カテゴリー: linux

投稿日:

無料のSSL証明書を使う (初期構築)

Ubuntu の場合のLet’s encrypt 利用手順

certbotインストール

$ sudo apt install -y certbot

証明書作成(自己証明書)

$ sudo certbot certonly --webroot -w /var/www/html -d <domain_name>
  <mail address>

ApacheへのSSL設定

$ sudo vi /etc/apache2/sites-available/default-ssl.conf

SSLCertificateFile      /etc/letsencrypt/live/<domain_name>/cert.pem
SSLCertificateKeyFile   /etc/letsencrypt/live/<domain_name>/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/<domain_name>/chain.pem

SSL有効化

$ sudo a2ensite default-ssl
$ sudo a2enmod ssl
$ sudo systemctl restart apache2
投稿日:

無料のWordPressを立てる(Google Cloud Free)

Google Cloud とは

Google Cloud とは、Googleが運営するクラウド環境で、期限なしで利用できる無料枠が使える

VMの作成方法

Cloud Shellを起動して以下を実行する

$ gcloud compute instances create instance1 --project=bigquery-315414 --zone=us-central1-a --machine-type=e2-micro

ディスクサイズを30GBに拡張できる

$ gcloud compute instances stop instance1 --zone=us-central1-a
$ gcloud compute disks resize instance1 --size 30  --zone=us-central1-a
$ gcloud compute instances start instance1 --zone=us-central1-a
投稿日:

無料のSSL証明書を使う (証明書更新編)

準備

80番ポートを開放していること
バックアップをとる
$ cp -pr /etc/letsencrypt/ /etc/letsencrypt.20230701

SSL証明書更新 (dry-run)

$ sudo certbot renew –webroot -w /var/www/html/wordpress01 –dry-run

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/stonehills.tokyo.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Simulating renewal of an existing certificate for stonehills.tokyo
Performing the following challenges:
http-01 challenge for stonehills.tokyo
Using the webroot path /var/www/html/wordpress01 for all unmatched domains.
Waiting for verification...
Cleaning up challenges

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/stonehills.tokyo/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations, all simulated renewals succeeded:
  /etc/letsencrypt/live/stonehills.tokyo/fullchain.pem (success)

SSL証明書更新

$ sudo certbot renew –webroot -w /var/www/html/wordpress01

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/stonehills.tokyo.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate for stonehills.tokyo
Performing the following challenges:
http-01 challenge for stonehills.tokyo
Using the webroot path /var/www/html/wordpress01 for all unmatched domains.
Waiting for verification...
Cleaning up challenges

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/stonehills.tokyo/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations, all renewals succeeded:
  /etc/letsencrypt/live/stonehills.tokyo/fullchain.pem (success)

$ sudo systemctl restart apache2

ブラウザから、SSL証明書の更新日が変更されていることを確認する

Cronに登録した

$ cronta -e
これは毎月1日午前1時に証明書更新する場合

0 1 01 * * sudo certbot renew --webroot -w /var/www/html/wordpress01
0 2 01 * * sudo systemctl restart apache2