Qiita Teams that are logged in
You are not logged in to any team

Log in to Qiita Team
OrganizationEventAdvent CalendarQiitadon (β)
Qiita JobsQiita ZineQiita Blog
Help us understand the problem. What are the problem?

More than 3 years have passed since last update.


letsencrypt の 設定方法[メモ]


Distributor ID: Ubuntu
Description: Ubuntu 16.04.1 LTS
Release: 16.04
Codename: xenial

nginx version: nginx/1.10.0 (Ubuntu)

git version 2.7.4

install letsencrypt

# git clone https://github.com/letsencrypt/letsencrypt.git

make keys for ssl

# /root/letsencrypt/letsencrypt-auto certonly --webroot -w /var/www/html/example.com -d example.com

add to crontab as root

# crontab -e

0 0 1 * * /root/letsencrypt/letsencrypt-auto certonly --webroot -w /var/www/html/example.com -d example.com --renew-by-default && service nginx restart

make dh param key (DH鍵交換用のパラメータキー)

# openssl dhparam -out dhparams.pem 2048

add to your using server directive of nginx.conf.

ssl on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/letsencrypt/live/example.com/dhparams.pem

=> SSLv3無効[POODLE対策]
=> 暗号化スイート明示

Configuring HSTS in NGINX

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

SSL LABS - SSL Server Test

Certbot - Welcome to the Certbot documentation!

Why not register and get more from Qiita?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
Help us understand the problem. What are the problem?