AmaxonLinuxで、ApacheをLet's EncryptでHTTPS化する。サブドメインもセキュアにしてみた

Let's Encrypt
AWS

前提条件

ドメイン名をsite.workとしています

コマンド取得

wget https://dl.eff.org/certbot-auto
chmod 700 certbot-auto
sudo chown ec2-user:ec2-user certbot-auto

コマンド書き換える

elif [ -f /etc/issue ] && grep -iq "Amazon Linux" /etc/issue ; then
  Bootstrap() {
    ExperimentalBootstrap "Amazon Linux" BootstrapRpmCommon
  }
  BOOTSTRAP_VERSION="BootstrapRpmCommon $BOOTSTRAP_RPM_COMMON_VERSION"

以下に書き換える

 elif grep -i "Amazon Linux" /etc/issue > /dev/null 2>&1 || \
   grep 'cpe:.*:amazon_linux:2' /etc/os-release > /dev/null 2>&1; then
  Bootstrap() {
    ExperimentalBootstrap "Amazon Linux" BootstrapRpmCommon
  }
  BOOTSTRAP_VERSION="BootstrapRpmCommon $BOOTSTRAP_RPM_COMMON_VERSION"

コマンド配置

sudo mv ./certbot-auto /usr/local/bin

証明書の場所

sudo ls /etc/letsencrypt/live/site.work

証明書の発行

certbot-auto certonly --webroot -w /var/www/html -d site.work --email site@gmail.com -n --agree-tos --debug --no-self-upgrade

Apacheに設定

sudo vi /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/letsencrypt/live/site.work/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/site.work/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/site.work/chain.pem

Apache再起動

sudo systemctl restart httpd.service

サブドメインもやってみる

certbot-auto certonly --webroot -w /var/www/html -d site.work -w /var/www/html/sub1 -d sub1.site.work --email site@gmail.com -n --agree-tos --debug --no-self-upgrade

Apacheに追加で設定

sudo vi /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/letsencrypt/live/site.work/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/site.work/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/site.work/chain.pem

Apache再起動

sudo systemctl restart httpd.service

参考
ありがとうございました

https://qiita.com/MysteriousMonky/items/f26316447c1ff390ce21