SSL化の手順 (yum使用)
https://knowledge.sakura.ad.jp/10534/
mod_sslインストールの手順 (yum使用)
https://knowledge.sakura.ad.jp/9701/
ApacheがSSLを使えるようにするために、mod_sslをインストール
# yum install mod_ssl
変更の反映
# systemctl restart httpd
モジュール存在の確認
# httpd -M | grep ssl ssl_module (shared)
ファイアウォールのポートが空いているか?
# firewall-cmd --list-all
Let’s Encryptのインストール
# yum install certbot python2-certbot-apache
certbotコマンドを実行して証明書をインストール
# certbot --apache -d [SSL化する対象のドメイン]
想定外だが、Control+C
certbot --apache -dコマンド時にエラー発生
エラー内容
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator apache, Installer apache Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org Obtaining a new certificate Performing the following challenges: http-01 challenge for [ドメイン].com Cleaning up challenges Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.
解決の参考になったURL https://hacknote.jp/archives/48748/
追記
NameVirtualHost *:80 <VirtualHost *:80> ServerAdmin root@localhost DocumentRoot /var/www/html/[プロジェクト名]/public ServerName [取得したドメイン名] </VirtualHost>
成功
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator apache, Installer apache Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org Obtaining a new certificate Performing the following challenges: http-01 challenge for [ドメイン名] Waiting for verification... Cleaning up challenges Created an SSL vhost at /etc/httpd/conf/httpd-le-ssl.conf Deploying Certificate to VirtualHost /etc/httpd/conf/httpd-le-ssl.conf Enabling site /etc/httpd/conf/httpd-le-ssl.conf by adding Include to root configuration Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2 Redirecting vhost in /etc/httpd/conf/httpd.conf to ssl vhost in /etc/httpd/conf/httpd-le-ssl.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations! You have successfully enabled https://[ドメイン名] You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=[ドメイン名] - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/[取得したドメイン名]/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/[取得したドメイン名]/privkey.pem Your cert will expire on 2020-04-15. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le # systemctl restart httpd