Let'sEncryptでSSL証明書発行

手動での秘密鍵生成等は要らず。

コマンドの実行で、秘密鍵生成、署名、証明書発行まで行ける。

コマンドのインストール

$ cd /usr/local/bin
$ sudo wget https://dl.eff.org/certbot-auto
$ sudo chmod 755 certbot-auto

SSL証明書発行

$ /usr/local/bin/certbot-auto certonly

以下、内容に沿って入力

Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?
-------------------------------------------------------------------------------
1: Spin up a temporary webserver (standalone) # アプリケーションサーバで動かす場合 (WEBサーバは止めておくこと)
2: Place files in webroot directory (webroot) # ドキュメントルートがある場合
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): [1 or 2を入力]
Plugins selected: Authenticator webroot, Installer None
Please enter in your domain name(s) (comma and/or space separated)  (Enter 'c'to cancel): [ドメイン/サブドメインを入力]
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for [ドメイン/サブドメイン]
Input the webroot for [ドメイン/サブドメイン]: (Enter 'c' to cancel): [ドメイン/サブドメインのドキュメントルート]
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/[ドメイン/サブドメイン]/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/[ドメイン/サブドメイン]/privkey.pem
   Your cert will expire on 2018-07-17. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot-auto
   again. To non-interactively renew *all* of your certificates, run
   "certbot-auto renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

SSL証明書発行 生成場所

$ sudo ls -al /etc/letsencrypt/live/[ドメイン/サブドメイン]/

README
lrwxrwxrwx 1 root root   52  4月 18 12:40 cert.pem -> ../../archive/[ドメイン/サブドメイン]/cert1.pem
lrwxrwxrwx 1 root root   53  4月 18 12:40 chain.pem -> ../../archive/[ドメイン/サブドメイン]/chain1.pem
lrwxrwxrwx 1 root root   57  4月 18 12:40 fullchain.pem -> ../../archive/[ドメイン/サブドメイン]/fullchain1.pem
lrwxrwxrwx 1 root root   55  4月 18 12:40 privkey.pem -> .