSSLの設定を書いてSSLを設定する

nginx.conf

server {
    listen 80;
    server_name www.hoge.com;
    return 301 https://$host$request_uri;
}

server {
  listen 443 ssl;
  server_name www.hoge.net;
  root /var/www/html/;

  ssl_certificate /etc/letsencrypt/live/www.hoge.net/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/www.hoge.net/privkey.pem;

  ~

nginxを再起動します

$ sudo service nginx start

lets encryptは期限があるので更新をする

$ crontab -e

cronのファイル内

0 1 1 * * root /usr/local/certbot/certbot-auto renew --force-renewal && service nginx restart
Why do not you register as a user and use Qiita more conveniently?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
Comments
Sign up for free and join this conversation.
If you already have a Qiita account
Why do not you register as a user and use Qiita more conveniently?
You need to log in to use this function. Qiita can be used more conveniently after logging in.
You seem to be reading articles frequently this month. Qiita can be used more conveniently after logging in.
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away