手動での秘密鍵生成等は要らず。
コマンドの実行で、秘密鍵生成、署名、証明書発行まで行ける。
コマンドのインストール
$ cd /usr/local/bin
$ sudo wget https://dl.eff.org/certbot-auto
$ sudo chmod 755 certbot-auto
SSL証明書発行
$ /usr/local/bin/certbot-auto certonly
以下、内容に沿って入力
Saving debug log to /var/log/letsencrypt/letsencrypt.log
How would you like to authenticate with the ACME CA?
-------------------------------------------------------------------------------
1: Spin up a temporary webserver (standalone) # アプリケーションサーバで動かす場合 (WEBサーバは止めておくこと)
2: Place files in webroot directory (webroot) # ドキュメントルートがある場合
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): [1 or 2を入力]
Plugins selected: Authenticator webroot, Installer None
Please enter in your domain name(s) (comma and/or space separated) (Enter 'c'to cancel): [ドメイン/サブドメインを入力]
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for [ドメイン/サブドメイン]
Input the webroot for [ドメイン/サブドメイン]: (Enter 'c' to cancel): [ドメイン/サブドメインのドキュメントルート]
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/[ドメイン/サブドメイン]/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/[ドメイン/サブドメイン]/privkey.pem
Your cert will expire on 2018-07-17. To obtain a new or tweaked
version of this certificate in the future, simply run certbot-auto
again. To non-interactively renew *all* of your certificates, run
"certbot-auto renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
SSL証明書発行 生成場所
$ sudo ls -al /etc/letsencrypt/live/[ドメイン/サブドメイン]/
README
lrwxrwxrwx 1 root root 52 4月 18 12:40 cert.pem -> ../../archive/[ドメイン/サブドメイン]/cert1.pem
lrwxrwxrwx 1 root root 53 4月 18 12:40 chain.pem -> ../../archive/[ドメイン/サブドメイン]/chain1.pem
lrwxrwxrwx 1 root root 57 4月 18 12:40 fullchain.pem -> ../../archive/[ドメイン/サブドメイン]/fullchain1.pem
lrwxrwxrwx 1 root root 55 4月 18 12:40 privkey.pem -> .