無料でSSL/TLC証明書を取得する さくらVPS編





$ sudo yum install epel-release
Loaded plugins: fastestmirror, priorities, security
Setting up Install Process
Loading mirror speeds from cached hostfile
epel/metalink                                            | 5.2 kB     00:00
 * base:
 * epel:
 * extras:
 * remi-safe:
 * updates:
base                                                     | 3.7 kB     00:00
epel                                                     | 4.3 kB     00:00
epel/primary_db                                          | 5.8 MB     00:00
extras                                                   | 3.4 kB     00:00
mysql-connectors-community                               | 2.5 kB     00:00
mysql-tools-community                                    | 2.5 kB     00:00
mysql56-community                                        | 2.5 kB     00:00
remi-safe                                                | 2.9 kB     00:00
remi-safe/primary_db                                     | 368 kB     00:00
typesafe                                                 | 1.9 kB     00:00
updates                                                  | 3.4 kB     00:00
Package epel-release-6-8.noarch already installed and latest version
Nothing to do



Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

$ wget
$ chmod a+x certbot-auto



$ ./certbot-auto
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/ Your cert will
   expire on 2016-09-30. To obtain a new or tweaked version of this
   certificate in the future, simply run certbot-auto again with the
   "certonly" option. To non-interactively renew *all* of your
   certificates, run "certbot-auto renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:
   Donating to EFF:          



# cd /etc/letsencrypt/live/
# ls
cert.pem  chain.pem  fullchain.pem  privkey.pem



DocumentRoot以下にファイルを置いてそれを叩いてもらう仕様。DocumentRootにルーティングを変更するアプリが存在すると到達できないのでとても大変になる。今回はそのようなアプリが存在しない前提とする。AWS/ElasticBeanstalk編では Laravel5アプリをデプロイした環境で、同様のことを行っている。


Let's Encrypt certificates last for 90 days, so it's highly advisable to renew them automatically! You can test automatic renewal for your certificates by running this command:

$ ./certbot-auto renew --dry-run
Requesting root privileges to run certbot...
  /home/ikuty/.local/share/letsencrypt/bin/letsencrypt renew --dry-run

Processing /etc/letsencrypt/renewal/
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates below have not been saved.)

Congratulations, all renewals succeeded. The following certs have been renewed:
  /etc/letsencrypt/live/ (success)
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates above have not been saved.)

 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.


成功することを確認したら、--quietオプションを付けて cronジョブにせよ、とのこと。

If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:


Note: if you're setting up a cron or systemd job, we recommend running it twice per day (it won't do anything until your certificates are due for renewal or revoked, but running it regularly would give your site a chance of staying online in case a Let's Encrypt-initiated revocation happened for some reason). Please select a random minute within the hour for your renewal tasks.


Copyright© , 2018 AllRights Reserved Powered by AFFINGER4.