Let's Encryptは無料で利用できて商用利用可能な証明書発行サービスです。https化に必要なSSL証明書が無料で発行されるなんて、良い時代になりましたね。
しかし証明書の有効期限は90日なのでその度に、更新作業は面倒なので、自動化してしまいましょう。
[root@localhost ~]# cd /usr/local/ ← ディレクトリ移動 |
[root@localhost local]# git clone https://github.com/certbot/certbot ← Certbotクライアントダウンロード |
[root@localhost local]# cd ← ディレクトリ移動| [root@localhost ~]# /usr/local/certbot/certbot-auto -n ← Certbotクライアントインストール|
[root@localhost ~]# sudo ./certbot-auto certonly |
Saving debug log to /var/log/letsencrypt/letsencrypt.log How would you like to authenticate with the ACME CA? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: Apache Web Server plugin - Beta (apache) 2: Nginx Web Server plugin (nginx) 3: Spin up a temporary webserver (standalone) 4: Place files in webroot directory (webroot) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-4] then [enter] (press 'c' to cancel): 2 ←2(Nginx)を選択 | Plugins selected: Authenticator nginx, Installer None Please enter in your domain name(s) (comma and/or space separated) (Enter 'c' to cancel): hoge.jp ←ドメイン名(FQDN)を入力 Obtaining a new certificate Performing the following challenges: http-01 challenge for hoge.jp Waiting for verification... Cleaning up challenges IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/hoge.jp/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/hoge.jp/privkey.pem Your cert will expire on 2018-11-23. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again. To non-interactively renew *all* of your certificates, run "certbot-auto renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le |
指示に従ってすすめていきます。