Cent OS Stream9 で Let’s Encrypt 無料SSLを試す!certbotで簡単設定

Cent OS Stream

dnf install で

  • certbot
  • python3-certbot-nginx

で大丈夫なようです。

nginx に 80だけ設定して nginxが時効されている必要がある.

これは手動

# certbot certonly --nginx --no-bootstrap
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel): @gmail.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017-w-v1.3-notice.pdf.
You must agree in order to register with the ACME server. Do you agree? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing, once your first certificate is successfully issued, to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y Account registered. Which names would you like to activate HTTPS for? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: lobin.grtlab.com 2: www.lobin.grtlab.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter 'c' to cancel): 1

1度、sslを外してnginxを起動しておく、ドメインのネームも設定必要
certbotがドメインを確認するので

# certbot certonly --nginx --no-bootstrap
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: lobin.grtlab.com
2: www.lobin.grtlab.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Requesting a certificate for lobin.grtlab.com

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/lobin.grtlab.com/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/lobin.grtlab.com/privkey.pem
This certificate expires on 2022-11-30.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

certificate / key ファイルが生成されました。

ssl ファイルを有効にして

  listen       443 ssl;

  server_name  lobin.grtlab.com;
  ssl_certificate     /etc/letsencrypt/live/lobin.grtlab.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/lobin.grtlab.com/privkey.pem;

$ sudo systemctl restart nginx で

自動更新設定

crontabに

5 8 * * 1 (/usr/bin/certbot renew --no-random-sleep-on-renew >> /tmp/certbot.log 2>&1)

週一で更新しておく(60日経過すると更新される
それ以前は

# /usr/bin/certbot renew --no-random-sleep-on-renew 
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/.grtlab.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Certificate not yet due for renewal

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The following certificates are not due for renewal yet:
  /etc/letsencrypt/live/.grtlab.com/fullchain.pem expires on 2022-11-30 (skipped)
No renewals were attempted.
- - - - - - - - - - - - - - -

という感じで、まだ更新しないよと

Cent OS 6 で SSL – 以前の記事

Let's Encrypt 無料SSLを試す!certbotで簡単設定
sslを更新しようかと考えていてユーザーデータや課金データを扱うサイトではないので無料のSSLを試してみようかと Lets Encrypt を利用してみることにしました。SSLの種類?無料で大丈夫?SSLの認証の種類には...

コメント

タイトルとURLをコピーしました