{"id":18633,"date":"2016-09-01T21:00:46","date_gmt":"2016-09-01T12:00:46","guid":{"rendered":"http:\/\/www.sssg.org\/blogs\/hiro345\/?p=18633"},"modified":"2016-11-01T11:42:09","modified_gmt":"2016-11-01T02:42:09","slug":"centos6%e3%81%a7%e3%81%aelets-encrypt%e8%a8%ad%e5%ae%9a%e6%96%b9%e6%b3%95","status":"publish","type":"post","link":"https:\/\/www.hiro345.net\/blogs\/hiro345\/archives\/18633.html","title":{"rendered":"CentOS6\u3067\u306eLet&#8217;s Encrypt\u8a2d\u5b9a\u65b9\u6cd5"},"content":{"rendered":"<p>\u300c<a href=\"https:\/\/letsencrypt.jp\/usage\/\">Let&#8217;s Encrypt \u306e\u4f7f\u3044\u65b9 &#8211; Let&#8217;s Encrypt \u7dcf\u5408\u30dd\u30fc\u30bf\u30eb<\/a>\u300d\u3092\u53c2\u8003\u306b\u3057\u306a\u304c\u3089\u3001Let&#8217;s Encrypt\u306e\u8a2d\u5b9a\u65b9\u6cd5\u3092\u8abf\u3079\u3066\u307f\u307e\u3057\u305f\u3002\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3059\u308b\u3068\u3053\u308d\u306f\u3001\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u7528\u610f\u3057\u3066\u5bfe\u5fdc\u3067\u304d\u307e\u3059\u3002<br \/>\n<!--more--><br \/>\n\u4f8b\u3048\u3070\u3001\u6b21\u306e\u3088\u3046\u306a\u5185\u5bb9\u306e install_lets_encrypt.sh \u3092\u7528\u610f\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"brush: bash; gutter: true\">\r\ndomain=&quot;www.example.jp&quot;\r\nwebroot=&quot;\/var\/www\/sites\/${domain}\/htdocs&quot;\r\n\r\nd=&quot;\/usr\/local\/certbot&quot;\r\nf=&quot;certbot-auto&quot;\r\ndl_url=&quot;https:\/\/dl.eff.org\/${f}&quot;\r\ncmd=&quot;${d}\/${f}&quot;\r\n\r\nif [ ! -e ${d} ]; then\r\n  sudo mkdir -p ${d}\r\nfi\r\nsudo wget -O ${cmd} ${dl_url}\r\nsudo chmod a+x ${cmd}\r\n\r\n${cmd} certonly \\\r\n  --webroot -w &quot;${webroot}&quot; \\\r\n  -d ${domain} \\\r\n  -m webmaster@${domain} \\\r\n  --agree-tos\r\n\r\n# for SELinux\r\nsemanage fcontext -a -t cert_t &quot;\/etc\/letsencrypt(\/.*)?&quot;\r\nrestorecon -FR \/etc\/letsencrypt\r\n<\/pre>\n<p>\u4e0b\u8a18\u3067\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n<pre class=\"brush: bash; gutter: true\">\r\n$ sudo sh install_lets_encrypt.sh\r\n<\/pre>\n<p>\u751f\u6210\u3055\u308c\u305f\u9375\u30d5\u30a1\u30a4\u30eb\u3092 \/etc\/httpd\/conf.d\/ssl.conf \u3067\u4f7f\u3046\u3088\u3046\u306b\u6307\u5b9a\u3057\u307e\u3059\u3002\u624b\u5143\u306e\u74b0\u5883\u3067\u306ffullchain.pem\u306f\u4f7f\u308f\u306a\u304f\u3066\u826f\u3044\u3088\u3046\u3060\u3063\u305f\u306e\u3067\u6307\u5b9a\u3057\u3066\u307e\u305b\u3093\u3002<\/p>\n<pre class=\"brush: bash; gutter: true\">\r\nSSLCertificateFile \/etc\/letsencrypt\/live\/www.example.jp\/cert.pem\r\nSSLCertificateKeyFile \/etc\/letsencrypt\/live\/www.example.jp\/privkey.pem\r\nSSLCertificateChainFile \/etc\/letsencrypt\/live\/www.example.jp\/chain.pem\r\n<\/pre>\n<p>\u66f4\u65b0\u6642\u306f\u3001\u30b3\u30de\u30f3\u30c9\u5b9f\u884c\u90e8\u5206\u3092\u5909\u66f4\u3057\u305f update.sh \u3092\u7528\u610f\u3057\u3001\/usr\/local\/certbot\/update.sh \u306b\u7f6e\u3044\u305f\u3068\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"brush: bash; gutter: true\">\r\n#!\/bin\/sh\r\n\r\ndomain=&quot;www.example.jp&quot;\r\nwebroot=&quot;\/var\/www\/sites\/${domain}\/htdocs&quot;\r\n\r\nd=&quot;\/usr\/local\/certbot&quot;\r\nf=&quot;certbot-auto&quot;\r\ncmd=&quot;${d}\/${f}&quot;\r\n\r\n${cmd} certonly \\\r\n  -n \\\r\n  --renew-by-default \\\r\n  --webroot -w &quot;${webroot}&quot; \\\r\n  -d ${domain}\r\n\r\nif [ $? -eq 0 ]; then\r\n    \/sbin\/service httpd graceful\r\nelse\r\n    \/bin\/logger -p user.err &quot;Let&#039;s Encrypt Certificate Renewal Failed: ${domain}&quot;\r\nfi\r\n<\/pre>\n<p>\u5b9f\u884c\u6a29\u3092\u4ed8\u4e0e\u3057\u3066\u304b\u3089\u3001crontab\u3067 \/usr\/local\/certbot\/update.sh \u3092\u767b\u9332\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"brush: bash; gutter: true\">\r\n$ sudo chmod 755 \/usr\/local\/certbot\/update.sh\r\n$ sudo crontab -e\r\n<\/pre>\n<p>\u5185\u5bb9\u306f\u4f8b\u3048\u3070\u3001\u4e0b\u8a18\u306e\u3088\u3046\u306a\u611f\u3058\u306b\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"brush: bash; gutter: true\">\r\n59 23 19 * * \/usr\/local\/certbot\/update.sh &gt; \/dev\/null 2&gt;&amp;1\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>\u300cLet&#8217;s Encrypt \u306e\u4f7f\u3044\u65b9 &#8211; Let&#8217;s Encrypt \u7dcf\u5408\u30dd\u30fc\u30bf\u30eb\u300d\u3092\u53c2\u8003\u306b\u3057\u306a\u304c\u3089\u3001Let&#8217;s Encrypt\u306e\u8a2d\u5b9a\u65b9\u6cd5\u3092\u8abf\u3079\u3066\u307f\u307e\u3057\u305f\u3002\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3059 &hellip; <a href=\"https:\/\/www.hiro345.net\/blogs\/hiro345\/archives\/18633.html\">\u7d9a\u304d\u3092\u8aad\u3080 <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[653,1299],"class_list":["post-18633","post","type-post","status-publish","format-standard","hentry","category-linux","tag-centos6","tag-lets-encrypt"],"_links":{"self":[{"href":"https:\/\/www.hiro345.net\/blogs\/hiro345\/wp-json\/wp\/v2\/posts\/18633","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.hiro345.net\/blogs\/hiro345\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.hiro345.net\/blogs\/hiro345\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.hiro345.net\/blogs\/hiro345\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hiro345.net\/blogs\/hiro345\/wp-json\/wp\/v2\/comments?post=18633"}],"version-history":[{"count":5,"href":"https:\/\/www.hiro345.net\/blogs\/hiro345\/wp-json\/wp\/v2\/posts\/18633\/revisions"}],"predecessor-version":[{"id":18736,"href":"https:\/\/www.hiro345.net\/blogs\/hiro345\/wp-json\/wp\/v2\/posts\/18633\/revisions\/18736"}],"wp:attachment":[{"href":"https:\/\/www.hiro345.net\/blogs\/hiro345\/wp-json\/wp\/v2\/media?parent=18633"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.hiro345.net\/blogs\/hiro345\/wp-json\/wp\/v2\/categories?post=18633"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.hiro345.net\/blogs\/hiro345\/wp-json\/wp\/v2\/tags?post=18633"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}