Let's Encryptを使って無料でブログをSSL化する
Posted: 2017-12-18
スポンサーリンク
目次
はじめに
Let's Encryptは無料でSSL証明書を発行してくれるありがたい機関?です。
googleの検索順位もhttps化されたページの方が優先されるということで、今回このブログもhttps化しようかと思い、その手順を残しておこうかと思います。
環境
- CentOS Linux release 7.4.1708 (Core)
- nginx/1.10.2
- rails4.2.0
前提
- 独自ドメインを既に取得済みであること
手順
基本的には公式のまんまです
1. certbot(CLI)のインストール
yum install epel-release
yum install certbot
今回はnginx環境なのでpython-certbot-apacheはインストールしません。
2. nginxの設定変更
certbotは証明書を発行するwebサーバ/ドメインが本当に使われているものかを確認するため、WEBサーバ上にテストファイルを置いて外部からアクセスできることを確認します。私の環境ではそれ用の設定を入れてないと以下のエラーが出てうまく行きませんでした。
## エラーが出るパターン
# certbot certonly --webroot -w /usr/share/nginx/html -d blog.setouchino.cloud
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for blog.setouchino.cloud
Using the webroot path /var/www/simpleblog/shared/public for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. blog.setouchino.cloud (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://blog.setouchino.cloud/.well-known/acme-challenge/FHpSClSuHmbGU8mnBTfqyO2BqGhMXytRsvRDZzvukzc: "<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>"
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: blog.setouchino.cloud
Type: unauthorized
Detail: Invalid response from
http://blog.setouchino.cloud/.well-known/acme-challenge/FHpSClSuHmbGU8mnBTfqyO2BqGhMXytRsvRDZzvukzc:
"<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
以下の設定を入れることで回避できます。
# vim /etc/nginx/conf.d/${nginxの設定ファイル名}
--------
server {
listen 80;
server_name blog.setouchino.cloud;
~~~~~中略~~~~~~~
location ^~ /.well-known/acme-challenge/ { # ★追記
root /usr/share/nginx/html; # ★追記
} # ★追記
}
--------
設定変更後、反映します。
systemctl reload nginx.service
再度実行し、以下のように結果が出ればOKです。
# certbot certonly --webroot -w /usr/share/nginx/html/ -d blog.setouchino.cloud
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for blog.setouchino.cloud
Using the webroot path /usr/share/nginx/html for all unmatched domains.
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/blog.setouchino.cloud/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/blog.setouchino.cloud/privkey.pem
Your cert will expire on 2018-03-18. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
これで証明書の払い出しはOKです。
証明書は
/etc/letsencrypt/live/ドメイン名
のディレクトリ配下に作られています。
3.nginxのSSL設定
# httpでアクセスしてきたらhttpsにリダイレクト
server {
listen 80;
server_name host.example.com;
return 301 https://$host$request_uri;
}
# httpsの設定
server {
listen 443 ssl;
server_name host.example.com;
ssl_certificate /etc/letsencrypt/live/blog.setouchino.cloud/cert.pem;
ssl_certificate_key /etc/letsencrypt/live/blog.setouchino.cloud/privkey.pem;
root /usr/share/nginx/html;
access_log /var/log/nginx/ssl_access.log;
error_log /var/log/nginx/ssl_error.log;
location ~ ^/assets/ {
}
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_pass http://unicorn;
}
#location ^~ /.well-known/acme-challenge/ {
#root /usr/share/nginx/html;
#}
}
4. nginxのrestart
systemctl restart nginx.service
これでブラウザにhttpsでアクセスして正しく表示されればOKです。
スポンサーリンク
コメント一覧
2021/03/19 09:52:34
PexAdepleさん
https://fcialisj.com/ - cheap cialis online
2021/04/08 01:47:39
tyncさん
What's the Essay Format? A composition arrangement is really actually a collection. It insures both the name webpage, fundamental article arrangement, article outline, your own decisions, citations, etc.. https://teachglobaled.net/essay-helper-effective-writing/
2021/04/20 19:51:19
loyalさん
In case you don't understand just how exactly to begin producing may be hard. Listed here are when coming back along with your essay that is Patriotic several blunder you really must stay away from. Instructional writing services which works a lot much better compared to every bibliography generator on earth. Figure out why we are trusted by college pupils.
http://www.howtogrowbud.com/5-actionable-tips-on-how-to-write-a-college-essay-and-twitter/
http://209.59.186.78/~frachtusa/2021/03/30/ow-do-you-make-your-cover-letter-stand-out/
http://www.arsbau.com/2020/11/16/top-10-websites-to-look-for-how-to-start-an-essay/
コメントを投稿する
TOP back