3
8

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 5 years have passed since last update.

【無償SSL】Let's Encrypt 使ってみる。

Last updated at Posted at 2017-03-14

#実装した環境の情報

  • CentOS Linux release 7.3.1611 (Core)
  • Apache/2.4.6 (CentOS)

めんどくさい説明はなしで下記ご覧ください。
※ドメイン、ドキュメントルート部分は、各自環境に合わせて読み替えてください。

Let's Encrypt 総合ポータル | ユーザーガイド

$ sudo su

// Apache インストール
# yum install httpd

// Apache 起動、自動起動オン
# systemctl start httpd.service
# systemctl enable httpd.service

// HTTP/HTTPS ウェルウンポート開放
# firewall-cmd --permanent --zone=public --add-service=http 
# firewall-cmd --permanent --zone=public --add-service=https
# firewall-cmd --reload

// SSLモジュール、OpenSSL インストール
# yum install mod_ssl openssl

// epel インストール
# yum install epel-release

// epel からcertbot、certbot-apache インストール
# yum --enablerepo=epel install certbot python-certbot-apache

// certonly コマンドで、SSL/TLS サーバ証明書を取得する
# certbot certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?
-------------------------------------------------------------------------------
1: Apache Web Server plugin - Beta (apache)
2: Place files in webroot directory (webroot)
3: Spin up a temporary webserver (standalone)
-------------------------------------------------------------------------------

// Apache 使用するので1
Select the appropriate number [1-3] then [enter] (press 'c' to cancel): 1
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org

// Domain を指定
Please enter in your domain name(s) (comma and/or space separated)  (Enter 'c'
to cancel):ssl-test.yasuken1990.com
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for ssl-test.yasuken1990.com

We were unable to find a vhost with a ServerName or Address of ssl-test.yasuken1990.com.
Which virtual host would you like to choose?
(note: conf files with multiple vhosts are not yet supported)
-------------------------------------------------------------------------------
1: ssl.conf                       |                       | HTTPS | Enabled
-------------------------------------------------------------------------------

// 1を選ぶしかない件なので
Press 1 [enter] to confirm the selection (press 'c' to cancel): 1
Waiting for verification...
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0000_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0000_csr-certbot.pem

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at

// /etc/letsencrypt/live/ssl-test.yasuken1990.com/ に色々作られた
   /etc/letsencrypt/live/ssl-test.yasuken1990.com/fullchain.pem. Your
   cert will expire on 2017-06-12. To obtain a new or tweaked version
   of this certificate in the future, simply run certbot again. To
   non-interactively renew *all* of your certificates, run "certbot
   renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to

# vim /etc/httpd/conf.d/ssl.conf

#DocumentRoot "/var/www/html"
#ServerName www.example.com:443

// コメントになっているので、コピーして自分の環境にあった設定をする
DocumentRoot "/var/www/html"
ServerName ssl-test.yasuken1990.com:443
// Apache再起動
# systemctl restart httpd.service

https://ssl-test.yasuken1990.com アクセスすると、保護された通信になった!

SSL Server Test
確認してみよう!

crank.PNG
かなC...

ごにょー
brank.PNG

ごにょにょー
aminusrank.PNG

ごにょにょにょー
ranka.PNG

ごにょおおおおおお!!!
ranka+.PNG

ごにょな対応は、検索すれば出てくる内容ですけれども、また暇なときに書きます… 
いいね!10超えたら記事編集します笑
とりあえずは、Let's Encryptで無償SSLということでまとめ。

3
8
2

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
3
8

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?