You are here
Home > IT > lightsailでwordpressにLet’sencryptの証明書を設定する

lightsailでwordpressにLet’sencryptの証明書を設定する

下記のオフィシャルにとても丁寧に書いてある。

Generate And Install A Let’s Encrypt SSL Certificate For A Bitnami Application

https://docs.bitnami.com/aws/how-to/generate-install-lets-encrypt-ssl/

Amazon Lightsail でホストされている Bitnami スタックに SSL 証明書をインストールする方法を教えてください。

https://aws.amazon.com/jp/premiumsupport/knowledge-center/linux-lightsail-ssl-bitnami/

ようするにコマンド利用して設定してくださいってこと。

sudo /opt/bitnami/bncert-tool

ドメイン聞かれるので記述する。複数ある場合は空白。wwwサブドメインを利用するかも聞かれるのでyes

----------------------------------------------------------------------------
Welcome to the Bitnami HTTPS Configuration tool.

----------------------------------------------------------------------------
Domains

Please provide a valid space-separated list of domains for which you wish to
configure your web server.

Domain list []: test.co.jp test.com

The following domains were not included: www.test.co.jp www.test.com. Do you want to add them? [Y/n]: Y

リダイレクトしますか?

HTTP -> HTTPS: Y, test.com -> www.test.com: Y, www.test.com -> test.com : n


----------------------------------------------------------------------------
Enable/disable redirections

Please select the redirections you wish to enable or disable on your Bitnami
installation.

Enable HTTP to HTTPS redirection [Y/n]: Y

Enable non-www to www redirection [Y/n]: Y

Enable www to non-www redirection [y/N]: n

---------------------------------------------------------------------------
Changes to perform

この設定で設定しちゃって良いですか? yes

The following changes will be performed to your Bitnami installation:

1. Stop web server
2. Configure web server to use a free Let's Encrypt certificate for the domains:
test.co.jp test.com www.test.co.jp www.test.com
3. Configure a cron job to automatically renew the certificate each month
4. Configure web server name to: www.test.co.jp
5. Enable HTTP to HTTPS redirection (example: redirect http://test.co.jp to
https://test.co.jp)
6. Enable non-www to www redirection (example: redirect test.co.jp to
www.test.co.jp)
7. Start web server once all changes have been performed

Do you agree to these changes? [Y/n]: Y

証明書作成しますか? yes

----------------------------------------------------------------------------
Create a free HTTPS certificate with Let's Encrypt

Please provide a valid e-mail address for which to associate your Let's Encrypt
certificate.

Domain list: test.co.jp test.com www.test.co.jp www.test.com

Server name: www.test.co.jp

E-mail address []: test@gmail.com

The Let's Encrypt Subscriber Agreement can be found at:

https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf

Do you agree to the Let's Encrypt Subscriber Agreement? [Y/n]: Y

まあ色々と出力される。


----------------------------------------------------------------------------
Performing changes to your installation

The Bitnami HTTPS Configuration Tool will perform any necessary actions to your
Bitnami installation. This may take some time, please be patient.

----------------------------------------------------------------------------
Success

The Bitnami HTTPS Configuration Tool succeeded in modifying your installation.

The configuration report is shown below.

Backup files:
* /opt/bitnami/apache2/conf/httpd.conf.back.202102010803
* /opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf.back.202102010803
* /opt/bitnami/apache2/conf/bitnami/bitnami.conf.back.202102010803

Find more details in the log file:

/tmp/bncert-202102010803.log

If you find any issues, please check Bitnami Support forums at:
#
# This is the main Apache HTTP server configuration file.  It contains the
# configuration directives that give the server its instructions.
# See <URL:http://httpd.apache.org/docs/2.4/> for detailed information.
# In particular, see
# <URL:http://httpd.apache.org/docs/2.4/mod/directives.html>
# for a discussion of each configuration directive.
#
# Do NOT simply read the instructions in here without understanding
# what they do.  They're here only as hints or reminders.  If you are unsure
# consult the online docs. You have been warned.
#
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path.  If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so "logs/access_log"
# with ServerRoot set to "/usr/local/apache2" will be interpreted by the
# server as "/usr/local/apache2/logs/access_log", whereas "/logs/access_log"
# will be interpreted as '/logs/access_log'.

#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
"httpd.conf" 566L, 20188C                                                                                     1,1           Top

https://community.bitnami.com

Press [Enter] to continue:ENTER

で、これはオフィシャルにも書いてあるが、複数ドメインのサイトの場合、crontabに自動登録されるスクリプトは使わずに自作したsh利用してくださいとのこと。で、作ったのがこれ。とりあえず90日有効期限。domainsの記述順は最初に設定したドメインを先頭に持ってくること。

cat /opt/bitnami/letsencrypt/scripts/renew-certificate.sh

#!/bin/bash

sudo /opt/bitnami/ctlscript.sh stop apache
sudo /opt/bitnami/letsencrypt/lego --tls --email="test@gmail.com" --domains="test.co.jp" --domains="test.com" --domains="www.test.com" --domains="www.test.co.jp"  --path="/opt/bitnami/letsencrypt" renew --days 90
sudo /opt/bitnami/ctlscript.sh start apache

crontab -e でcrontab書き換える。有効期限が30日切らないと証明書更新できないので毎月cron実行させる意味はないが、とりあえず毎月実行にしておく。

crontab -e

0 0 * * *  /opt/bitnami/letsencrypt/scripts/renew-certificate.sh
#0 0 * * * sudo /opt/bitnami/letsencrypt/lego --path /opt/bitnami/letsencrypt --email="test@gmail.com" --http --http-timeout 90 --http.webroot /opt/bitnami/apps/letsencrypt --domains=test.co.jp renew && sudo /opt/bitnami/apache2/bin/httpd -f /opt/bitnami/apache2/conf/httpd.conf -k graceful # bncert-autorenew

で、実際にサイトにhttpsでアクセスすると証明書に4ドメインが含まれていることが確認できる。

コメントを残す

Top