{"id":2081,"date":"2018-07-28T21:21:37","date_gmt":"2018-07-28T12:21:37","guid":{"rendered":"http:\/\/hobby.mydns.jp\/teruki.wp\/?p=2081"},"modified":"2018-07-29T01:19:08","modified_gmt":"2018-07-28T16:19:08","slug":"post-2081","status":"publish","type":"post","link":"https:\/\/hobby.mydns.jp\/teruki.wp\/2018\/07\/28\/post-2081\/","title":{"rendered":"CentOS7 Let\u2019s Encrypt\u3067SSL(HTTPS)\u5316 \u81ea\u5df1\u8a3c\u660e\u7121\u52b9\u5316"},"content":{"rendered":"

CentOS7\u306eWeb\u30b5\u30fc\u30d0\u30fc\u3092SSL\u5bfe\u5fdc\u3055\u305b\u307e\u3057\u305f\u3002<\/p>\n

\u3010\u30c8\u30e9\u30d6\u30eb\u3011\u53d6\u5f97\u3057\u305fSSL\u8a3c\u660e\u66f8\u304c\u6709\u52b9\u306b\u306a\u3089\u305ahttps:\/\/\u30a2\u30af\u30bb\u30b9\u3067\u8b66\u544a\u30e1\u30c3\u30bb\u30fc\u30b8\u304c\u51fa\u308b\u3002
\nLet\u2019s Encrypt\u3067\u7121\u6599\u306eSSL\u8a3c\u660e\u66f8\u3092\u53d6\u5f97\u3057\u305f\u306e\u306f\u3044\u3044\u304c\u3001\u3044\u3056\u3001https:\/\/\u3067\u30a2\u30af\u30bb\u30b9\u3059\u308b\u3068\u3001\u8a3c\u660e\u66f8\u306b\u554f\u984c\u304c\u3042\u308b\u3068\u304b\u3001\u4fdd\u8b77\u3055\u308c\u3066\u3044\u306a\u3044\u3068\u304b\u8b66\u544a\u30e1\u30c3\u30bb\u30fc\u30b8\u304c\u51fa\u3066\u3057\u307e\u3046\u3002
\n\u30fb\u300c\u3053\u306eWeb\u30b5\u30a4\u30c8\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u8a3c\u660e\u66f8\u306b\u306f\u554f\u984c\u304c\u3042\u308a\u307e\u3059\u300d
\n\u30fb\u300c\u3053\u306e\u30b5\u30a4\u30c8\u306f\u5b89\u5168\u3067\u306f\u3042\u308a\u307e\u305b\u3093\u300d
\n\u30fb\u300c\u3053\u306e\u63a5\u7d9a\u3067\u306f\u30d7\u30e9\u30a4\u30d0\u30b7\u30fc\u304c\u4fdd\u8b77\u3055\u308c\u307e\u305b\u3093\u300d
\n\u30fb\u300c\u5b89\u5168\u306a\u63a5\u7d9a\u3067\u306f\u3042\u308a\u307e\u305b\u3093\u300d<\/p>\n

\u3010\u539f\u56e0\u3011ssl.conf\u30d5\u30a1\u30a4\u30eb\u306b\u66f8\u304b\u308c\u3066\u3044\u308blocalhost\u306e\u30d5\u30a1\u30a4\u30eb\u304c\u6709\u52b9\u306b\u306a\u3063\u3066\u3044\u305f\u3002
\n\u30d6\u30e9\u30a6\u30b6\u306e\u8b66\u544a\u306e\u8a73\u7d30\u3092\u898b\u3066\u307f\u308b\u3068\u3001\u671f\u9650\u306e\u5207\u308c\u3066\u3044\u308b\u81ea\u5df1\u8a3c\u660e\u66f8\u304c\u8a8d\u8b58\u3055\u308c\u3066\u3044\u305f\u3002\u539f\u56e0\u306f\u3001mod_ssl\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u305f\u3068\u304d\u306b\u4f5c\u6210\u3055\u308c\u308b\/etc\/httpd\/conf.d\/ssl.conf\u30d5\u30a1\u30a4\u30eb\u306b\u66f8\u304b\u308c\u3066\u3044\u308b\u8a3c\u660e\u66f8\u306e\u65b9\u304c\u6709\u52b9\u306b\u306a\u3063\u3066\u3044\u308b\u3053\u3068\u304c\u539f\u56e0\u3060\u3063\u305f\u3002<\/p>\n

# Server Certificate:
\n# Point SSLCertificateFile at a PEM encoded certificate. If
\n# the certificate is encrypted, then you will be prompted for a
\n# pass phrase. Note that a kill -HUP will prompt again. A new
\n# certificate can be generated using the genkey(1) command.
\nSSLCertificateFile \/etc\/pki\/tls\/certs\/localhost.crt\u3000\u2190\u2605<\/p>\n

# Server Private Key:
\n# If the key is not combined with the certificate, use this
\n# directive to point at the key file. Keep in mind that if
\n# you’ve both a RSA and a DSA private key you can configure
\n# both in parallel (to also allow the use of DSA ciphers, etc.)
\nSSLCertificateKeyFile \/etc\/pki\/tls\/private\/localhost.key\u3000\u2190\u2605<\/p>\n

# Server Certificate Chain:
\n# Point SSLCertificateChainFile at a file containing the
\n# concatenation of PEM encoded CA certificates which form the
\n# certificate chain for the server certificate. Alternatively
\n# the referenced file can be the same as SSLCertificateFile
\n# when the CA certificates are directly appended to the server
\n# certificate for convinience.
\nSSLCertificateChainFile \/etc\/pki\/tls\/certs\/server-chain.crt\u3000\u2190\u2605<\/p>\n

\u3010\u5bfe\u7b56\u3011\/etc\/httpd\/conf.d\/ssl.conf\u3092\u4fee\u6b63\u3057\u3066\u53d6\u5f97\u3057\u305f\u8a3c\u660e\u66f8\u306b\u5dee\u3057\u66ff\u3048\u308b\u3002
\nLet\u2019s Encrypt\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3067\u751f\u6210\u3055\u308c\u308b\/etc\/httpd\/conf\/httpd-le-ssl.conf\u3060\u3051\u3067\u306f\u3053\u306e\u4e2d\u306b\u8a18\u8f09\u3055\u308c\u3066\u3044\u308b\u8a3c\u660e\u66f8\u304c\u6709\u52b9\u306b\u306a\u3089\u306a\u304b\u3063\u305f\u3002\/etc\/httpd\/conf.d\/ssl.conf\u306e\u4e0a\u306e\u2605\u5370\u90e8\u5206\u3092httpd-le-ssl.conf\u306b\u66f8\u304b\u308c\u3066\u3044\u308b\u30d5\u30a1\u30a4\u30eb\u306b\u7f6e\u304d\u63db\u3048\u308b\u3053\u3068\u3067\u6709\u52b9\u306b\u306a\u3063\u305f\u3002
\n\"\"<\/p>\n

****************************************************************
\nSSL\u5316\u624b\u9806
\n****************************************************************
\n\u25a0Certbot \u30d1\u30c3\u30b1\u30fc\u30b8\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u524d\u306e\u6e96\u5099
\n\u25c7\u4eee\u60f3\u30db\u30b9\u30c8 \u30dd\u30fc\u30c880\u3092\u8ffd\u52a0\u3057\u3066\u304a\u304f
\n\u3010\u30c8\u30e9\u30d6\u30eb\u3011\u6700\u521d\u306e\u7acb\u3061\u4e0a\u3052\u3067%>sudo certbot \u3060\u3051\u3067\u5b9f\u884c\u3057\u305f\u3068\u304d\u306b\u51fa\u307e\u3057\u305f\u3002
\n\u203b\u307e\u305f\u3001\u30dd\u30fc\u30c880\u3067\u4eee\u60f3\u30db\u30b9\u30c8\u3092\u898b\u3064\u3051\u3089\u308c\u306a\u304b\u3063\u305f\u306e\u3067\u8ffd\u52a0\u3057\u3066\u304f\u3060\u3055\u3044\u3068\u3044\u3046\u30e1\u30c3\u30bb\u30fc\u30b8\u304c\u51fa\u3066\u3057\u307e\u3044\u307e\u3057\u305f\u3002<\/p>\n

No names were found in your configuration files. Please enter in your domain
\nname(s) (comma and\/or space separated) (Enter ‘c’ to cancel):\u3000\u30db\u30b9\u30c8\u540d\u3092\u5165\u529b\u3057\u3066Enter<\/p>\n

\u4f8b\uff09name(s) (comma and\/or space separated) (Enter ‘c’ to cancel): hobby.mydns.jp
\nObtaining a new certificate
\nResetting dropped connection: acme-v01.api.letsencrypt.org
\nPerforming the following challenges:
\nhttp-01 challenge for hobby.mydns.jp
\nCleaning up challenges
\nUnable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.\u3000\u2190\u2605<\/p>\n

IMPORTANT NOTES:
\n– Your account credentials have been saved in your Certbot
\nconfiguration directory at \/etc\/letsencrypt. You should make a
\nsecure backup of this folder now. This configuration directory will
\nalso contain certificates and private keys obtained by Certbot so
\nmaking regular backups of this folder is ideal.<\/p>\n

\u3010\u5bfe\u7b56\u3011\/etc\/httpd\/conf\/httpd.conf\u306e\u6587\u672b\u306b\u4e0b\u8a18\u3092\u633f\u5165
\n——————
\nNameVirtualHost *:80<\/del>\u3000\u2190\u3000\/var\/log\/messages\u3067\u610f\u5473\u306a\u3057\u3068\u3044\u3046\u300cAH00548:\u300d\u30e1\u30c3\u30bb\u30fc\u30b8\u304c\u51fa\u308b\u306e\u3067\u524a\u9664<\/a>\u3057\u307e\u3057\u305f
\n<VirtualHost *:80>
\nServerAdmin root@hobby.mydns.jp
\nDocumentRoot \/var\/www\/html
\nServerName hobby.mydns.jp
\n<\/VirtualHost>
\n——————<\/p>\n

\u25a0Certbot \u30d1\u30c3\u30b1\u30fc\u30b8\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/a>
\n%>sudo yum install epel-release
\n%>sudo yum install certbot python-certbot-apache<\/p>\n

\u25a0ssl\u8a3c\u660e\u66f8\u306e\u53d6\u5f97
\n%>sudo certbot run -d \u30c9\u30e1\u30a4\u30f3\u540d
\n\u4f8b\uff09%>sudo certbot run -d hobby.mydns.jp<\/p>\n

\u25c7\u521d\u56de\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u306e\u554f\u3044\u5408\u308f\u305b\u304c\u51fa\u307e\u3059\u3002
\nSaving debug log to \/var\/log\/letsencrypt\/letsencrypt.log
\nPlugins selected: Authenticator apache, Installer apache
\nEnter email address (used for urgent renewal and security notices) (Enter ‘c’ tocancel):\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u3092\u5165\u529b\u3057\u3066Enter<\/p>\n

\u25c7\u898f\u7d04\u306b\u540c\u610f\u3059\u308b
\nStarting new HTTPS connection (1): acme-v01.api.letsencrypt.org<\/p>\n

——————————————————————————-
\nPlease read the Terms of Service at
\nhttps:\/\/letsencrypt.org\/documents\/LE-SA-v1.2-November-15-2017.pdf. You must
\nagree in order to register with the ACME server at
\nhttps:\/\/acme-v01.api.letsencrypt.org\/directory
\n——————————————————————————-
\n(A)gree\/(C)ancel: a\u3092\u5165\u529b\u3057\u3066Enter<\/p>\n

\u25c7SSL\u8a3c\u660e\u66f8\u3092\u5229\u7528\u3059\u308b\u3060\u3051\u306a\u3089n\u3092\u9078\u629e
\n——————————————————————————-
\nWould you be willing to share your email address with the Electronic Frontier
\nFoundation, a founding partner of the Let’s Encrypt project and the non-profit
\norganization that develops Certbot? We’d like to send you email about our work
\nencrypting the web, EFF news, campaigns, and ways to support digital freedom.
\n——————————————————————————-
\n(Y)es\/(N)o: n\u3092\u5165\u529b\u3057\u3066Enter<\/p>\n

\u25c7HTTPS\u5316\u3057\u305f\u3044\u30b5\u30a4\u30c8\u306e\u30db\u30b9\u30c8\u540d\u304c\u8868\u793a\u3055\u308c\u308b\u306e\u3067\u3001\u8a72\u5f53\u3059\u308b\u756a\u53f7\u3092\u9078\u629e
\nWhich names would you like to activate HTTPS for?
\n– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
\n1: hobby.mydns.jp
\n– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
\nSelect the appropriate numbers separated by commas and\/or spaces, or leave input
\nblank to select all options shown (Enter ‘c’ to cancel): 1<\/p>\n

\u25c7\u8a3c\u660e\u66f8\u306e\u767a\u884c\u624b\u7d9a\u304d\u304c\u3055\u308c\u3001\/etc\/httpd\/conf.d\/httpd-le-ssl.conf\u304c\u81ea\u52d5\u7684\u306b\u4f5c\u6210\u3055\u308c\u308b\u3002
\nObtaining a new certificate
\nPerforming the following challenges:
\nhttp-01 challenge for hobby.mydns.jp
\nWaiting for verification…
\nCleaning up challenges
\nCreated an SSL vhost at \/etc\/httpd\/conf\/httpd-le-ssl.conf
\nDeploying Certificate to VirtualHost \/etc\/httpd\/conf\/httpd-le-ssl.conf
\nEnabling site \/etc\/httpd\/conf\/httpd-le-ssl.conf by adding Include to root configuration<\/p>\n

\u25c7HTTP\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3092HTTPS\u306b\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u3059\u308b\u304b\u5c0b\u306d\u3089\u308c\u308b
\nPlease choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
\n– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
\n1: No redirect – Make no further changes to the webserver configuration.
\n2: Redirect – Make all requests redirect to secure HTTPS access. Choose this for
\nnew sites, or if you’re confident your site works on HTTPS. You can undo this
\nchange by editing your web server’s configuration.
\n– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
\nSelect the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 1\u3092\u9078\u629e\u3057\u3066\u624b\u52d5\u3067\u8a2d\u5b9a\u3057\u3066\u307f\u308b\u3002<\/p>\n

\u25c7\u8a3c\u660e\u66f8\u767a\u884c\u5b8c\u4e86
\n– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
\nCongratulations! You have successfully enabled https:\/\/hobby.mydns.jp<\/p>\n

You should test your configuration at:
\nhttps:\/\/www.ssllabs.com\/ssltest\/analyze.html?d=hobby.mydns.jp
\n– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
\n\u2191\u3053\u3053\u306b\u30a2\u30af\u30bb\u30b9\u3057\u3066\u307f\u308b\u3068\u3001https\u30a2\u30af\u30bb\u30b9\u3067\u304d\u3066\u3044\u308c\u3070Grade\u6b04\u306b\u300cB\u300d\u3068\u304b\u8a18\u53f7\u304c\u51fa\u3066\u304d\u3066\u8a73\u7d30\u304c\u898b\u3089\u308c\u308b\u3002
\nIMPORTANT NOTES:
\n– Congratulations! Your certificate and chain have been saved at:
\n\/etc\/letsencrypt\/live\/hobby.mydns.jp\/fullchain.pem
\nYour key file has been saved at:
\n\/etc\/letsencrypt\/live\/hobby.mydns.jp\/privkey.pem
\nYour cert will expire on 2018-10-24. To obtain a new or tweaked
\nversion of this certificate in the future, simply run certbot-auto
\nagain with the “certonly” option. To non-interactively renew *all*
\nof your certificates, run “certbot-auto renew”
\n– If you like Certbot, please consider supporting our work by:<\/p>\n

Donating to ISRG \/ Let’s Encrypt: https:\/\/letsencrypt.org\/donate
\nDonating to EFF: https:\/\/eff.org\/donate-le<\/p>\n

\u2191\u8a3c\u660e\u66f8\u306e\u4fdd\u5b58\u5834\u6240\u306f\/etc\/letsencrypt\/live\/[\u30db\u30b9\u30c8\u540d]\/\u306b\u3042\u308b\u3053\u3068\u3068\u3001\u6709\u52b9\u671f\u9650\u304c2018-10-24\u3067\u3042\u308b\u3053\u3068\u304c\u66f8\u304b\u308c\u3066\u3044\u308b\u3002<\/p>\n

\u25c7\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u306e\u78ba\u8a8d
\n\u30fb\/etc\/httpd\/conf\/httpd-le-ssl.conf\u3000\u304c\u4f5c\u6210\u3055\u308c\u3001\u4e2d\u306b\u8a3c\u660e\u66f8\u306e\u30d1\u30b9\u304c\u5207\u3089\u308c\u3066\u3044\u307e\u3059\u3002
\n<IfModule mod_ssl.c>
\n<VirtualHost *:443>
\nServerAdmin root@hobby.mydns.jp
\nDocumentRoot \/var\/www\/html
\nServerName hobby.mydns.jp
\nSSLCertificateFile \/etc\/letsencrypt\/live\/hobby.mydns.jp\/cert.pem
\nSSLCertificateKeyFile \/etc\/letsencrypt\/live\/hobby.mydns.jp\/privkey.pem
\nInclude \/etc\/letsencrypt\/options-ssl-apache.conf
\nSSLCertificateChainFile \/etc\/letsencrypt\/live\/hobby.mydns.jp\/chain.pem
\n<\/VirtualHost>
\n<\/IfModule><\/p>\n

\u30fb\/etc\/httpd\/conf\/httpd.conf\u3000\u304c\u66f4\u65b0\u3055\u308c\u3001\u6587\u672b\u306b\u4e0b\u8a18\u304c\u8ffd\u52a0\u3055\u308c\u3066\u3044\u308b\u3002
\nInclude \/etc\/httpd\/conf\/httpd-le-ssl.conf<\/p>\n

\u25c7\/etc\/httpd\/conf.d\/ssl.conf\u3000\u306e\u4fee\u6b63
\n\u30da\u30fc\u30b8\u306e\u5148\u982d\u306b\u8a18\u8ff0\u3057\u305f\u30c8\u30e9\u30d6\u30eb\u5bfe\u7b56\u3068\u3057\u3066\u3001\u2605\u5370\u3092\u7121\u52b9\u5316\u3057\u3066\u3001\u2606\u5370\u3092\u8a2d\u5b9a\u3059\u308b\u3002
\n# Server Certificate:
\n# Point SSLCertificateFile at a PEM encoded certificate. If
\n# the certificate is encrypted, then you will be prompted for a
\n# pass phrase. Note that a kill -HUP will prompt again. A new
\n# certificate can be generated using the genkey(1) command.
\n#SSLCertificateFile \/etc\/pki\/tls\/certs\/localhost.crt\u3000\u2190\u2605
\nSSLCertificateFile \/etc\/letsencrypt\/live\/hobby.mydns.jp\/cert.pem\u3000\u2190\u2606<\/p>\n

# Server Private Key:
\n# If the key is not combined with the certificate, use this
\n# directive to point at the key file. Keep in mind that if
\n# you’ve both a RSA and a DSA private key you can configure
\n# both in parallel (to also allow the use of DSA ciphers, etc.)
\n#SSLCertificateKeyFile \/etc\/pki\/tls\/private\/localhost.key\u3000\u2190\u2605
\nSSLCertificateKeyFile \/etc\/letsencrypt\/live\/hobby.mydns.jp\/privkey.pem\u3000\u2190\u2606<\/p>\n

# Server Certificate Chain:
\n# Point SSLCertificateChainFile at a file containing the
\n# concatenation of PEM encoded CA certificates which form the
\n# certificate chain for the server certificate. Alternatively
\n# the referenced file can be the same as SSLCertificateFile
\n# when the CA certificates are directly appended to the server
\n# certificate for convinience.
\n#SSLCertificateChainFile \/etc\/pki\/tls\/certs\/server-chain.crt\u3000\u2190\u2605
\nSSLCertificateChainFile \/etc\/letsencrypt\/live\/hobby.mydns.jp\/chain.pem\u3000\u2190\u2606<\/p>\n

\u25c7httpd\u518d\u8d77\u52d5
\n%>systemctl restart httpd.service<\/p>\n

\u25a0http\u304b\u3089https\u3078\u306e301\u30ea\u30c0\u30a4\u30ec\u30af\u30c8
\n\u300chttp:\/\/\uff5e\u300d\u3068\u300chttps:\/\/\uff5e\u300d\u304c\u540c\u3058\u30b3\u30f3\u30c6\u30f3\u30c4\u3067\u3082Google\u306f\u5225\u306e\u30da\u30fc\u30b8\u3068\u8a8d\u8b58\u3059\u308b\u53ef\u80fd\u6027\u304c\u3042\u308b\u305d\u3046\u3067\u8a55\u4fa1\u3092\u5f15\u304d\u7d99\u3050\u5fc5\u8981\u304c\u3042\u308b\u5834\u5408\u306f\u3001\u4e0b\u8a18\u306e\u3088\u3046\u306b301\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u304c\u5fc5\u8981\u3002
\n\u3010\u5bfe\u7b56\u3011\/etc\/httpd\/conf\/httpd.conf\u306e\u6587\u672b\u306b\u4e0b\u8a18\u306e\u592a\u6587\u5b57\u3092\u633f\u5165
\n——————
\nNameVirtualHost *:80<\/del>\u3000\u2190\u3000\/var\/log\/messages\u3067\u610f\u5473\u306a\u3057\u3068\u3044\u3046\u300cAH00548:\u300d\u30e1\u30c3\u30bb\u30fc\u30b8\u304c\u51fa\u308b\u306e\u3067\u524a\u9664<\/a>\u3057\u307e\u3057\u305f
\n<VirtualHost *:80>
\nServerAdmin root@hobby.mydns.jp
\nDocumentRoot \/var\/www\/html
\nServerName hobby.mydns.jp
\n RewriteEngine on<\/strong>
\nRewriteCond %{HTTPS} off<\/strong>
\nRewriteRule ^(.*)$ https:\/\/hobby.mydns.jp\/$1 [R=301,L]<\/strong>
\n<\/VirtualHost>
\n——————
\n\u25c7httpd\u518d\u8d77\u52d5
\n%>systemctl restart httpd.service<\/p>\n

\u25c7Let’s Encrypt\uff08HTTPS\uff09\u304c90\u65e5\u3067\u671f\u9650\u5207\u308c\u306b\u306a\u308b\u5bfe\u7b56\uff01<\/a>\u6bce\u67081\u65e5\u3001\u5348\u524d5\u6642\u306b\u66f4\u65b0\u78ba\u8a8d
\n\/etc\/crontab\u306b\u4e0b\u8a18\u3092\u8ffd\u52a0\u3002\u203bcrontab -e\u3067\u306e\u8a2d\u5b9a\u306f\u3057\u306a\u3044\u3067\u76f4\u63a5\u30d5\u30a1\u30a4\u30eb\u306b\u8a18\u8f09\u3002
\n0 5 1 * * root certbot renew –quiet<\/del>
\n\u2193\u3000httpd\u306e\u518d\u8d77\u52d5\u3082\u5fc5\u8981<\/span>\u3089\u3057\u3044\u306e\u3067\u8a2d\u5b9a\u5909\u66f4
\n\u203b\u66f4\u306b\u8a3c\u660e\u66f8\u306e\u66f4\u65b0\u7d50\u679c\u3092\u30e1\u30fc\u30eb\u3067\u53d7\u3051\u53d6\u308b<\/a>\u65b9\u6cd5\u306b\u5909\u66f4
\n00 05 01 * * certbot renew –dry-run<\/span> 2>&1 | mail -s “Let’s Encrypt update information” myname@mydomain.com && systemctl restart httpd<\/span><\/p>\n

–dry-run<\/span>\u30aa\u30d7\u30b7\u30e7\u30f3\u3092\u4ed8\u3051\u3066\u30b7\u30df\u30e5\u30ec\u30fc\u30b7\u30e7\u30f3\u30e2\u30fc\u30c9\u3067\u306e\u66f4\u65b0\u30c6\u30b9\u30c8\u5b9f\u884c\u3057\u305f\u53d7\u4fe1\u30e1\u30fc\u30eb\u306e\u7d50\u679c
\n\u203b\u66f4\u65b0\u306b\u6210\u529f\u3057\u305f\u65e8\u304c\u8a18\u8ff0\u3055\u308c\u3066\u3044\u308b\u3002
\n———- Forwarded message ———<\/span>
\nFrom: root <root@mydomain.com><\/span>
\nDate: 2018\u5e749\u67081\u65e5(\u571f) 8:30<\/span>
\nSubject: Let’s Encrypt update information<\/span>
\nTo: <myname@mydomain.com><\/span>
\nSaving debug log to \/var\/log\/letsencrypt\/letsencrypt.log<\/span>
\n– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –<\/span>
\nProcessing \/etc\/letsencrypt\/renewal\/hobby.mydns.jp.conf<\/span>
\n– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –<\/span>
\nCert not due for renewal, but simulating renewal for dry run<\/span>
\nPlugins selected: Authenticator apache, Installer apache<\/span>
\nStarting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org<\/span>
\nRenewing an existing certificate<\/span>
\nPerforming the following challenges:<\/span>
\nhttp-01 challenge for hobby.mydns.jp<\/span>
\nWaiting for verification…<\/span>
\nCleaning up challenges<\/span>
\n– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –<\/span>
\nnew certificate deployed with reload of apache server; fullchain is<\/span>
\n\/etc\/letsencrypt\/live\/hobby.mydns.jp\/fullchain.pem<\/span>
\n– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –<\/span>
\n– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –<\/span>
\n** DRY RUN: simulating ‘certbot renew’ close to cert expiry<\/span>
\n** (The test certificates below have not been saved.)<\/span>
\nCongratulations, all renewals succeeded. The following certs have been renewed:<\/span>
\n\/etc\/letsencrypt\/live\/hobby.mydns.jp\/fullchain.pem (success)<\/span>
\n** DRY RUN: simulating ‘certbot renew’ close to cert expiry<\/span>
\n** (The test certificates above have not been saved.)<\/span>
\n– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –<\/span><\/p>\n

vi \/var\/log\/messages\u3067httpd\u306e\u518d\u8d77\u52d5\u304c\u3067\u304d\u3066\u3044\u308b\u3053\u3068\u3082\u78ba\u8a8d\u3067\u304d\u307e\u3057\u305f\u3002
\nStarting The Apache HTTP Server…<\/p>\n

–dry-run<\/span>\u30aa\u30d7\u30b7\u30e7\u30f3\u3092\u5916\u3057\u3066\u672c\u756a\u306e\u5b9f\u884c\u3057\u305f\u53d7\u4fe1\u30e1\u30fc\u30eb\u306e\u7d50\u679c
\n\u203b\u8a3c\u660e\u66f8\u306e\u671f\u9650\u5207\u308c\u306b\u307e\u3060\u4f59\u88d5\u304c\u3042\u308b\u306e\u3067\u4e0b\u8a18\u306e\u30e1\u30c3\u30bb\u30fc\u30b8\u304c\u51fa\u305f
\n———- Forwarded message ———<\/span>
\nFrom: root <root@mydomain.com><\/span>
\nDate: 2018\u5e749\u67081\u65e5(\u571f) 8:43<\/span>
\nSubject: Let’s Encrypt update information<\/span>
\nTo: <myname@mydomain.com><\/span>
\nSaving debug log to \/var\/log\/letsencrypt\/letsencrypt.log<\/span>
\n– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –<\/span>
\nProcessing \/etc\/letsencrypt\/renewal\/hobby.mydns.jp.conf<\/span>
\n– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –<\/span>
\nCert not yet due for renewal<\/span>
\n– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –<\/span>
\nThe following certs are not due for renewal yet:<\/span>
\n\/etc\/letsencrypt\/live\/hobby.mydns.jp\/fullchain.pem expires on 2018-11-23 (skipped)<\/span>
\nNo renewals were attempted.<\/span>
\n– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –<\/span><\/p>\n

****************************************************************
\n\u5099\u8003
\n****************************************************************
\n\u25a0Let\u2019s Encrypt\u3067\u8a3c\u660e\u66f8\u306e\u524a\u9664
\n\/etc\/letsencrypt\/live\/\u306e[\u30c9\u30e1\u30a4\u30f3\u540d]\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u304c\u4e38\u3054\u3068\u524a\u9664\u3055\u308c\u308b\u3002
\n%>certbot revoke –cert-path \/etc\/letsencrypt\/live\/[\u30c9\u30e1\u30a4\u30f3\u540d]\/cert.pem<\/p>\n

——————————————————————————-
\nWould you like to delete the cert(s) you just revoked?
\n——————————————————————————-
\n(Y)es (recommended)\/(N)o: y\u3092\u9078\u629e\u3057\u3066Enter<\/p>\n","protected":false},"excerpt":{"rendered":"

CentOS7\u306eWeb\u30b5\u30fc\u30d0\u30fc\u3092SSL\u5bfe\u5fdc\u3055\u305b\u307e\u3057\u305f\u3002 \u3010\u30c8\u30e9\u30d6\u30eb\u3011\u53d6\u5f97\u3057\u305fSSL\u8a3c\u660e\u66f8\u304c\u6709\u52b9\u306b\u306a\u3089\u305ahttps:\/\/\u30a2\u30af\u30bb\u30b9\u3067\u8b66\u544a\u30e1\u30c3\u30bb\u30fc\u30b8\u304c\u51fa\u308b\u3002 Let\u2019s Encrypt\u3067\u7121\u6599\u306eSSL\u8a3c\u660e\u66f8\u3092\u53d6\u5f97\u3057\u305f\u306e\u306f\u3044\u3044\u304c\u3001 […]<\/p>\n","protected":false},"author":2,"featured_media":2090,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[14],"tags":[],"class_list":["post-2081","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-unix"],"_links":{"self":[{"href":"https:\/\/hobby.mydns.jp\/teruki.wp\/wp-json\/wp\/v2\/posts\/2081","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hobby.mydns.jp\/teruki.wp\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hobby.mydns.jp\/teruki.wp\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hobby.mydns.jp\/teruki.wp\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/hobby.mydns.jp\/teruki.wp\/wp-json\/wp\/v2\/comments?post=2081"}],"version-history":[{"count":16,"href":"https:\/\/hobby.mydns.jp\/teruki.wp\/wp-json\/wp\/v2\/posts\/2081\/revisions"}],"predecessor-version":[{"id":5438,"href":"https:\/\/hobby.mydns.jp\/teruki.wp\/wp-json\/wp\/v2\/posts\/2081\/revisions\/5438"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/hobby.mydns.jp\/teruki.wp\/wp-json\/wp\/v2\/media\/2090"}],"wp:attachment":[{"href":"https:\/\/hobby.mydns.jp\/teruki.wp\/wp-json\/wp\/v2\/media?parent=2081"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hobby.mydns.jp\/teruki.wp\/wp-json\/wp\/v2\/categories?post=2081"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hobby.mydns.jp\/teruki.wp\/wp-json\/wp\/v2\/tags?post=2081"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}