{"id":2097,"date":"2022-05-03T12:43:51","date_gmt":"2022-05-03T03:43:51","guid":{"rendered":"https:\/\/weblog.hirohiro716.com\/?p=2097"},"modified":"2022-06-04T11:35:25","modified_gmt":"2022-06-04T02:35:25","slug":"apache%e3%81%8c%e5%8b%95%e3%81%84%e3%81%a6%e3%81%84%e3%82%8balmalinux8%e3%81%a7postfix%e7%94%a8%e3%81%aeletsencrypt%e3%81%ae%e8%a8%bc%e6%98%8e%e6%9b%b8%e3%82%92%e5%8f%96%e5%be%97%e3%81%99","status":"publish","type":"post","link":"https:\/\/weblog.hirohiro716.com\/?p=2097","title":{"rendered":"Apache\u304c\u52d5\u3044\u3066\u3044\u308bAlmaLinux8\u3067Postfix\u7528\u306eLet\u2019sEncrypt\u306e\u8a3c\u660e\u66f8\u3092\u53d6\u5f97\u3059\u308b"},"content":{"rendered":"<pre class=\"brush: plain; title: \u74b0\u5883; notranslate\" title=\"\u74b0\u5883\">\r\nAlmaLinux release 8.5 (Arctic Sphynx)\r\ncertbot 1.22.0\r\napache 2.4.37\r\npostfix 3.5.8\r\n<\/pre>\n<p>Let&#8217;sEncrypt\u306e\u8a3c\u660e\u66f8\u3092\u767a\u884c\u3059\u308b\u305f\u3081\u306ecertbot\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3059\u308b\u3002<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\n# dnf install epel-release\r\n# dnf install certbot\r\n<\/pre>\n<p>ACME\u30d7\u30ed\u30c8\u30b3\u30eb\u7528\u306bApache\u306e\u8a2d\u5b9a\u3092\u884c\u3046\u3002<\/p>\n<pre class=\"brush: plain; title: \/etc\/httpd\/conf.d\/letsencrypt-acme.conf; notranslate\" title=\"\/etc\/httpd\/conf.d\/letsencrypt-acme.conf\">\r\n&lt;VirtualHost *:80&gt;\r\n        ServerName test.example.com\r\n        DocumentRoot \/var\/lib\/letsencrypt\/\r\n        &lt;Directory \/var\/lib\/letsencrypt\/&gt;\r\n            AllowOverride None\r\n            Options IncludesNoExec\r\n            Require method GET\r\n        &lt;\/Directory&gt;\r\n&lt;\/VirtualHost&gt;\r\n<\/pre>\n<p>Apache\u306e\u8a2d\u5b9a\u3092\u518d\u8aad\u307f\u8fbc\u307f\u3059\u308b\u3002<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\n# systemctl reload httpd\r\n<\/pre>\n<p>SSL\u8a3c\u660e\u66f8\u3092\u767a\u884c\u3059\u308b\u3002\u4f55\u5ea6\u3082\u5931\u6557\u3057\u305f\u308a\u3057\u3066\u3082\u5236\u9650\u304c\u304b\u304b\u308b\u306e\u3067\u3001&#8211;dry-run\u30aa\u30d7\u30b7\u30e7\u30f3\u3092\u6307\u5b9a\u3057\u3066\u30c6\u30b9\u30c8\u3059\u308b\u3002<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\n# certbot certonly --webroot -w \/var\/lib\/letsencrypt\/ -d test.example.com\r\n-------------------------------------------------------------\r\nSaving debug log to \/var\/log\/letsencrypt\/letsencrypt.log\r\nEnter email address (used for urgent renewal and security notices)\r\n (Enter 'c' to cancel): admin@test.example.com\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nPlease read the Terms of Service at\r\nhttps:\/\/letsencrypt.org\/documents\/LE-SA-v1.2-November-15-2017.pdf. You must\r\nagree in order to register with the ACME server. Do you agree?\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n(Y)es\/(N)o: Y\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nWould you be willing, once your first certificate is successfully issued, to\r\nshare your email address with the Electronic Frontier Foundation, a founding\r\npartner of the Let's Encrypt project and the non-profit organization that\r\ndevelops Certbot? We'd like to send you email about our work encrypting the web,\r\nEFF news, campaigns, and ways to support digital freedom.\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n(Y)es\/(N)o: N\r\nAccount registered.\r\nRequesting a certificate for test.example.com\r\n\r\nSuccessfully received certificate.\r\nCertificate is saved at: \/etc\/letsencrypt\/live\/test.example.com\/fullchain.pem\r\nKey is saved at:         \/etc\/letsencrypt\/live\/test.example.com\/privkey.pem\r\nThis certificate expires on 2022-08-01.\r\nThese files will be updated when the certificate renews.\r\nCertbot has set up a scheduled task to automatically renew this certificate in the background.\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nIf you like Certbot, please consider supporting our work by:\r\n * Donating to ISRG \/ Let's Encrypt:   https:\/\/letsencrypt.org\/donate\r\n * Donating to EFF:                    https:\/\/eff.org\/donate-le\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n<\/pre>\n<p>\u767a\u884c\u304c\u6210\u529f\u3059\u308b\u3068\u4e0b\u8a18\u306e\u5834\u6240\u306b\u8a3c\u660e\u66f8\u304c\u4f5c\u3089\u308c\u308b\u3002\u307b\u304b\u306e\u30b5\u30fc\u30d0\u30fc\u306b\u79fb\u884c\u3059\u308b\u5834\u5408\u306f\/etc\/letsencrypt\/\u3054\u3068\u30b3\u30d4\u30fc\u3059\u308c\u3070OK\u3060\u3063\u305f\u3002<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\n\/etc\/letsencrypt\/live\/test.example.com\/cert.pem\r\n\/etc\/letsencrypt\/live\/test.example.com\/privkey.pem\r\n\/etc\/letsencrypt\/live\/test.example.com\/chain.pem\r\n\/etc\/letsencrypt\/live\/test.example.com\/fullchain.pem\r\n<\/pre>\n<p>cron\u3067\u6bce\u671d4\u6642\u306bSSL\u8a3c\u660e\u66f8\u3092\u66f4\u65b0\u3059\u308b\u30b8\u30e7\u30d6\u3092\u8ffd\u52a0\u3059\u308b\u3002\u66f4\u65b0\u3055\u308c\u308b\u304b\u306f\u81ea\u52d5\u3067\u6c7a\u5b9a\u3055\u308c\u3001\u66f4\u65b0\u3055\u308c\u305f\u5834\u5408\u306e\u307f&#8211;deploy-hook\u30aa\u30d7\u30b7\u30e7\u30f3\u3067\u6307\u5b9a\u3055\u308c\u305f\u30b3\u30de\u30f3\u30c9\u304c\u5b9f\u884c\u3055\u308c\u308b\u3002<\/p>\n<pre class=\"brush: plain; title: # crontab -e; notranslate\" title=\"# crontab -e\">\r\n0 4 * * * certbot renew --deploy-hook &quot;systemctl reload postfix&quot;\r\n<\/pre>\n<p>Postfix\u306emain.cf\u3092\u7de8\u96c6\u3057\u3066\u8a3c\u660e\u66f8\u306e\u8a2d\u5b9a\u3092\u3059\u308b\u3002<br \/>\n\u203b\u5909\u66f4\u7b87\u6240\u306e\u307f\u8a18\u8f09<\/p>\n<pre class=\"brush: plain; title: \/etc\/postfix\/main.cf; notranslate\" title=\"\/etc\/postfix\/main.cf\">\r\n# Certificate settings.\r\nsmtpd_tls_cert_file = \/etc\/letsencrypt\/live\/test.example.com\/fullchain.pem\r\nsmtpd_tls_key_file = \/etc\/letsencrypt\/live\/test.example.com\/privkey.pem\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>AlmaLinux release 8.5 (Arctic Sphynx) certbot 1.22.0 apache 2.4.37 postfix 3.5.8 Let&#8217;sEncrypt\u306e\u8a3c\u660e\u66f8\u3092\u767a\u884c\u3059\u308b\u305f\u3081 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[31],"tags":[],"class_list":["post-2097","post","type-post","status-publish","format-standard","hentry","category-almalinux"],"views":723,"_links":{"self":[{"href":"https:\/\/weblog.hirohiro716.com\/index.php?rest_route=\/wp\/v2\/posts\/2097","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/weblog.hirohiro716.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/weblog.hirohiro716.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/weblog.hirohiro716.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/weblog.hirohiro716.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2097"}],"version-history":[{"count":9,"href":"https:\/\/weblog.hirohiro716.com\/index.php?rest_route=\/wp\/v2\/posts\/2097\/revisions"}],"predecessor-version":[{"id":2159,"href":"https:\/\/weblog.hirohiro716.com\/index.php?rest_route=\/wp\/v2\/posts\/2097\/revisions\/2159"}],"wp:attachment":[{"href":"https:\/\/weblog.hirohiro716.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2097"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/weblog.hirohiro716.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2097"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/weblog.hirohiro716.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2097"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}