前回SSL/TLS接続のサイトを作った。
そのサーバ上で別のドメイン名を使って、SSL/TLS接続できるようにしたので、
その時のログ。
$ sudo certbot -d ドメイン名 --apache
とやると、こんなエラーを出された。
Cannot find a cert or key directive in /files/etc/httpd/conf.d/ssl.conf/VirtualHost[3]. VirtualHost was not modified
なので、ssl.confにこれから設定するドメイン名のVirtualHostの設定をする。
【設定例】
<VirtualHost IPアドレス:443>
ServerName ドメイン名
DocumentRoot "/var/www/ドメイン名/"
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/ドメイン名/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/ドメイン名/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/ドメイン名/chain.pem
</VirtualHost>
設定が終わったら、次のコマンドを打つ。
$ sudo systemctl restart httpd $ sudo certbot -d ドメイン名 --apache
そしたらこんな感じで表示される。
Saving debug log to /var/log/letsencrypt/letsencrypt.log Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org Cert not yet due for renewal You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry. (ref: /etc/letsencrypt/renewal/ドメイン名.conf) What would you like to do? ------------------------------------------------------------------------------- 1: Attempt to reinstall this existing certificate 2: Renew & replace the cert (limit ~5 per 7 days) ------------------------------------------------------------------------------- Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1 Keeping the existing certificate Deploying Certificate for ドメイン名 to VirtualHost /etc/httpd/conf.d/ssl.conf Please choose whether HTTPS access is required or optional. ------------------------------------------------------------------------------- 1: Easy - Allow both HTTP and HTTPS access to these sites 2: Secure - Make all requests redirect to secure HTTPS access ------------------------------------------------------------------------------- Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1 ------------------------------------------------------------------------------- Congratulations! You have successfully enabled https://ドメイン名 You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=ドメイン名 ------------------------------------------------------------------------------- IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/ドメイン名/fullchain.pem. Your cert will expire on 2017-10-12. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
こんな感じで終わって、
https://www.ssllabs.com/ssltest/analyze.html
でテストしたら、Overall RatingがBだったので、
VirtualHostディレクティブ内に、
Include /etc/letsencrypt/options-ssl-apache.conf
の1行を加えた。
それからhttpdを再起動したら、
Overall RatingはAになった。