CentOS\uff1a7.3
\nApache\uff1a2.4.6
\nmod_ssl\uff1a2.4.6
\nopenssl\uff1a1.0.1e
\nSSL\/TLS\u8a3c\u660e\u66f8\u306e\u8a8d\u8a3c\u5c40\uff1aLet’s Encrypt ( CertBot )<\/p>\n
\u5168\u3066yum\u3092\u4f7f\u3063\u3066\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u305f\u3002<\/p>\n
<\/p>\n
<\/p>\n
\r\n# httpd\u3068mod_ssl\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\r\n$ sudo yum install httpd mod_ssl\r\n# \u6b21\u306bhttpd.conf\u3084\u3001ssl.conf\u3001conf.modules.d\u306e\u4e2d\u8eab\u7b49\u3092\u8a2d\u5b9a\u3059\u308b\u3002\r\n# 80\u756a\u30dd\u30fc\u30c8\u3067\u30a2\u30af\u30bb\u30b9\u3067\u304d\u308b\u3053\u3068\u306f\u78ba\u8a8d\u3057\u305f\u3002\r\n<\/pre>\n<\/p>\n
CertBot\u3092yum\u3067\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/h2>\n
<\/p>\n
\r\n# yum-config-manager\u3092\u4f7f\u3046\u305f\u3081\u306b\u3001yum-utils\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3002\r\n$ sudo yum install yum-utils\r\n# \u30ea\u30dd\u30b8\u30c8\u30ea\u3092\u8ffd\u52a0\u3002\r\n$ sudo yum-config-manager --enable rhui-REGION-rhel-extras rhui-REGION-rhel-server-optional\r\n\r\n# \u4e0a\u306e\u3084\u308a\u65b9\u304c\u3067\u304d\u306a\u304b\u3063\u305f\u306e\u3067\u8ffd\u8a18\uff082018\u5e743\u67083\u65e5\uff09\r\n# EPEL\u304b\u3089\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3059\u308b\u3088\u3046\u306b\u3059\u308c\u3070\u826f\u3044\u3002\r\n$ sudo yum -y install epel-release\r\n# CertBot\u3092yum\u3067\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3002\r\n$ sudo yum install certbot-apache\r\n# httpd\u3092\u8d77\u52d5\u3002\r\n$ sudo systemctl start httpd\r\n# CertBot\u5b9f\u884c\u3002\uff08httpd\u3092\u8d77\u52d5\u3057\u3066\u3044\u306a\u3044\u3068\u30a8\u30e9\u30fc\u306b\u306a\u308b\uff09\r\n$ sudo certbot --apache\r\n<\/pre>\nhttpd\u3092\u8d77\u52d5\u3057\u3066\u3044\u306a\u3044\u3068\u3053\u3093\u306a\u30a8\u30e9\u30fc\u304c\u51fa\u305f<\/span>
\n[user@srv ~]$ sudo certbot –apache
\nSaving debug log to \/var\/log\/letsencrypt\/letsencrypt.log
\nEnter email address (used for urgent renewal and security notices) (Enter ‘c’ to
\ncancel):E\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9
\nStarting new HTTPS connection (1): acme-v01.api.letsencrypt.org<\/p>\n——————————————————————————-
\nPlease read the Terms of Service at
\nhttps:\/\/letsencrypt.org\/documents\/LE-SA-v1.1.1-August-1-2016.pdf. You must agree
\nin order to register with the ACME server at
\nhttps:\/\/acme-v01.api.letsencrypt.org\/directory
\n——————————————————————————-
\n(A)gree\/(C)ancel: A<\/p>\n——————————————————————————-
\nWould you be willing to share your email address with the Electronic Frontier
\nFoundation, a founding partner of the Let’s Encrypt project and the non-profit
\norganization that develops Certbot? We’d like to send you email about EFF and
\nour work to encrypt the web, protect its users and defend digital rights.
\n——————————————————————————-
\n(Y)es\/(N)o: N<\/p>\nWhich names would you like to activate HTTPS for?
\n——————————————————————————-
\n1: \u30b5\u30a4\u30c8\u306e\u30c9\u30e1\u30a4\u30f3\u540d.info
\n——————————————————————————-
\nSelect the appropriate numbers separated by commas and\/or spaces, or leave input
\nblank to select all options shown (Enter ‘c’ to cancel):1
\nObtaining a new certificate
\nPerforming the following challenges:
\ntls-sni-01 challenge for \u30b5\u30a4\u30c8\u306e\u30c9\u30e1\u30a4\u30f3\u540d.info
\nError while running apachectl graceful.<\/p>\nJob for httpd.service invalid.<\/p>\n
Cleaning up challenges
\nError while running apachectl graceful.<\/p>\nJob for httpd.service invalid.<\/p>\n
Encountered exception during recovery
\nError while running apachectl graceful.<\/p>\nJob for httpd.service invalid.
\nTraceback (most recent call last):
\nFile “\/usr\/lib\/python2.7\/site-packages\/certbot\/error_handler.py”, line 99, in _call_registered
\nself.funcs[-1]()
\nFile “\/usr\/lib\/python2.7\/site-packages\/certbot\/auth_handler.py”, line 284, in _cleanup_challenges
\nself.auth.cleanup(achalls)
\nFile “\/usr\/lib\/python2.7\/site-packages\/certbot_apache\/configurator.py”, line 1908, in cleanup
\nself.restart()
\nFile “\/usr\/lib\/python2.7\/site-packages\/certbot_apache\/configurator.py”, line 1797, in restart
\nself._reload()
\nFile “\/usr\/lib\/python2.7\/site-packages\/certbot_apache\/configurator.py”, line 1808, in _reload
\nraise errors.MisconfigurationError(str(err))
\nMisconfigurationError: Error while running apachectl graceful.<\/p>\nJob for httpd.service invalid.<\/p>\n
Error while running apachectl graceful.<\/p>\n
Job for httpd.service invalid.<\/p>\n
IMPORTANT NOTES:
\n– Your account credentials have been saved in your Certbot
\nconfiguration directory at \/etc\/letsencrypt. You should make a
\nsecure backup of this folder now. This configuration directory will
\nalso contain certificates and private keys obtained by Certbot so
\nmaking regular backups of this folder is ideal.<\/p><\/blockquote>\nhttpd\u8d77\u52d5\u5f8c<\/span>
\n[user@srv]$ sudo certbot –apache
\nSaving debug log to \/var\/log\/letsencrypt\/letsencrypt.log
\nStarting new HTTPS connection (1): acme-v01.api.letsencrypt.org<\/p>\nWhich names would you like to activate HTTPS for?
\n——————————————————————————-
\n1: \u30b5\u30a4\u30c8\u306e\u30c9\u30e1\u30a4\u30f3\u540d.info
\n——————————————————————————-
\nSelect the appropriate numbers separated by commas and\/or spaces, or leave input
\nblank to select all options shown (Enter ‘c’ to cancel):1
\nObtaining a new certificate
\nPerforming the following challenges:
\ntls-sni-01 challenge for \u30b5\u30a4\u30c8\u306e\u30c9\u30e1\u30a4\u30f3\u540d.info
\nWaiting for verification…
\nCleaning up challenges
\nDeploying Certificate for \u30b5\u30a4\u30c8\u306e\u30c9\u30e1\u30a4\u30f3\u540d.info to VirtualHost \/etc\/httpd\/conf.d\/ssl.conf<\/p>\nPlease choose whether HTTPS access is required or optional.
\n——————————————————————————-
\n1: Easy – Allow both HTTP and HTTPS access to these sites
\n2: Secure – Make all requests redirect to secure HTTPS access
\n——————————————————————————-
\nSelect the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 1<\/p>\n——————————————————————————-
\nCongratulations! You have successfully enabled https:\/\/\u30b5\u30a4\u30c8\u306e\u30c9\u30e1\u30a4\u30f3\u540d.info<\/p>\nYou should test your configuration at:
\nhttps:\/\/www.ssllabs.com\/ssltest\/analyze.html?d=\u30b5\u30a4\u30c8\u306e\u30c9\u30e1\u30a4\u30f3\u540d.info
\n——————————————————————————-<\/p>\nIMPORTANT NOTES:
\n– Congratulations! Your certificate and chain have been saved at
\n\/etc\/letsencrypt\/live\/\u30b5\u30a4\u30c8\u306e\u30c9\u30e1\u30a4\u30f3\u540d.info\/fullchain.pem. Your
\ncert will expire on 2017-09-26. To obtain a new or tweaked version
\nof this certificate in the future, simply run certbot again with
\nthe “certonly” option. To non-interactively renew *all* of your
\ncertificates, run “certbot renew”
\n– If you like Certbot, please consider supporting our work by:<\/p>\nDonating to ISRG \/ Let’s Encrypt: https:\/\/letsencrypt.org\/donate
\nDonating to EFF: https:\/\/eff.org\/donate-le<\/p><\/blockquote>\n\u305d\u308c\u304b\u3089https:\/\/\u30b5\u30a4\u30c8\u306e\u30c9\u30e1\u30a4\u30f3\u540d\u306b\u30a2\u30af\u30bb\u30b9\u3067\u304d\u308b\u3053\u3068\u3092\u78ba\u8a8d\u3057\u305f\u3002
\nhttps:\/\/www.ssllabs.com\/ssltest\/analyze.html<\/a>\u3053\u306e\u30b5\u30a4\u30c8\u3067\u3001
\n\u8a55\u4fa1\u3092\u4e0a\u3052\u308b\u305f\u3081\u306bssl.conf\u3092\u8a2d\u5b9a\u3059\u308b\u3002
\n\u4f55\u3082\u8a2d\u5b9a\u3057\u3066\u3044\u306a\u3044\u72b6\u614b\u3067\u306f\u3001Overall Rating\u306fB\u3060\u3063\u305f\u3002
\nVirtualHost\u3092\u8a2d\u5b9a\u3057\u3066\u3044\u308b\u306e\u3067\u3001
\n\u305d\u306e\u30c7\u30a3\u30ec\u30af\u30c6\u30a3\u30d6\u5185\u306b<\/p>\nInclude \/etc\/letsencrypt\/options-ssl-apache.conf<\/pre>\n\u3092\u8ffd\u52a0\u3057\u305f\u3089\u3001Overall Rating\u306fA\u306b\u306a\u3063\u305f\u3002
\nGrade\u306fA\u304c80\u70b9\u4ee5\u4e0a\u3089\u3057\u3044\u306e\u3067\u3001\u3053\u308c\u3067\u826f\u3057\u3068\u3059\u308b\u3002<\/p>\n<\/p>\n
CertBot\u3067TLS\u8a3c\u660e\u66f8\u3092\u66f4\u65b0\u3059\u308b\u3088\u3046\u306b\u8a2d\u5b9a<\/h2>\n