{"id":890,"date":"2016-02-05T00:53:28","date_gmt":"2016-02-05T08:53:28","guid":{"rendered":"http:\/\/h2plus.biz\/hiromitsu\/?p=890"},"modified":"2018-08-06T23:24:20","modified_gmt":"2018-08-07T06:24:20","slug":"lets-encrypt%e3%81%a7%e7%84%a1%e6%96%99%e3%82%b5%e3%83%bc%e3%83%90%e3%83%bc%e8%a8%bc%e6%98%8e%e6%9b%b8%e3%82%92%e3%82%a4%e3%83%b3%e3%82%b9%e3%83%88%e3%83%bc%e3%83%ab%e3%81%97%e3%81%a6%e3%81%bf","status":"publish","type":"post","link":"https:\/\/h2plus.biz\/hiromitsu\/entry\/890","title":{"rendered":"Let’s Encrypt\u3067\u7121\u6599SSL\u8a3c\u660e\u66f8\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u3066\u307f\u305f"},"content":{"rendered":"

\u53bb\u5e74\u306e12\u6708\u306bLet’s Encrypt\u304c\u30d1\u30d6\u30ea\u30c3\u30af\u30d9\u30fc\u30bf\u7248\u306b\u79fb\u884c\u3057\u305f<\/a>\u3068\u3044\u3046\u306e\u304c\u30cb\u30e5\u30fc\u30b9\u306b\u306a\u3063\u305f\u3068\u304d\u3001\u7ba1\u7406\u3057\u3066\u3044\u308b\u30b5\u30a4\u30c8\u306e1\u3064\uff08stingrays.tokyo<\/a>\uff09\u3092\u4f7f\u3063\u3066\u8a66\u3057\u3066\u307f\u3088\u3046\u304b\u306a\u3041\u3068\u601d\u3063\u305f\u3082\u306e\u306e\u3001\u3044\u308d\u3044\u308d\u5fd9\u3057\u304b\u3063\u305f\u306e\u3082\u3042\u308a\u65e92\u30f6\u6708\u304c\u7d4c\u3063\u3066\u3057\u307e\u3063\u305f\u304c\u3001Facebook\u306eTL\u3067\u3061\u3087\u3046\u3069\u74b0\u5883\u304c\u4e00\u81f4\u3059\u308b\u30c1\u30e5\u30fc\u30c8\u30ea\u30a2\u30eb\u306e\u30d6\u30ed\u30b0\u30dd\u30b9\u30c8<\/a>\u3092\u898b\u3064\u3051\u305f\u306e\u3067\u3001\u672c\u5bb6\u306e\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8<\/a>\u3092\u8aad\u307f\u3064\u3064\u624b\u3092\u52d5\u304b\u3057\u3066\u307f\u305f\u3002<\/p>\n

\u7d50\u8ad6\u3092\u5148\u306b\u8a00\u3046\u3068\u3001\u3061\u3087\u3063\u3068\u3064\u307e\u3065\u3044\u305f\u3051\u3069\u7c21\u5358\u306b\u3067\u304d\u305f\u3002<\/p>\n


\n\u307e\u305a\u3001\u30b5\u30fc\u30d0\u30fc\u74b0\u5883\u306b\u95a2\u3057\u3066\u524d\u63d0\u6761\u4ef6\u304c\u3044\u304f\u3064\u304b\u3042\u308b\u3002<\/p>\n

    \n
  1. \u30b5\u30fc\u30d0\u30fc\u306b\u975eroot\u6a29\u9650\u3067\u30bf\u30fc\u30df\u30ca\u30eb\u306b\u63a5\u7d9a\uff08SSH\u306a\u3069\uff09\u3067\u304d\u308b\u3053\u3068<\/li>\n
  2. sudo\u306a\u3069\u3067root\u6a29\u9650\u3067\u306e\u5b9f\u884c\u304c\u53ef\u80fd\u3067\u3042\u308b\u3053\u3068<\/li>\n
  3. \u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8\u4e0a\u306b\u516c\u958b\u3055\u308c\u3066\u3044\u308b\uff08DNS\u3067\u540d\u524d\u89e3\u6c7a\u3067\u304d\u308b\uff09\u7a3c\u52d5\u4e2d\u306eWeb\u30b5\u30fc\u30d0\u30fc\u3067\u3042\u308b\u3053\u3068<\/li>\n<\/ol>\n

    \u4e0a\u8a18\u306e\u8cea\u554f\u30671\u3064\u3067\u3082\u7b54\u3048\u304c\u30ce\u30fc\u306a\u3089\u3070\u3001\u3053\u3053\u3067\u304a\u3057\u307e\u3044\u3002
    \n\u57fa\u672c\u7684\u306b\u5171\u7528\u30ec\u30f3\u30bf\u30eb\u30b5\u30fc\u30d0\u30fc\u3068\u304b\u3067\u306f\u4f7f\u3048\u306a\u3044\u3002<\/p>\n

    \u3061\u306a\u307f\u306b\u4eca\u56de\u4f7f\u3063\u305f\u74b0\u5883\u306f\u3001\u3055\u304f\u3089VPS\u4e0a\u306eUbuntu Server 14.04.3 LTS + Apache 2.4.7\u3067\u3001\u8a3c\u660e\u66f8\u304c\u306a\u304b\u3063\u305f\u306e\u3067HTTP\u3060\u3051\u3067\u904b\u7528\u3057\u3066\u3044\u305f\u30b5\u30fc\u30d0\u30fc\u3002<\/p>\n

    \u3067\u306f\u65e9\u901fLet’s Encrypt\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u3066\u307f\u3088\u3046\u3002\u3068\u8a00\u3063\u3066\u3082\u3001apt-get install<\/code>\u3067\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3067\u306f\u306a\u304f\u3001\u5358\u306bGitHub\u304b\u3089\u30bd\u30fc\u30b9\u3092git clone<\/code>\u3059\u308b\u3060\u3051\u3002<\/p>\n

    \n$ sudo git clone https:\/\/github.com\/letsencrypt\/letsencrypt \/opt\/letsencrypt\n<\/pre>\n
    \u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u5148\u306f\/opt<\/code>\u306b\u3057\u305f\u304c\u3001\u597d\u307f\u306e\u554f\u984c\u3067\u3082\u3042\u308b\u306e\u3067\u3001\u5225\u306b\/usr\/local<\/code>\u306e\u4e0b\u3068\u304b\u3067\u3082\u69cb\u308f\u306a\u3044\u3002
    \nLet’s Encrypt\u306fGitHub\u4e0a\u3067\u958b\u767a\u9014\u4e0a\u306a\u3093\u3067\u3001\u76f4\u8fd1\u306e    \u30ea\u30ea\u30fc\u30b9\u30bf\u30b0<\/a>\u3067\u56fa\u5b9a\u3057\u3066\u304a\u3044\u305f\u65b9\u304c\u5b89\u5fc3\u304b\u3082\u3002<\/p>\n
    \n$ cd \/opt\/letsencrypt\n$ sudo git co -b v0.3.0 v0.3.0\n<\/pre>\n
    \u7d9a\u3044\u3066Let’s Encrypt\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u3092\u4ecb\u3057\u3066\u30b5\u30fc\u30d0\u30fc\u8a3c\u660e\u66f8\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3092\u3059\u308b\u3002<\/p>\n
    \n$ .\/letsencrypt-auto --apache -d stingrays.tokyo\n<\/pre>\n
    \u304c\u3001\u30a8\u30e9\u30fc\u767a\u751f…\u3002<\/p>\n
    \nDomains: stingrays.tokyo\nError: The server could not connect to the client for DV\n<\/pre>\n
    \u30cd\u30c3\u30c8\u3067\u540c\u3058\u30a8\u30e9\u30fc\u3092\u63a2\u3057\u3066\u307f\u305f\u3089\u3001\u300cLet’s Encrypt\u306eCA\u304c\u8a3c\u660e\u66f8\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u5148\u306b\u306a\u308bWeb\u30b5\u30fc\u30d0\u30fc\u306e\u540d\u524d\u89e3\u6c7a\u3067\u304d\u3066\u306a\u3044\u3093\u3058\u3083\u306d\uff1f\u300d\u3068\u3044\u3046\u56de\u7b54\u304c\u591a\u304b\u3063\u305f\u304c\u8a72\u5f53\u305b\u305a\u3002<\/p>\n
    HTTP\u306e\u307f\u3067\u904b\u7528\u3057\u3066\u3044\u308b\u3068\u3044\u3046\u306e\u304c\u539f\u56e0\u3067\u3001\u81ea\u5df1\u7f72\u540d\u8a3c\u660e\u66f8\u3067\u3082\u3044\u3044\u304b\u3089\u3068\u308a\u3042\u3048\u305aHTTPS\u3067\u30a2\u30af\u30bb\u30b9\u3067\u304d\u308b\u3088\u3046\u306b\u3057\u3066\u304a\u304b\u306a\u3044\u3068\u3044\u3051\u306a\u304b\u3063\u305f\u3002<\/p>\n
    \n$ sudo a2enmod ssl\n$ sudo a2ensite default-ssl\n$ sudo service apache2 restart\n$ curl -kI https:\/\/localhost\nHTTP\/1.1 200 OK\n(\u7565)\n<\/pre>\n
    HTTPS\u3067\u306e\u30a2\u30af\u30bb\u30b9\u306fOK\uff01
    \n\u6c17\u3092\u53d6\u308a\u76f4\u3057\u3066letsencrypt-auto<\/code>\u3092\u518d\u5b9f\u884c\u3059\u308b\u3082\u5931\u6557…\u3053\u3053\u304c\u3064\u307e\u3065\u3044\u305f\u90e8\u5206\u3002<\/p>\n
    curl<\/code>\u3060\u3051\u3067HTTPS\u306b\u3064\u306a\u304c\u308b\u3053\u3068\u3092\u78ba\u8a8d\u3057\u305f\u3051\u3069\u3001\u624b\u5143\u306e\u30d6\u30e9\u30a6\u30b6\u3067\u78ba\u8a8d\u3059\u308b\u306e\u3092\u6020\u3063\u3066\u3044\u305f\u3002\u30d6\u30e9\u30a6\u30b6\u304b\u3089HTTPS\u3067\u3064\u306a\u304c\u3089\u306a\u3044…\u3063\u3066\u3053\u3068\u306f\u3001\u4eca\u307e\u3067HTTP\u30aa\u30f3\u30ea\u30fc\u3067\u904b\u7528\u3057\u3066\u3044\u305f\u304b\u3089iptables<\/code>\u3067\u7a74\u304c\u958b\u3044\u3066\u306a\u304b\u3063\u305f\u3068\u3044\u3046\u30aa\u30c1\u3002<\/p>\n
    \u6539\u3081\u3066letsencrypt-auto<\/code>\u3092\u518d\u5b9f\u884c\uff01\u901a\u3063\u305f\uff01<\/p>\n
    letsencrypt-auto<\/code>\u306f\u975eroot\u6a29\u9650\u3067\u5b9f\u884c\u3057\u3066\u3044\u308b\u306e\u306b\u3001root\u3058\u3083\u306a\u3044\u3068\u7de8\u96c6\u3067\u304d\u306a\u3044\/etc\/apache2<\/code>\u914d\u4e0b\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u304c\u66f8\u304d\u63db\u308f\u308b\u306e\u306f\u306a\u305c\u3060\u308d\u3046\uff1f\u76f4\u8fd1\u3067sudo<\/code>\u3057\u3066\u305f\u304b\u3089\u30d7\u30ed\u30f3\u30d7\u30c8\u3057\u306a\u304b\u3063\u305f\u3060\u3051\uff1f
    \nLet’s Encrypt\u304c\u3069\u3046\u8a2d\u5b9a\u3092\u66f8\u304d\u63db\u3048\u308b\u306e\u304b\u6c17\u306b\u306a\u308b\u4eba\u306f\u3001\/etc\/apache2<\/code>\u914d\u4e0b\u3092git<\/code>\u3067\u7ba1\u7406\u3059\u308b\u3068\u3044\u3044\u3067\u3057\u3087\u3046\u3002<\/p>\n
    \n$ cd \/etc\/apache2\n$ sudo git init\n$ sudo git add .\n$ sudo git ci -m 'Initial config'\n<\/pre>\n
    letsencrypt-auto<\/code>\u306e\u5b9f\u884c\u5f8c\u306bgit diff<\/code>\u3059\u308c\u3070\u5909\u66f4\u70b9\u304c\u4e00\u76ee\u77ad\u7136\u3002<\/p>\n
    \u3061\u306a\u307f\u306b\u3001Apache2\u306e\u5834\u5408\u3001\/etc\/letsencrypt\/options-ssl-apache.conf<\/code>\u3068\u3044\u3046\u30d5\u30a1\u30a4\u30eb\u304c\u3067\u304d\u3042\u304c\u308a\u3001mod_ssl<\/code>\u7528\u306e\u63a8\u5968\u8a2d\u5b9a\u307f\u305f\u3044\u306a\u306e\u304c\u542b\u307e\u308c\u3066\u3044\u308b\u306e\u3067\u3001\u5b9f\u969b\u306b\u904b\u7528\u3057\u3066\u3044\u308b\u8a2d\u5b9a\u3067\u6b20\u3051\u3066\u3044\u308b\u90e8\u5206\u304c\u3042\u3063\u305f\u3089\u30b3\u30d4\u30da\u3057\u3066\u88dc\u5b8c\u3057\u3068\u304f\u3068\u3044\u3044\u3067\u3057\u3087\u3046\u3002<\/p>\n
    \u3053\u308c\u3067Let’s Encrypt\u306e\u7121\u6599SSL\u8a3c\u660e\u66f8\u3092\u4f7f\u3063\u3066HTTPS\u304c\u30b5\u30fc\u30d3\u30b9\u3067\u304d\u308b\u3088\u3046\u306b\u306a\u3063\u305f\u308f\u3051\u3060\u3002<\/p>\n
    \"Let's<\/p>\n
    SSL Report<\/a>\u3067\u3082\u6b63\u5e38\u306aHTTPS\u901a\u4fe1\u304c\u3067\u304d\u3066\u3044\u308b\u3068\u3044\u3046\u78ba\u8a8d\u304c\u3067\u304d\u308b\uff08\u81ea\u5206\u306e\u30b5\u30a4\u30c8\u3067\u8a66\u3057\u3066\u304f\u3060\u3055\u3044\uff09\u3002<\/p>\n
    \u3081\u3067\u305f\u3057\u3081\u3067\u305f\u3057…\u3067\u306f\u306a\u304f\u3001Let’s Encrypt\u306e\u8a3c\u660e\u66f8\u306e\u6709\u52b9\u671f\u9593\u306f90\u65e5\u3057\u304b\u306a\u3044\u306e\u3067\u3001\u8a3c\u660e\u66f8\u304c\u671f\u9650\u5207\u308c\u306b\u306a\u308b\u524d\u306b\u90fd\u5ea6\u66f4\u65b0\uff08Renew\uff09\u3057\u306a\u3051\u308c\u3070\u306a\u3089\u306a\u3044\u3002\u73fe\u6642\u70b9\u3067\u306fLet’s Encrypt\u304b\u3089\u8a3c\u660e\u66f8\u3092\u81ea\u52d5\u66f4\u65b0\u3059\u308b\u4ed5\u7d44\u307f\u306f\u63d0\u4f9b\u3055\u308c\u3066\u3044\u306a\u3044\u3088\u3046\u3060\u304c\u3001\u5192\u982d\u3067\u7d39\u4ecb\u3057\u305f\u30d6\u30ed\u30b0\u30dd\u30b9\u30c8<\/a>\u3067\u4fbf\u5229\u306a\u30b7\u30a7\u30eb\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u516c\u958b\u3057\u3066\u304f\u308c\u3066\u3044\u305f\u3002<\/p>\n
    \n$ sudo curl -L -o \/usr\/local\/sbin\/renew-letsencrypt http:\/\/do.co\/le-renew\n$ sudo chmod +x \/usr\/local\/sbin\/renew-letsencrypt\n<\/pre>\n
    \u77ed\u3044\u30b9\u30af\u30ea\u30d7\u30c8\u306a\u306e\u3067\u3001\u4e2d\u3067\u4f55\u3092\u3084\u3063\u3066\u3044\u308b\u306e\u304b\u30b6\u30c3\u3068\u76ee\u3092\u901a\u3057\u3066\u304a\u304f\u3068\u3044\u3044\u3060\u308d\u3046\u3002
    \n\u6700\u5f8c\u306b\u3001\u3053\u306e\u30b9\u30af\u30ea\u30d7\u30c8\u3092cron<\/code>\u3067\u5b9a\u671f\u5b9f\u884c\u3059\u308b\u3088\u3046\u306b\u8a2d\u5b9a\u3059\u308c\u3070\u304a\u3057\u307e\u3044\u3002<\/p>\n
    \n$ sudo crontab -e\n# \u4ee5\u4e0b\u306e1\u884c\u3092\u8ffd\u8a18\n0 3 1 *\/2 * \/usr\/local\/sbin\/renew-letsencrypt stingrays.tokyo >> \/var\/log\/renew-letsencrypt.log\n<\/pre>\n
    \u6709\u52b9\u671f\u9593\u306f90\u65e5\u3060\u304c\u30d0\u30c3\u30d5\u30a1\u3092\u8a2d\u3051\u3066\u3001\u5076\u6570\u6708\u306e1\u65e5\u3001\u3064\u307e\u308a\u7d0460\u65e5\u9593\u9694\u3067\u66f4\u65b0\u51e6\u7406\u304c\u5b9f\u884c\u3055\u308c\u308b\u3088\u3046\u306b\u4ed5\u8fbc\u3093\u3067\u304a\u3044\u305f\u3002\u3053\u308c\u3067\u5b8c\u5168\u653e\u7f6e\u30d7\u30ec\u30a4\u3067\u7121\u6599SSL\u304c\u5b9f\u73fe\u3067\u304d\u305f\u308f\u3051\u3067\u3042\u308b\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"
    \u53bb\u5e74\u306e12\u6708\u306bLet’s Encrypt\u304c\u30d1\u30d6\u30ea\u30c3\u30af\u30d9\u30fc\u30bf\u7248\u306b\u79fb\u884c\u3057\u305f\u3068\u3044\u3046\u306e\u304c\u30cb\u30e5\u30fc\u30b9\u306b\u306a\u3063\u305f\u3068\u304d\u3001\u7ba1\u7406\u3057\u3066\u3044\u308b\u30b5\u30a4\u30c8\u306e1\u3064\uff08stingrays.tokyo\uff09\u3092\u4f7f\u3063\u3066\u8a66\u3057\u3066\u307f\u3088\u3046\u304b\u306a\u3041\u3068\u601d\u3063\u305f\u3082\u306e\u306e\u3001\u3044\u308d\u3044 […]<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[84],"tags":[277,259,82,278,276,157,279],"_links":{"self":[{"href":"https:\/\/h2plus.biz\/hiromitsu\/wp-json\/wp\/v2\/posts\/890"}],"collection":[{"href":"https:\/\/h2plus.biz\/hiromitsu\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/h2plus.biz\/hiromitsu\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/h2plus.biz\/hiromitsu\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/h2plus.biz\/hiromitsu\/wp-json\/wp\/v2\/comments?post=890"}],"version-history":[{"count":0,"href":"https:\/\/h2plus.biz\/hiromitsu\/wp-json\/wp\/v2\/posts\/890\/revisions"}],"wp:attachment":[{"href":"https:\/\/h2plus.biz\/hiromitsu\/wp-json\/wp\/v2\/media?parent=890"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/h2plus.biz\/hiromitsu\/wp-json\/wp\/v2\/categories?post=890"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/h2plus.biz\/hiromitsu\/wp-json\/wp\/v2\/tags?post=890"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}