{"id":366,"date":"2017-07-14T16:35:14","date_gmt":"2017-07-14T07:35:14","guid":{"rendered":"http:\/\/shinke1987.net\/?p=366"},"modified":"2017-07-14T16:35:14","modified_gmt":"2017-07-14T07:35:14","slug":"post-366","status":"publish","type":"post","link":"https:\/\/shinke1987.net\/?p=366","title":{"rendered":"SSL\/TLS\u3067VirtualHost\u3002"},"content":{"rendered":"

\u524d\u56deSSL\/TLS\u63a5\u7d9a\u306e\u30b5\u30a4\u30c8\u3092\u4f5c\u3063\u305f\u3002<\/a>
\n\u305d\u306e\u30b5\u30fc\u30d0\u4e0a\u3067\u5225\u306e\u30c9\u30e1\u30a4\u30f3\u540d\u3092\u4f7f\u3063\u3066\u3001SSL\/TLS\u63a5\u7d9a\u3067\u304d\u308b\u3088\u3046\u306b\u3057\u305f\u306e\u3067\u3001
\n\u305d\u306e\u6642\u306e\u30ed\u30b0\u3002<\/p>\n

$ sudo certbot -d \u30c9\u30e1\u30a4\u30f3\u540d --apache<\/pre>\n
\u3068\u3084\u308b\u3068\u3001\u3053\u3093\u306a\u30a8\u30e9\u30fc\u3092\u51fa\u3055\u308c\u305f\u3002<\/p>\n
\r\nCannot find a cert or key directive in \/files\/etc\/httpd\/conf.d\/ssl.conf\/VirtualHost[3]. VirtualHost was not modified\r\n<\/pre>\n
\u306a\u306e\u3067\u3001ssl.conf\u306b\u3053\u308c\u304b\u3089\u8a2d\u5b9a\u3059\u308b\u30c9\u30e1\u30a4\u30f3\u540d\u306eVirtualHost\u306e\u8a2d\u5b9a\u3092\u3059\u308b\u3002
\n\u3010\u8a2d\u5b9a\u4f8b\u3011<\/p>\n
\r\n<VirtualHost IP\u30a2\u30c9\u30ec\u30b9:443>                                                                       \r\n    ServerName \u30c9\u30e1\u30a4\u30f3\u540d\r\n    DocumentRoot "\/var\/www\/\u30c9\u30e1\u30a4\u30f3\u540d\/"                                                       \r\n                                                                                                       \r\n    SSLEngine on                                                                                       \r\n    SSLCertificateFile \/etc\/letsencrypt\/live\/\u30c9\u30e1\u30a4\u30f3\u540d\/cert.pem                              \r\n    SSLCertificateKeyFile \/etc\/letsencrypt\/live\/\u30c9\u30e1\u30a4\u30f3\u540d\/privkey.pem                        \r\n    SSLCertificateChainFile \/etc\/letsencrypt\/live\/\u30c9\u30e1\u30a4\u30f3\u540d\/chain.pem                        \r\n<\/VirtualHost>\r\n<\/pre>\n
\u8a2d\u5b9a\u304c\u7d42\u308f\u3063\u305f\u3089\u3001\u6b21\u306e\u30b3\u30de\u30f3\u30c9\u3092\u6253\u3064\u3002<\/p>\n
\r\n$ sudo systemctl restart httpd\r\n$ sudo certbot -d \u30c9\u30e1\u30a4\u30f3\u540d --apache\r\n<\/pre>\n
\u305d\u3057\u305f\u3089\u3053\u3093\u306a\u611f\u3058\u3067\u8868\u793a\u3055\u308c\u308b\u3002<\/p>\n
\r\nSaving debug log to \/var\/log\/letsencrypt\/letsencrypt.log\r\nStarting new HTTPS connection (1): acme-v01.api.letsencrypt.org\r\nCert not yet due for renewal\r\n\r\nYou have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.\r\n(ref: \/etc\/letsencrypt\/renewal\/\u30c9\u30e1\u30a4\u30f3\u540d.conf)\r\n\r\nWhat would you like to do?\r\n-------------------------------------------------------------------------------\r\n1: Attempt to reinstall this existing certificate\r\n2: Renew & replace the cert (limit ~5 per 7 days)\r\n-------------------------------------------------------------------------------\r\nSelect the appropriate number [1-2] then [enter] (press 'c' to cancel): 1\r\nKeeping the existing certificate\r\nDeploying Certificate for \u30c9\u30e1\u30a4\u30f3\u540d to VirtualHost \/etc\/httpd\/conf.d\/ssl.conf\r\n\r\nPlease choose whether HTTPS access is required or optional.\r\n-------------------------------------------------------------------------------\r\n1: Easy - Allow both HTTP and HTTPS access to these sites\r\n2: Secure - Make all requests redirect to secure HTTPS access\r\n-------------------------------------------------------------------------------\r\nSelect the appropriate number [1-2] then [enter] (press 'c' to cancel): 1\r\n\r\n-------------------------------------------------------------------------------\r\nCongratulations! You have successfully enabled https:\/\/\u30c9\u30e1\u30a4\u30f3\u540d\r\n\r\nYou should test your configuration at:\r\nhttps:\/\/www.ssllabs.com\/ssltest\/analyze.html?d=\u30c9\u30e1\u30a4\u30f3\u540d\r\n-------------------------------------------------------------------------------\r\n\r\nIMPORTANT NOTES:\r\n - Congratulations! Your certificate and chain have been saved at\r\n   \/etc\/letsencrypt\/live\/\u30c9\u30e1\u30a4\u30f3\u540d\/fullchain.pem. Your cert\r\n   will expire on 2017-10-12. To obtain a new or tweaked version of\r\n   this certificate in the future, simply run certbot again with the\r\n   "certonly" option. To non-interactively renew *all* of your\r\n   certificates, run "certbot renew"\r\n - If you like Certbot, please consider supporting our work by:\r\n\r\n   Donating to ISRG \/ Let's Encrypt:   https:\/\/letsencrypt.org\/donate\r\n   Donating to EFF:                    https:\/\/eff.org\/donate-le\r\n<\/pre>\n
\u3053\u3093\u306a\u611f\u3058\u3067\u7d42\u308f\u3063\u3066\u3001
\n https:\/\/www.ssllabs.com\/ssltest\/analyze.html<\/a>
\n\u3067\u30c6\u30b9\u30c8\u3057\u305f\u3089\u3001Overall Rating\u304cB\u3060\u3063\u305f\u306e\u3067\u3001
\nVirtualHost\u30c7\u30a3\u30ec\u30af\u30c6\u30a3\u30d6\u5185\u306b\u3001<\/p>\n
Include \/etc\/letsencrypt\/options-ssl-apache.conf<\/pre>\n
\u306e1\u884c\u3092\u52a0\u3048\u305f\u3002
\n\u305d\u308c\u304b\u3089httpd\u3092\u518d\u8d77\u52d5\u3057\u305f\u3089\u3001
\nOverall Rating\u306fA\u306b\u306a\u3063\u305f\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"
\u524d\u56deSSL\/TLS\u63a5\u7d9a\u306e\u30b5\u30a4\u30c8\u3092\u4f5c\u3063\u305f\u3002 \u305d\u306e\u30b5\u30fc\u30d0\u4e0a\u3067\u5225\u306e\u30c9\u30e1\u30a4\u30f3\u540d\u3092\u4f7f\u3063\u3066\u3001SSL\/TLS\u63a5\u7d9a\u3067\u304d\u308b\u3088\u3046\u306b\u3057\u305f\u306e\u3067\u3001 \u305d\u306e\u6642\u306e\u30ed\u30b0\u3002 $ sudo certbot -d \u30c9\u30e1\u30a4\u30f3\u540d –apache \u3068\u3084\u308b\u3068\u3001\u3053\u3093\u306a […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[31],"tags":[32,34,48],"class_list":["post-366","post","type-post","status-publish","format-standard","hentry","category-apache","tag-apache","tag-centos","tag-ssltls"],"_links":{"self":[{"href":"https:\/\/shinke1987.net\/index.php?rest_route=\/wp\/v2\/posts\/366","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/shinke1987.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/shinke1987.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/shinke1987.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/shinke1987.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=366"}],"version-history":[{"count":1,"href":"https:\/\/shinke1987.net\/index.php?rest_route=\/wp\/v2\/posts\/366\/revisions"}],"predecessor-version":[{"id":367,"href":"https:\/\/shinke1987.net\/index.php?rest_route=\/wp\/v2\/posts\/366\/revisions\/367"}],"wp:attachment":[{"href":"https:\/\/shinke1987.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=366"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/shinke1987.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=366"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/shinke1987.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=366"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}