![\"\"](\"https:\/\/www.e-nekorakuen.net\/wp-content\/uploads\/2019\/02\/le-logo-standard-1.png\"){kind=logo}
\u3000![\"\"](\"https:\/\/www.e-nekorakuen.net\/wp-content\/uploads\/2019\/02\/apache.png\")
\n![\"\"](\"https:\/\/www.e-nekorakuen.net\/wp-content\/uploads\/2019\/02\/postfix-post-thumbnail.png\")
\u3000![\"\"](\"https:\/\/www.e-nekorakuen.net\/wp-content\/uploads\/2019\/02\/CkMPpkRr_400x400.png\")
<\/p>\n
1.Apache\u306evhost\u306b\u30e1\u30fc\u30eb\u30b5\u30fc\u30d0\u30fc\u306e\u30a8\u30a4\u30ea\u30a2\u30b9\u3092\u8ffd\u52a0\u3057\u307e\u3059\u3002(https\u306e\u8a3c\u660e\u66f8\u3068\u5171\u7528\u3059\u308b\u305f\u3081\uff09 # The ServerName directive sets the request scheme, hostname and port that ServerAdmin webmaster@localhost 2.Apache\u3092\u505c\u6b62\u3057\u307e\u3059\u3002 Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access. ——————————————————————————- You should test your configuration at: IMPORTANT NOTES: Donating to ISRG \/ Let’s Encrypt: https:\/\/letsencrypt.org\/donate 5.Apache\u3092\u8d77\u52d5\u3057\u307e\u3059\u3002 6.iptables\u306b\u30e1\u30fc\u30eb\u7528\u30dd\u30fc\u30c8\u306e\u8a2d\u5b9a\u3092\u3057\u307e\u3059\u3002\uff08\u8a2d\u5b9a\u7528\u30b7\u30a7\u30eb\u304c\u3042\u308b\u5834\u5408\u306f\u3001\u518d\u5b9f\u884c\u3059\u308b\u3002\uff09 # SMTP OK(SMTPS) # SSH Port xxxx OK(FTP NG) xxxx\u306f\u4efb\u610f<\/span><\/p>\n $IPTABLES -A INPUT -p tcp –dport xxxx -j ACCEP<\/p>\n # POP OK (POP3S) \u203b iptables-persistent\u304c\u8d77\u52d5\u6642\u306b\u8aad\u307f\u8fbc\u3081\u308b\u3088\u3046\u3001rules.ipv4\u3082\u4fee\u6b63\u3057\u307e\u3059\u3002
\n\/etc\/apache2\/sites-available\/www.sample.com.conf
\n<VirtualHost *:80><\/span>
\n# HTTP connection to redirect to HTTPS<\/span>
\nRewriteEngine On<\/span>
\nRewriteCond %{HTTPS} off<\/span>
\nRewriteRule ^(.*)$ https:\/\/%{HTTP_HOST}%{REQUEST_URI} [R=301,L]<\/span><\/p>\n
\n# the server uses to identify itself. This is used when creating
\n# redirection URLs. In the context of virtual hosts, the ServerName
\n# specifies what hostname must appear in the request’s Host: header to
\n# match this virtual host. For the default virtual host (this file) this
\n# value is not decisive as it is used as a last resort host regardless.
\n# However, you must set it for any further virtual host explicitly.
\n#ServerName www.sample.com<\/p>\n
\nServerName sample.com
\nServerAlias www.sample.com
\n# mail Alias added \u2193\u3053\u3053\u306b\u8ffd\u52a0<\/span>
\nServerAlias mail.sample.com<\/span>
\nDocumentRoot \/home\/www\/sample<\/p>\n
\nservice apache2 stop
\n3.\u65e2\u5b58\u306e\u30b5\u30fc\u30d0\u30fc\u8a3c\u660e\u66f8\u306b\u30e1\u30fc\u30eb\u30b5\u30fc\u30d0\u30fc\u7528\u30b5\u30d6\u30c9\u30e1\u30a4\u30f3\u3092\u8ffd\u52a0\u3057\u307e\u3059\u3002
\n\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3067\u30e1\u30fc\u30eb\u30b5\u30fc\u30d0\u30fc\u7528\u30b5\u30d6\u30c9\u30e1\u30a4\u30f3\u306e\u30b5\u30fc\u30d0\u30fc\u8a3c\u660e\u66f8\u3092\u8ffd\u52a0\u3057\u307e\u3059\u3002\uff08\u5148\u982d\u306b\u65e2\u5b58\u306e\u30b5\u30d6\u30c9\u30e1\u30a4\u30f3\u3001\u305d\u306e\u6b21\u306b\u4eca\u56de\u8ffd\u52a0\u3059\u308b\u30b5\u30d6\u30c9\u30e1\u30a4\u30f3\uff09
\ncertbot –authenticator standalone –installer apache –expand -d www.sample.com -d mail.sample.com<\/span>
\nThe requested apache plugin does not appear to be installed
\n\u2192python3\u306ePlug-in\u304c\u8db3\u308a\u306a\u3044\u3068\u8a00\u308f\u308c\u305f\u3089\u3001
\napt install python3-certbot-apache<\/span>
\n\u518d\u5ea6\u5b9f\u884c
\nWhat would you like to do?
\n——————————————————————————-
\n1: Attempt to reinstall this existing certificate
\n2: Renew & replace the cert (limit ~5 per 7 days)
\n——————————————————————————-
\nSelect the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 1<\/span>
\nKeeping the existing certificate
\nCreated an SSL vhost at \/etc\/apache2\/sites-available\/sample.com-le-ssl.conf
\nDeploying Certificate to VirtualHost \/etc\/apache2\/sites-available\/sample.com-le-ssl.conf
\nEnabling available site: \/etc\/apache2\/sites-available\/sample.com-le-ssl.conf
\nDeploying Certificate to VirtualHost \/etc\/apache2\/sites-available\/sample.com-le-ssl.conf<\/p>\n
\n——————————————————————————-
\n1: No redirect – Make no further changes to the webserver configuration.
\n2: Redirect – Make all requests redirect to secure HTTPS access. Choose this for
\nnew sites, or if you’re confident your site works on HTTPS. You can undo this
\nchange by editing your web server’s configuration.
\n——————————————————————————-
\nSelect the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 1 \u2190vhost\u5185\u3067\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u3057\u3066\u3044\u308b\u306e\u30671\u3092\u9078\u629e\u3057\u307e\u3059\u3002<\/span><\/p>\n
\nCongratulations! You have successfully enabled https:\/\/www.sample.com and<\/span>
\nhttps:\/\/mail.sample.com \u2190\u6210\u529f\uff01\u306e\u30e1\u30c3\u30bb\u30fc\u30b8<\/span><\/p>\n
\nhttps:\/\/www.ssllabs.com\/ssltest\/analyze.html?d=www.sample.com
\nhttps:\/\/www.ssllabs.com\/ssltest\/analyze.html?d=mail.sample.com<\/span> \u2190\u8ffd\u52a0\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/span>
\n——————————————————————————-<\/p>\n
\n– Congratulations! Your certificate and chain have been saved at:
\n\/etc\/letsencrypt\/live\/www.sample.com\/fullchain.pem
\nYour key file has been saved at:
\n\/etc\/letsencrypt\/live\/www.sample.com\/privkey.pem
\nYour cert will expire on 9999-99-99. To obtain a new or tweaked
\nversion of this certificate in the future, simply run certbot again
\nwith the “certonly” option. To non-interactively renew *all* of
\nyour certificates, run “certbot renew”
\n– Some rewrite rules copied from
\n\/etc\/apache2\/sites-enabled\/sample.com.conf were disabled in
\nthe vhost for your HTTPS site located at
\n\/etc\/apache2\/sites-available\/sample.com-le-ssl.conf because
\nthey have the potential to create redirection loops.
\n– If you like Certbot, please consider supporting our work by:<\/p>\n
\nDonating to EFF: https:\/\/eff.org\/donate-le<\/p>\n
\nservice apache2 start<\/p>\n
\n# WEB OK(HTTPS)
\n$IPTABLES -A INPUT -p tcp –dport 80 -j ACCEPT
\n$IPTABLES -A INPUT -p tcp –dport 443 -j ACCEPT<\/span><\/p>\n
\n$IPTABLES -A INPUT -p tcp –dport 25 -j ACCEPT
\n$IPTABLES -A INPUT -p tcp –dport 465 -j ACCEPT
\n$IPTABLES -A INPUT -p tcp –dport 587 -j ACCEPT<\/span><\/p>\n
\n$IPTABLES -A INPUT -p tcp –dport 995 -j ACCEPT<\/span><\/p>\n
\n\u53c2\u8003\u30b5\u30a4\u30c8\uff1aUbuntu\u3067iptables\u306e\u8a2d\u5b9a\u3092iptables-persistent\u3067\u6c38\u7d9a\u5316\u3059\u308b<\/a>
\n\/etc\/iptables\/rules.ipv4
\n-A INPUT -p icmp -j ACCEPT
\n-A INPUT -p tcp -m tcp –dport 80 -j ACCEPT
\n-A INPUT -p tcp -m tcp –dport 443 -j ACCEPT
\n-A INPUT -p tcp -m tcp –dport 25 -j ACCEPT
\n-A INPUT -p tcp -m tcp –dport 465 -j ACCEPT<\/span>
\n-A INPUT -p tcp -m tcp –dport 587 -j ACCEPT
\n<\/span>-A INPUT -p tcp -m tcp –dport xxxx -j ACCEPT
\n-A INPUT -p tcp -m tcp –dport 995 -j ACCEPT<\/span><\/p>\n