SSL/TLSでVirtualHost。

前回SSL/TLS接続のサイトを作った。
そのサーバ上で別のドメイン名を使って、SSL/TLS接続できるようにしたので、
その時のログ。

$ sudo certbot -d ドメイン名 --apache

とやると、こんなエラーを出された。

Cannot find a cert or key directive in /files/etc/httpd/conf.d/ssl.conf/VirtualHost[3]. VirtualHost was not modified

なので、ssl.confにこれから設定するドメイン名のVirtualHostの設定をする。
【設定例】

<VirtualHost IPアドレス:443>                                                                       
    ServerName ドメイン名
    DocumentRoot "/var/www/ドメイン名/"                                                       
                                                                                                       
    SSLEngine on                                                                                       
    SSLCertificateFile /etc/letsencrypt/live/ドメイン名/cert.pem                              
    SSLCertificateKeyFile /etc/letsencrypt/live/ドメイン名/privkey.pem                        
    SSLCertificateChainFile /etc/letsencrypt/live/ドメイン名/chain.pem                        
</VirtualHost>

設定が終わったら、次のコマンドを打つ。

$ sudo systemctl restart httpd
$ sudo certbot -d ドメイン名 --apache

そしたらこんな感じで表示される。

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/ドメイン名.conf)

What would you like to do?
-------------------------------------------------------------------------------
1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Keeping the existing certificate
Deploying Certificate for ドメイン名 to VirtualHost /etc/httpd/conf.d/ssl.conf

Please choose whether HTTPS access is required or optional.
-------------------------------------------------------------------------------
1: Easy - Allow both HTTP and HTTPS access to these sites
2: Secure - Make all requests redirect to secure HTTPS access
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1

-------------------------------------------------------------------------------
Congratulations! You have successfully enabled https://ドメイン名

You should test your configuration at:

SSL Server Test (Powered by Qualys SSL Labs)
A comprehensive free SSL test for your public web servers.
www.ssllabs.comドメイン名
-------------------------------------------------------------------------------

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/ドメイン名/fullchain.pem. Your cert
   will expire on 2017-10-12. To obtain a new or tweaked version of
   this certificate in the future, simply run certbot again with the
   "certonly" option. To non-interactively renew *all* of your
   certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

こんな感じで終わって、
https://www.ssllabs.com/ssltest/analyze.html
でテストしたら、Overall RatingがBだったので、
VirtualHostディレクティブ内に、

Include /etc/letsencrypt/options-ssl-apache.conf

の1行を加えた。
それからhttpdを再起動したら、
Overall RatingはAになった。