Let's Encript

インストール

Arch Linux

# pacman -S certbot-nginx

Ubuntu

# apt install certbot

RedHat 7.3

$ wget https://dl.eff.org/certbot-auto

$ chmod +x certbot-auto

$ ./certbot-auto

Ubuntu 14.04

# apt install letsencrypt

$ letsencrypt certonly --webroot -w /var/www -d aaa.ekzemplaro.org

CentOS 6.9

$ sudo yum install epel-release

$ wget https://dl.eff.org/certbot-auto

$ chmod +x certbot-auto

$ ./certbot-auto

証明書を自動生成

certbot certonly --webroot -w /var/www -d ekzemplaro.org --email aaa@ekzemplaro.org
結果

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/ekzemplaro.org/fullchain.pem. Your cert will
   expire on 2017-06-15. To obtain a new or tweaked version of this
   certificate in the future, simply run certbot again. To
   non-interactively renew *all* of your certificates, run "certbot
   renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le
/etc/apache2/sites-available/default-ssl.conf
#	SSLCertificateFile      /etc/ssl/certs/ssl-cert-snakeoil.pem
#	SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
SSLCertificateFile      /etc/letsencrypt/live/www.ekzemplaro.org/cert.pem
SSLCertificateKeyFile   /etc/letsencrypt/live/www.ekzemplaro.org/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/www.ekzemplaro.org/chain.pem
モジュールをロード
# a2enmod ssl
# a2ensite default-ssl
再起動
# systemctl restart apache2

アクセス

https://ekzemplaro.org

テスト

SSL Server Test

CentOS 6.9

/etc/httpd/conf.d/ssl.conf

# service httpd restart

CentOS 7.4

# yum install certbot certbot-apache

# sudo firewall-cmd --add-port=443/tcp --zone=public

# sudo firewall-cmd --add-port=443/tcp --zone=public --permanent

# sudo certbot run --apache -d example.com

Return

Sep/17/2023 AM 08:15