{"id":10225,"date":"2017-05-12T23:14:27","date_gmt":"2017-05-12T14:14:27","guid":{"rendered":"http:\/\/www.e-nekorakuen.net\/?p=10225"},"modified":"2017-06-02T08:52:08","modified_gmt":"2017-06-01T23:52:08","slug":"lets-encrypt%e3%81%a7%e8%a8%bc%e6%98%8e%e6%9b%b8%e3%82%92%e7%99%ba%e8%a1%8c%e3%80%81https%e3%82%a2%e3%82%af%e3%82%bb%e3%82%b9%e3%82%92%e6%9c%89%e5%8a%b9%e3%81%ab%e3%81%99%e3%82%8b-ubuntu-16-04-ap","status":"publish","type":"post","link":"https:\/\/www.e-nekorakuen.net\/?p=10225","title":{"rendered":"Let&#8217;s Encrypt\u3067\u8a3c\u660e\u66f8\u3092\u767a\u884c\u3001https\u30a2\u30af\u30bb\u30b9\u3092\u53ef\u80fd\u306b\u3059\u308b (Ubuntu 16.04 + Apache2)"},"content":{"rendered":"<p>Let\u2019s Encrypt\uff08\u30ec\u30c3\u30c4\u30fb\u30a8\u30f3\u30af\u30ea\u30d7\u30c8\uff09\u3068\u306f SSL\/TLS \u306e\u6697\u53f7\u5316\u901a\u4fe1\u306b\u7528\u3044\u308b\u8a3c\u660e\u66f8\u306e\u8a8d\u8a3c\u5c40\uff08CA; Certificate Authority\uff09\u306e\uff11\u3064\u3067\u3059\u3002\u4e16\u754c\u4e2d\u306b\u306f\u69d8\u3005\u306a\u8a8d\u8a3c\u5c40\u304c\u3042\u308a\u307e\u3059\u304c\u3001Let\u2019s Encrypt \u306b\u306f\u6b21\u306e\u7279\u9577\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<ul>\n<li>\u81ea\u7531\u306b\u4f7f\u3048\u308b<\/li>\n<li>\u8a3c\u660e\u66f8\u306e\u7f72\u540d\u306f\u81ea\u52d5\u7684<\/li>\n<li>\u30aa\u30fc\u30d7\u30f3<\/li>\n<\/ul>\n<p>Let\u2019s Encrypt\u306e\u904b\u55b6\u6bcd\u4f53\u306f\u96fb\u5b50\u30d5\u30ed\u30f3\u30c6\u30a3\u30a2\u8ca1\u56e3\uff08EFF; Electronic Frontier Foundation\uff09\u3067\u3042\u308a\u30011990\u5e74\u306b\u8a2d\u7acb\u3055\u308c\u3066\u3044\u307e\u3059\u30022009 \u5e74\u306b\u5236\u5b9a\u3055\u308c\u305f\u9577\u671f\u7684\u306a\u30df\u30c3\u30b7\u30e7\u30f3\u304c\u300c\u30a6\u30a7\u30d6\u306e\u6697\u53f7\u5316\uff08Encrypting the web\uff09\u300d\u3067\u3057\u305f\u3002\u5b89\u5168\u3067\u306f\u306a\u3044\u5e73\u6587\u306e HTTP \u901a\u4fe1\u3092\u3001\u3059\u3079\u3066\u6697\u53f7\u5316\u3057\u305f HTTPS \u306b\u7f6e\u304d\u63db\u3048\u3088\u3046\u3068\u3044\u3046\u91ce\u5fc3\u7684\u306a\u76ee\u6a19\u304c\u63b2\u3052\u3089\u308c\u307e\u3057\u305f\u3002<\/p>\n<p><a href=\"https:\/\/letsencrypt.jp\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/letsencrypt.jp<\/a><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-medium wp-image-10222\" src=\"http:\/\/www.e-nekorakuen.net\/wp-content\/uploads\/2017\/05\/55284cb04114d14ac54e52b3cbf73d46-300x193.jpg\" alt=\"\" width=\"300\" height=\"193\" srcset=\"https:\/\/www.e-nekorakuen.net\/wp-content\/uploads\/2017\/05\/55284cb04114d14ac54e52b3cbf73d46-300x193.jpg 300w, https:\/\/www.e-nekorakuen.net\/wp-content\/uploads\/2017\/05\/55284cb04114d14ac54e52b3cbf73d46.jpg 420w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/p>\n<ul>\n<li>https\u3067\u901a\u4fe1\u3092\u884c\u3046\u305f\u3081\u3001\u30eb\u30fc\u30bf\u30fc\u306bport 443\u306e\u30dd\u30fc\u30c8\u30d5\u30a9\u30ef\u30fc\u30c9\u306e\u8a2d\u5b9a\u3092\u3057\u3066\u304a\u304d\u307e\u3059\u3002<br \/>\nWAN 443 \u2192 LAN 443 \u30b5\u30fc\u30d0\u30fcIP<\/li>\n<li>iptables\u3082port 443\u304c\u901a\u308b\u3088\u3046\u306b\u3057\u3066\u304a\u304d\u307e\u3059\u3002\n<ul>\n<li>\/sbin\/iptables -I INPUT 5 -p tcp -m tcp &#8211;dport 80 -j ACCEPT<\/li>\n<li>\/sbin\/iptables -I INPUT 6 -p tcp -m tcp &#8211;dport 443 -j ACCEPT \u2190\u8ffd\u52a0\u3057\u3066\u3001\u8a2d\u5b9a\u3092\u4fdd\u5b58\u3057\u307e\u3059\u3002<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ol>\n<li>git\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3068letsencrypt\u306eclone<br \/>\n\u73fe\u6642\u70b9\u3067ubuntu\u7528\u306e\u30d1\u30c3\u30b1\u30fc\u30b8\u306f\u7121\u3044\u306e\u3067\u3001git\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u3066GitHub\u304b\u3089clone\u3057\u307e\u3059\u3002<br \/>\napt-get install -y git<br \/>\nGitHub \u304b\u3089 clone \u3057\u307e\u3059\u3002<br \/>\ncd \/opt<br \/>\ngit clone https:\/\/github.com\/letsencrypt\/letsencrypt<\/li>\n<li>\u30d8\u30eb\u30d7\u3092\u8868\u793a\u3057\u3066\u307f\u307e\u3059\u3002<br \/>\ncd letsencrypt\/<br \/>\n.\/letsencrypt-auto &#8211;help<br \/>\n\u4ee5\u4e0b\u306e\u3088\u3046\u306b\u30d8\u30eb\u30d7\u304c\u8868\u793a\u3055\u308c\u308c\u3070 OK \u3067\u3059\u3002<br \/>\n# .\/letsencrypt-auto &#8211;help<br \/>\n\uff08\u7701\u7565\uff09<br \/>\nletsencrypt-auto [SUBCOMMAND] [options] [-d domain] [-d domain] &#8230;Certbot can obtain and install HTTPS\/TLS\/SSL certificates. By default,<br \/>\nit will attempt to use a webserver both for obtaining and installing the<br \/>\ncert. Major SUBCOMMANDS are:<br \/>\n\uff08\u7701\u7565\uff09<\/li>\n<li>\u8a3c\u660e\u66f8\u3092\u767a\u884c\u3057\u307e\u3059\u3002<br \/>\nWeb\u30b5\u30fc\u30d0\u304c\u8d77\u52d5\u3057\u3066\u3044\u308b\u3068\u4ee5\u4e0b\u306e\u3088\u3046\u306b\u5931\u6557\u3057\u3066\u3057\u307e\u3044\u307e\u3059\u3002<br \/>\nThe program apache2 (process ID 19478) is already listening on TCP port 80.<br \/>\nThis will prevent us from binding to that port. Please stop the apache2 program<br \/>\ntemporarily and then try again.<br \/>\nApache\u3092\u505c\u6b62\u3057\u307e\u3059\u3002\u2190port 80\u3092\u89e3\u653e\u3057\u307e\u3059\u3002<br \/>\nsystemctl stop apache2<br \/>\n\u8a3c\u660e\u66f8\u3092\u767a\u884c\u3057\u307e\u3059\u3002\u8a3c\u660e\u3059\u308b\u30c9\u30e1\u30a4\u30f3\u306f\u300cwww.example.com\u300d\u3068\u3057\u307e\u3059\u3002<br \/>\n.\/letsencrypt-auto certonly -a standalone -d www.example.com<br \/>\n\u30c9\u30e1\u30a4\u30f3\u3084\u9023\u7d61\u7528\u306e\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u306a\u3069\u3092\u767b\u9332\u3001\u8a3c\u660e\u66f8\u304c\u767a\u884c\u3055\u308c\u308b\u3068\u4ee5\u4e0b\u306e\u30e1\u30c3\u30bb\u30fc\u30b8\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002<br \/>\n\uff08\u7701\u7565\uff09<br \/>\nIMPORTANT NOTES:<br \/>\n&#8211; Congratulations! Your certificate and chain have been saved at \u2190\u304a\u3081\u3067\u3068\u3046\u30e1\u30c3\u30bb\u30fc\u30b8<br \/>\n\/etc\/letsencrypt\/live\/www.example.com\/fullchain.pem. Your cert<br \/>\nwill expire on 2017-08-09. To obtain a new or tweaked version of<br \/>\nthis certificate in the future, simply run letsencrypt-auto again.<br \/>\nTo non-interactively renew *all* of your certificates, run<br \/>\n&#8220;letsencrypt-auto renew&#8221;<br \/>\n&#8211; If you like Certbot, please consider supporting our work by:Donating to ISRG \/ Let&#8217;s Encrypt: https:\/\/letsencrypt.org\/donate<br \/>\nDonating to EFF: https:\/\/eff.org\/donate-le<br \/>\n\u3053\u306e\u3088\u3046\u306b\u8868\u793a\u3055\u308c\u308c\u3070OK\u3067\u3059\u3002<br \/>\n\u767a\u884c\u3055\u308c\u305f\u8a3c\u660e\u66f8\u306f \/etc\/letsencrypt\/live\/www.example.com\/ \u4ee5\u4e0b\u306b\u4fdd\u5b58\u3055\u308c\u3066\u3044\u307e\u3059\u3002<br \/>\nls \/etc\/letsencrypt\/live\/www.example.com\/<br \/>\ncert.pem chain.pem fullchain.pem privkey.pem \u21903\u3064\u3042\u308a\u307e\u3059\u3002<\/li>\n<li>Apache \u304c\u8a3c\u660e\u66f8\u3092\u53c2\u7167\u51fa\u6765\u308b\u3088\u3046\u306b \/etc\/apache2\/sites-available\/default-ssl.conf \uff08port 443\u7528\u306evhost\uff09\u3092\u4ee5\u4e0b\u306e\u3088\u3046\u306b\u4fee\u6b63\u3057\u307e\u3059\u3002<br \/>\n<img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-medium wp-image-10228\" src=\"http:\/\/www.e-nekorakuen.net\/wp-content\/uploads\/2017\/05\/apache_logo-300x111.gif\" alt=\"\" width=\"300\" height=\"111\" \/><br \/>\nDocumentRoot = \/home\/www\/example.com \u2190\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u30eb\u30fc\u30c8#SSLCertificateFile \/etc\/ssl\/certs\/ssl-cert-snakeoil.pem<br \/>\n#SSLCertificateKeyFile \/etc\/ssl\/private\/ssl-cert-snakeoil.key<br \/>\nSSLCertificateFile \/etc\/letsencrypt\/live\/www.example.com\/cert.pem<br \/>\nSSLCertificateKeyFile \/etc\/letsencrypt\/live\/www.example.com\/privkey.pem<br \/>\nSSLCertificateChainFile \/etc\/letsencrypt\/live\/www.example.com\/chain.pem&lt;Directory \/home\/www\/example.com&gt;<br \/>\nOptions Indexes FollowSymLinks<br \/>\nAllowOverride All<br \/>\nRequire all granted \u2190grant\u8a2d\u5b9a!!<br \/>\n&lt;\/Directory&gt;<\/li>\n<li>Apache\u306bSSL\u306e\u8a2d\u5b9a\u3092\u3057\u307e\u3059\u3002<br \/>\nSSL \u3092\u5229\u7528\u3057\u305f\u30b5\u30a4\u30c8\u3092\u6709\u52b9\u5316\u3057\u3066\u304a\u304d\u307e\u3059\u3002<br \/>\na2ensite default-ssl<br \/>\nSSL\/TLS \u3092\u5229\u7528\u3059\u308b\u306e\u3067\u30e2\u30b8\u30e5\u30fc\u30eb\u3092\u30ed\u30fc\u30c9\u3057\u3066\u304a\u304d\u307e\u3059\u3002<br \/>\na2enmod ssl<br \/>\nApache\u3092\u8d77\u52d5\u3057\u307e\u3059\u3002<br \/>\nsystemctl start apache2<\/li>\n<li>https\uff08port 443\uff09\u3067\u30b5\u30a4\u30c8\u30a2\u30af\u30bb\u30b9\u304c\u51fa\u6765\u308b\u304b\u78ba\u8a8d\u3057\u307e\u3059\u3002<br \/>\nhttps:\/\/www.example.com \u3067\u3001\u9375\u30de\u30fc\u30af\u4ed8\u304d\u3067\u30b5\u30a4\u30c8\u304c\u8868\u793a\u3055\u308c\u305f\u3089\u3001OK\u3067\u3059\u3002<br \/>\n\u203bhttps\u306b\u5bfe\u5fdc\u3057\u3066\u3044\u306a\u3044\u30d6\u30ed\u30b0\u30d1\u30fc\u30c4\u306a\u3069\u306f\u975e\u8868\u793a\u306b\u306a\u308a\u307e\u3059\u3002<\/li>\n<li>\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u306e\u78ba\u8a8d\u901a\u77e5<br \/>\n\u7fcc\u65e5\u304f\u3089\u3044\u306b\u3001\u4ee5\u4e0b\u306e\u5185\u5bb9\u3067\u767b\u9332\u3057\u305f\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u5b9b\u306b\u78ba\u8a8d\u901a\u77e5\u304c\u6765\u307e\u3059\u306e\u3067\u3001\u30ea\u30f3\u30af\u3092\u30af\u30ea\u30c3\u30af\u3057\u3066\u78ba\u8a8d\u5b8c\u4e86\u3067\u3059\u3002<br \/>\nHi there,<br \/>\nIt looks like you signed up for the Electronic Frontier Foundation mailing list while using our Certbot tool. Before you start getting email from us, we need you to confirm your email address.<br \/>\nClick this link to confirm your email:<br \/>\nhttps:\/\/supporters.eff.org\/subscription-confirmation\/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \u2190\u30ea\u30f3\u30af\u3092\u30af\u30ea\u30c3\u30af\u3057\u307e\u3059\u3002<br \/>\nIf you don&#8217;t confirm your email, you won&#8217;t be subscribed to our email list. It&#8217;s that simple.<br \/>\nThe Electronic Frontier Foundation is a nonprofit based in San Francisco that focuses on how new technologies affect our civil liberties. In our mailings, you&#8217;ll learn about free speech, privacy, innovation, and the law. Read more about our work at https:\/\/eff.org.<br \/>\nYou can also learn about our work by following us on social media:<br \/>\nTwitter: https:\/\/twitter.com\/eff<br \/>\nFacebook: https:\/\/www.facebook.com\/eff<br \/>\nGoogle+: https:\/\/plus.google.com\/+eff<br \/>\nThanks for your interest in digital rights,<br \/>\nRainey Reitman<br \/>\nEFF Activism Director<br \/>\nSupport EFF projects like Certbot!<\/li>\n<li>.htaccess\u306bhttp\u2192https\u306e\u8ee2\u9001\u8a2d\u5b9a\u3092\u8ffd\u52a0<br \/>\nRewriteEngine on<br \/>\nRewriteCond %{HTTPS} off<br \/>\nRewriteRule ^(.*)$ https:\/\/%{HTTP_HOST}%{REQUEST_URI} [R,L]<\/li>\n<li>\u8a3c\u660e\u66f8\u306e\u81ea\u52d5\u66f4\u65b0\u8a2d\u5b9a<br \/>\nLet\u2019s Encrypt\u306e\u8a3c\u660e\u66f8\u306e\u6709\u52b9\u671f\u9593\u306f3\u30f6\u6708\u3068\u77ed\u3044\u305f\u3081\u3001\u66f4\u65b0\u3092\u5fd8\u308c\u306a\u3044\u3088\u3046crontab\u306b\u66f4\u65b0\u30b8\u30e7\u30d6\u3092\u767b\u9332\u3057\u307e\u3059\u3002<br \/>\ncrontab -e<br \/>\n30 3 15 *\/2 * \/opt\/letsencrypt\/letsencrypt-auto certonly &#8211;text &#8211;renew-by-default &#8211;webroot -w \/home\/www\/example.com -d www.example.com &gt; \/var\/log\/letsencrypt\/renew-cert.log 2&gt;1 &amp;&amp; service apache2 restart<br \/>\n\u203b\u5947\u6570\u6708\u306e15\u65e53\u664230\u5206\u306b\u66f4\u65b0\u51e6\u7406\u304c\u884c\u308f\u308c\u307e\u3059\u3002<\/li>\n<\/ol>\n<p style=\"padding-left: 30px;\">\u4ee5\u4e0a\u3067\u3059\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Let\u2019s Encrypt\uff08\u30ec\u30c3\u30c4\u30fb\u30a8\u30f3\u30af\u30ea\u30d7\u30c8\uff09\u3068\u306f SSL\/TL&#46;&#46;&#46;<\/p>\n","protected":false},"author":1,"featured_media":10222,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"sns_share_botton_hide":"","vkExUnit_sns_title":"","_vk_print_noindex":"","_veu_custom_css":"","veu_display_promotion_alert":"","footnotes":""},"categories":[31],"tags":[],"class_list":["post-10225","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux"],"veu_head_title_object":{"title":"","add_site_title":""},"_links":{"self":[{"href":"https:\/\/www.e-nekorakuen.net\/index.php?rest_route=\/wp\/v2\/posts\/10225","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.e-nekorakuen.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.e-nekorakuen.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.e-nekorakuen.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.e-nekorakuen.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=10225"}],"version-history":[{"count":0,"href":"https:\/\/www.e-nekorakuen.net\/index.php?rest_route=\/wp\/v2\/posts\/10225\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.e-nekorakuen.net\/index.php?rest_route=\/wp\/v2\/media\/10222"}],"wp:attachment":[{"href":"https:\/\/www.e-nekorakuen.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=10225"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.e-nekorakuen.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=10225"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.e-nekorakuen.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=10225"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}