Redmine
gcp

GCP > Cloud Launcher > redmineでLet's Encrypt

Generate and Install a Let's Encrypt SSL Certificate for a Bitnami Application

redmineのカーネルはDebian 9 (Stretch)

sudo su

update

apt -y update
apt -y -t stretch-backports install certbot
cd /tmp
curl -s https://api.github.com/repos/xenolf/lego/releases/latest | grep browser_download_url | grep linux_amd64 | cut -d '"' -f 4 | wget -i -

tar xf lego_linux_amd64.tar.xz

mv lego_linux_amd64 /usr/local/bin/lego

sudo /opt/bitnami/ctlscript.sh stop
sudo lego --email="EMAIL-ADDRESS" --domains="DOMAIN" --path="/etc/lego" run

backup

mv /opt/bitnami/apache2/conf/server.crt /opt/bitnami/apache2/conf/server.crt.old
mv /opt/bitnami/apache2/conf/server.key /opt/bitnami/apache2/conf/server.key.old
mv /opt/bitnami/apache2/conf/server.csr /opt/bitnami/apache2/conf/server.csr.old

copy file

ln -s /etc/lego/certificates/ドメイン名.key /opt/bitnami/apache2/conf/server.key
ln -s /etc/lego/certificates/ドメイン名.crt /opt/bitnami/apache2/conf/server.crt

change

chown root:root /opt/bitnami/apache2/conf/server*
chmod 600 /opt/bitnami/apache2/conf/server*

更新

/opt/bitnami/ctlscript.sh stop
lego --email=EMAIL@ADDRESS --domains=DOMAIN.com --path="/etc/lego" renew
/opt/bitnami/ctlscript.sh start

自動更新

crontab -e

00 04 01 * * lego --email=EMAIL@ADDRESS --domains=DOMAIN.com --path="/etc/lego" renew &&  /opt/bitnami/ctlscript.sh restart

参考

Let’s Encrypt の証明書の更新を自動化する手順 (cron) | WEB ARCH LABO