dnf install で
- certbot
- python3-certbot-nginx
で大丈夫なようです。
nginx に 80だけ設定して nginxが時効されている必要がある.
これは手動
# certbot certonly --nginx --no-bootstrap Saving debug log to /var/log/letsencrypt/letsencrypt.log Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): @gmail.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service atYou must agree in order to register with the ACME server. Do you agree? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing, once your first certificate is successfully issued, to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y Account registered. Which names would you like to activate HTTPS for? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: lobin.grtlab.com 2: www.lobin.grtlab.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter 'c' to cancel): 1
1度、sslを外してnginxを起動しておく、ドメインのネームも設定必要
certbotがドメインを確認するので
# certbot certonly --nginx --no-bootstrap Saving debug log to /var/log/letsencrypt/letsencrypt.log Which names would you like to activate HTTPS for? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: lobin.grtlab.com 2: www.lobin.grtlab.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter 'c' to cancel): 1 Requesting a certificate for lobin.grtlab.com Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/lobin.grtlab.com/fullchain.pem Key is saved at: /etc/letsencrypt/live/lobin.grtlab.com/privkey.pem This certificate expires on 2022-11-30. These files will be updated when the certificate renews. Certbot has set up a scheduled task to automatically renew this certificate in the background. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - If you like Certbot, please consider supporting our work by: * Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate * Donating to EFF: https://eff.org/donate-le - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
certificate / key ファイルが生成されました。
ssl ファイルを有効にして
listen 443 ssl; server_name lobin.grtlab.com; ssl_certificate /etc/letsencrypt/live/lobin.grtlab.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/lobin.grtlab.com/privkey.pem;
$ sudo systemctl restart nginx で
自動更新設定
crontabに
5 8 * * 1 (/usr/bin/certbot renew --no-random-sleep-on-renew >> /tmp/certbot.log 2>&1)
週一で更新しておく(60日経過すると更新される
それ以前は
# /usr/bin/certbot renew --no-random-sleep-on-renew Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/.grtlab.com.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Certificate not yet due for renewal - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The following certificates are not due for renewal yet: /etc/letsencrypt/live/.grtlab.com/fullchain.pem expires on 2022-11-30 (skipped) No renewals were attempted. - - - - - - - - - - - - - - -
という感じで、まだ更新しないよと
Cent OS 6 で SSL – 以前の記事
Let's Encrypt 無料SSLを試す!certbotで簡単設定
sslを更新しようかと考えていてユーザーデータや課金データを扱うサイトではないので無料のSSLを試してみようかと Lets Encrypt を利用してみることにしました。SSLの種類?無料で大丈夫?SSLの認証の種類には...
grtlab.com
2019.09.15
コメント