AWS EC2(Apache/2.4.16)へLet’s Encryptを導入したさいのメモです。
(1) セキュリティグループでHTTPSを許可
(2) Let’s Encryptの設定
(1) AWSのセキュリティーグループ変更
(1) Apacheのmod_sslをインストール
$ yum -y install mod24_ssl
mod_sslではApacheの起動時にエラーが発生したので下記記事を参考にmod24_sslをインストールしました。
Apache に mod_ssl をインストールしてエラーになったことにやったこと メモ – Solr, Python, MacBook Air in Shinagawa Seaside
$ git clone https://github.com/letsencrypt/letsencrypt
$ cd /path/to/letsencrypt
$ ./letsencrypt-auto —help
WARNING: Amazon Linux support is very experimental at present…
if you would like to work on improving it, please ensure you have backups
and then run this script again with the —debug flag!
Amazon Linuxは下記メッセージが表示されたので指示どおり–debugオプションをつけて実行しました。
$ ./letsencrypt-auto —help —debug
$ cd /path/to/letsencrypt
$ ./letsencrypt-auto certainly —webroot \
-w /var/www/html -d example.com -d www.example.com \
-m info@example.com \
--agree-tos
IMPORTANT NOTES:
– If you lose your account credentials, you can recover through
e-mails sent to info@example.com
– Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/example.com/fullchain.pem. Your cert will
expire on 2016-05-20. To obtain a new version of the certificate in
the future, simply run Let’s Encrypt again.
– Your account credentials have been saved in your Let’s Encrypt
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Let’s
Encrypt so making regular backups of this folder is ideal.
– If you like Let’s Encrypt, please consider supporting our work by:Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
下記記事を参考に設定しました。
Let’s Encrypt サーバー証明書の取得と自動更新設定メモ | あぱーブログ
$ sudo vi /etc/httpd/conf/httpd.conf
<VirtualHost *:443>
ServerName example.com
DocumentRoot "/var/www/html"
SSLEngine on
SSLHonorCipherOrder on
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains"
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
<Directory “/var/www/html”>
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
SetEnvIf Request_URI "\.(gif|jpg|png|css|js)$" nolog
ErrorLog logs/error_log
CustomLog logs/access_log combined env=!nolog
</VirtualHost>
$ sudo service http restart
下記記事を参考に設定しました。
Let’s Encrypt サーバー証明書の取得と自動更新設定メモ | あぱーブログ
00 05 01 * * /path/to/letsencrypt/letsencrypt-auto renew --force-renew && service httpd restart
No comments yet.
改行と段落タグは自動で挿入されます。
メールアドレスは表示されません。