無料SSL証明書(Let’s Encrypt)の設置

Developer
Let’s Encryptの無料証明書を作成しよう

certbotのインストール

ubuntu@i-11100000125436:~$ sudo apt install software-properties-common
Reading package lists... Done
Building dependency tree
Reading state information... Done
software-properties-common is already the newest version (0.96.24.32.14).
The following package was automatically installed and is no longer required:
  grub-pc-bin
Use 'sudo apt autoremove' to remove it.
0 upgraded, 0 newly installed, 0 to remove and 35 not upgraded.
ubuntu@i-11100000125436:~$ sudo add-apt-repository ppa:certbot/certbot
 This is the PPA for packages prepared by Debian Let's Encrypt Team and backported for Ubuntu.

Note: Packages are only provided for currently supported Ubuntu releases.
 More info: https://launchpad.net/~certbot/+archive/ubuntu/certbot
Press [ENTER] to continue or Ctrl-c to cancel adding it.

エンター押下



Hit:1 http://repo.mysql.com/apt/ubuntu bionic InRelease
Ign:2 http://rpms.litespeedtech.com/debian bionic InRelease
Hit:3 http://rpms.litespeedtech.com/debian bionic Release
Hit:5 http://archive.ubuntu.com/ubuntu bionic InRelease
Get:6 http://security.ubuntu.com/ubuntu bionic-security InRelease [88.7 kB]
Get:7 http://archive.ubuntu.com/ubuntu bionic-updates InRelease [88.7 kB]
Get:8 http://ppa.launchpad.net/certbot/certbot/ubuntu bionic InRelease [21.3 kB]
Get:9 http://archive.ubuntu.com/ubuntu bionic-backports InRelease [74.6 kB]
Get:10 http://ppa.launchpad.net/certbot/certbot/ubuntu bionic/main amd64 Packages [8032 B]
Get:11 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages [1761 kB]
Get:12 http://ppa.launchpad.net/certbot/certbot/ubuntu bionic/main Translation-en [4176 B]
Get:13 http://archive.ubuntu.com/ubuntu bionic-updates/restricted amd64 Packages [196 kB]
Get:14 http://archive.ubuntu.com/ubuntu bionic-updates/universe amd64 Packages [1692 kB]
Get:15 http://archive.ubuntu.com/ubuntu bionic-updates/multiverse amd64 Packages [36.2 kB]
Fetched 3971 kB in 4s (977 kB/s)
Reading package lists... Done
ubuntu@i-11100000125436:~$ sudo apt update
Hit:1 http://repo.mysql.com/apt/ubuntu bionic InRelease
Ign:2 http://rpms.litespeedtech.com/debian bionic InRelease
Hit:3 http://archive.ubuntu.com/ubuntu bionic InRelease
Hit:4 http://security.ubuntu.com/ubuntu bionic-security InRelease
Hit:5 http://ppa.launchpad.net/certbot/certbot/ubuntu bionic InRelease
Hit:6 http://rpms.litespeedtech.com/debian bionic Release
Hit:7 http://archive.ubuntu.com/ubuntu bionic-updates InRelease
Hit:8 http://archive.ubuntu.com/ubuntu bionic-backports InRelease
Reading package lists... Done
Building dependency tree
Reading state information... Done
37 packages can be upgraded. Run 'apt list --upgradable' to see them.
ubuntu@i-11100000125436:~$ sudo apt install certbot
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following package was automatically installed and is no longer required:
  grub-pc-bin
Use 'sudo apt autoremove' to remove it.
The following additional packages will be installed:
  python3-acme python3-certbot python3-configargparse python3-future python3-icu python3-josepy python3-mock
  python3-ndg-httpsclient python3-parsedatetime python3-pbr python3-requests-toolbelt python3-rfc3339 python3-tz
  python3-zope.component python3-zope.event python3-zope.hookable
Suggested packages:
  python3-certbot-apache python3-certbot-nginx python-certbot-doc python-acme-doc python-future-doc python-mock-doc
The following NEW packages will be installed:
  certbot python3-acme python3-certbot python3-configargparse python3-future python3-icu python3-josepy python3-mock
  python3-ndg-httpsclient python3-parsedatetime python3-pbr python3-requests-toolbelt python3-rfc3339 python3-tz
  python3-zope.component python3-zope.event python3-zope.hookable
0 upgraded, 17 newly installed, 0 to remove and 37 not upgraded.
Need to get 1113 kB of archives.
After this operation, 5884 kB of additional disk space will be used.
Do you want to continue? [Y/n]

Yを入力します。

Do you want to continue? [Y/n] y
Get:1 http://ppa.launchpad.net/certbot/certbot/ubuntu bionic/main amd64 python3-josepy all 1.1.0-2+ubuntu18.04.1+certbot+1 [27.8 kB]
Get:2 http://archive.ubuntu.com/ubuntu bionic/main amd64 python3-pbr all 3.1.1-3ubuntu3 [53.8 kB]
Get:3 http://ppa.launchpad.net/certbot/certbot/ubuntu bionic/main amd64 python3-requests-toolbelt all 0.8.0-1+ubuntu18.04.1+certbot+1 [38.3 kB]
・・・省略

証明書の作成

ubuntu@i-11100000125436:~$ sudo certbot certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):

2を入力します。

Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Plugins selected: Authenticator webroot, Installer None
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel):

証明書の連絡窓口用メールアドレスを入力します。

Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): orz@damepo.net

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
ttps://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel:

Aを入力します。

(A)gree/(C)ancel: a

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o:

Nを入力します。

(Y)es/(N)o: N
Please enter in your domain name(s) (comma and/or space separated)  (Enter 'c'
to cancel):

ドメイン名を入力します。

Please enter in your domain name(s) (comma and/or space separated)  (Enter 'c'
to cancel): orztest.work
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for orztest.work
Input the webroot for orztest.work: (Enter 'c' to cancel):

ドキュメントルートを入力します。

Input the webroot for orztest.work: (Enter 'c' to cancel): /var/www/html
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/orztest.work/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/orztest.work/privkey.pem
   Your cert will expire on 2021-02-15. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

certbotがドキュメントルートにファイルを置いて勝手に認証してくれてpemファイルを作成してくれます。
本日はここまで、次回はLiteSpeedに証明書を設定していきます。

コメント

タイトルとURLをコピーしました