{"id":1938,"date":"2022-03-07T16:33:23","date_gmt":"2022-03-07T07:33:23","guid":{"rendered":"https:\/\/weblog.hirohiro716.com\/?p=1938"},"modified":"2024-11-19T00:12:45","modified_gmt":"2024-11-18T15:12:45","slug":"almalinux8%e3%81%aeapache%e3%81%abletsencrypt%e3%81%ae%e8%a8%bc%e6%98%8e%e6%9b%b8%e3%82%92%e3%82%a4%e3%83%b3%e3%82%b9%e3%83%88%e3%83%bc%e3%83%ab","status":"publish","type":"post","link":"https:\/\/weblog.hirohiro716.com\/?p=1938","title":{"rendered":"AlmaLinux8\u306eApache\u306bLet\u2019sEncrypt\u306e\u8a3c\u660e\u66f8\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3059\u308b"},"content":{"rendered":"
\r\nAlmaLinux release 8.5 (Arctic Sphynx)\r\nApache 2.4.37\r\nOpenSSL 1.1.1k\r\n<\/pre>\n
SSL\u95a2\u9023\u306e\u30d1\u30c3\u30b1\u30fc\u30b8\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3059\u308b\u3002<\/p>\n
\r\n# dnf install openssl\r\n# dnf install mod_ssl\r\n<\/pre>\n
Let\u2019sEncrypt\u306e\u8a3c\u660e\u66f8\u3092\u767a\u884c\u3059\u308b\u305f\u3081\u306ecertbot\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3059\u308b\u3002<\/p>\n
\r\n# dnf install epel-release\r\n# dnf install certbot\r\n<\/pre>\n
SSL\u8a3c\u660e\u66f8\u3092\u767a\u884c\u3059\u308b\u3002\u4f55\u5ea6\u3082\u5931\u6557\u3057\u305f\u308a\u3057\u3066\u3082\u5236\u9650\u304c\u304b\u304b\u308b\u306e\u3067\u3001–dry-run\u30aa\u30d7\u30b7\u30e7\u30f3\u3092\u6307\u5b9a\u3057\u3066\u30c6\u30b9\u30c8\u3059\u308b\u3002<\/p>\n
\r\n# certbot certonly --webroot -w \/var\/www\/html\/test\/ -d test.example.com\r\n-------------------------------------------------------------\r\nSaving debug log to \/var\/log\/letsencrypt\/letsencrypt.log\r\nEnter email address (used for urgent renewal and security notices)\r\n (Enter 'c' to cancel): admin@test.example.com\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nPlease read the Terms of Service at\r\nhttps:\/\/letsencrypt.org\/documents\/LE-SA-v1.2-November-15-2017.pdf. You must\r\nagree in order to register with the ACME server. Do you agree?\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n(Y)es\/(N)o: Y\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nWould you be willing, once your first certificate is successfully issued, to\r\nshare your email address with the Electronic Frontier Foundation, a founding\r\npartner of the Let's Encrypt project and the non-profit organization that\r\ndevelops Certbot? We'd like to send you email about our work encrypting the web,\r\nEFF news, campaigns, and ways to support digital freedom.\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n(Y)es\/(N)o: N\r\nAccount registered.\r\nRequesting a certificate for test.example.com\r\n\r\nSuccessfully received certificate.\r\nCertificate is saved at: \/etc\/letsencrypt\/live\/test.example.com\/fullchain.pem\r\nKey is saved at:         \/etc\/letsencrypt\/live\/test.example.com\/privkey.pem\r\nThis certificate expires on 2022-06-01.\r\nThese files will be updated when the certificate renews.\r\nCertbot has set up a scheduled task to automatically renew this certificate in the background.\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nIf you like Certbot, please consider supporting our work by:\r\n * Donating to ISRG \/ Let's Encrypt:   https:\/\/letsencrypt.org\/donate\r\n * Donating to EFF:                    https:\/\/eff.org\/donate-le\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n<\/pre>\n
\u767a\u884c\u304c\u6210\u529f\u3059\u308b\u3068\u4e0b\u8a18\u306e\u5834\u6240\u306b\u8a3c\u660e\u66f8\u304c\u4f5c\u3089\u308c\u308b\u3002\u307b\u304b\u306e\u30b5\u30fc\u30d0\u30fc\u306b\u79fb\u884c\u3059\u308b\u5834\u5408\u306f\/etc\/letsencrypt\/\u3054\u3068\u30b3\u30d4\u30fc\u3059\u308c\u3070OK\u3060\u3063\u305f\u3002<\/p>\n
\r\n\/etc\/letsencrypt\/live\/test.example.com\/cert.pem\r\n\/etc\/letsencrypt\/live\/test.example.com\/privkey.pem\r\n\/etc\/letsencrypt\/live\/test.example.com\/chain.pem\r\n<\/pre>\n
cron\u3067\u6bce\u671d4\u6642\u306bSSL\u8a3c\u660e\u66f8\u3092\u66f4\u65b0\u3059\u308b\u30b8\u30e7\u30d6\u3092\u8ffd\u52a0\u3059\u308b\u3002\u66f4\u65b0\u3055\u308c\u308b\u304b\u306f\u81ea\u52d5\u3067\u6c7a\u5b9a\u3055\u308c\u3001\u66f4\u65b0\u3055\u308c\u305f\u5834\u5408\u306e\u307f–deploy-hook\u30aa\u30d7\u30b7\u30e7\u30f3\u3067\u6307\u5b9a\u3055\u308c\u305f\u30b3\u30de\u30f3\u30c9\u304c\u5b9f\u884c\u3055\u308c\u308b\u3002<\/p>\n
\r\n0 4 * * * certbot renew --deploy-hook "systemctl reload httpd"\r\n<\/pre>\n
Apache\u306eSSL\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u306e\u4e0d\u8981\u306a\u8a2d\u5b9a\u3092\u30b3\u30e1\u30f3\u30c8\u30a2\u30a6\u30c8\u3059\u308b\u3002<\/p>\n
\r\n\u2026\r\n#SSLEngine on\r\n\u2026\r\n#SSLCertificateFile \/etc\/pki\/tls\/certs\/localhost.crt\r\n\u2026\r\n#SSLCertificateKeyFile \/etc\/pki\/tls\/private\/localhost.key\r\n\u2026\r\n<\/pre>\n
\u7d9a\u3044\u3066\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u306e\u6700\u4e0b\u90e8\u306bSSL\u8a3c\u660e\u66f8\u306e\u8a2d\u5b9a\u3092\u8ffd\u8a18\u3059\u308b\u3002<\/p>\n
\r\n<VirtualHost *:443>\r\n    ServerName test.example.com\r\n    DocumentRoot "\/var\/www\/html\/test\/"\r\n    <Directory "\/var\/www\/html\/test\/">\r\n        AllowOverride All\r\n    <\/Directory>\r\n    SSLEngine on\r\n    SSLProtocol -All +TLSv1.2\r\n    SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA:!3DES:!RC4:!DH\r\n    SSLHonorCipherOrder On\r\n    SSLCertificateFile \/etc\/letsencrypt\/live\/test.example.com\/cert.pem\r\n    SSLCertificateKeyFile \/etc\/letsencrypt\/live\/test.example.com\/privkey.pem\r\n    SSLCertificateChainFile \/etc\/letsencrypt\/live\/test.example.com\/chain.pem\r\n<\/VirtualHost>\r\n<\/pre>\n
Apache\u306e\u8a2d\u5b9a\u3092\u518d\u8aad\u307f\u8fbc\u307f\u3059\u308b\u3002<\/p>\n
\r\n# systemctl reload httpd\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"
AlmaLinux release 8.5 (Arctic Sphynx) Apache 2.4.37 OpenSSL 1.1.1k SSL\u95a2\u9023\u306e\u30d1\u30c3\u30b1\u30fc\u30b8\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3059\u308b\u3002 # dnf install openssl […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[31],"tags":[],"class_list":["post-1938","post","type-post","status-publish","format-standard","hentry","category-almalinux"],"views":6544,"_links":{"self":[{"href":"https:\/\/weblog.hirohiro716.com\/index.php?rest_route=\/wp\/v2\/posts\/1938","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/weblog.hirohiro716.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/weblog.hirohiro716.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/weblog.hirohiro716.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/weblog.hirohiro716.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1938"}],"version-history":[{"count":10,"href":"https:\/\/weblog.hirohiro716.com\/index.php?rest_route=\/wp\/v2\/posts\/1938\/revisions"}],"predecessor-version":[{"id":2885,"href":"https:\/\/weblog.hirohiro716.com\/index.php?rest_route=\/wp\/v2\/posts\/1938\/revisions\/2885"}],"wp:attachment":[{"href":"https:\/\/weblog.hirohiro716.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1938"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/weblog.hirohiro716.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1938"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/weblog.hirohiro716.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1938"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}