Help us understand the problem. What is going on with this article?

AmaxonLinuxで、ApacheをLet's EncryptでHTTPS化する。サブドメインもセキュアにしてみた

More than 1 year has passed since last update.

Let's Encrypt
AWS

前提条件

ドメイン名をsite.workとしています

コマンド取得

wget https://dl.eff.org/certbot-auto
chmod 700 certbot-auto
sudo chown ec2-user:ec2-user certbot-auto

コマンド書き換える

elif [ -f /etc/issue ] && grep -iq "Amazon Linux" /etc/issue ; then
  Bootstrap() {
    ExperimentalBootstrap "Amazon Linux" BootstrapRpmCommon
  }
  BOOTSTRAP_VERSION="BootstrapRpmCommon $BOOTSTRAP_RPM_COMMON_VERSION"

以下に書き換える

 elif grep -i "Amazon Linux" /etc/issue > /dev/null 2>&1 || \
   grep 'cpe:.*:amazon_linux:2' /etc/os-release > /dev/null 2>&1; then
  Bootstrap() {
    ExperimentalBootstrap "Amazon Linux" BootstrapRpmCommon
  }
  BOOTSTRAP_VERSION="BootstrapRpmCommon $BOOTSTRAP_RPM_COMMON_VERSION"

コマンド配置

sudo mv ./certbot-auto /usr/local/bin

証明書の場所

sudo ls /etc/letsencrypt/live/site.work

証明書の発行

certbot-auto certonly --webroot -w /var/www/html -d site.work --email site@gmail.com -n --agree-tos --debug --no-self-upgrade

Apacheに設定

sudo vi /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/letsencrypt/live/site.work/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/site.work/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/site.work/chain.pem

Apache再起動

sudo systemctl restart httpd.service

サブドメインもやってみる

certbot-auto certonly --webroot -w /var/www/html -d site.work -w /var/www/html/sub1 -d sub1.site.work --email site@gmail.com -n --agree-tos --debug --no-self-upgrade

Apacheに追加で設定

sudo vi /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/letsencrypt/live/site.work/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/site.work/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/site.work/chain.pem

Apache再起動

sudo systemctl restart httpd.service

参考
ありがとうございました

https://qiita.com/MysteriousMonky/items/f26316447c1ff390ce21
noracorn92
ひとりで合同会社arecoreをやっています。 システムエンジニアと、輸入物販をしています。 株式会社Ticketstarと契約していて、チケットのシステムを作成しています twitterもnoracornでやっております。 気軽に絡んでくださいw
http://arecore.net
Why not register and get more from Qiita?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away