{"id":29149,"date":"2017-09-08T18:37:42","date_gmt":"2017-09-08T09:37:42","guid":{"rendered":"http:\/\/ur.edu-connect.net\/?p=29149"},"modified":"2024-02-03T23:03:41","modified_gmt":"2024-02-03T14:03:41","slug":"lets-encrypt%e3%82%92%e5%b0%8e%e5%85%a5%ef%bc%88ubuntu16-04lts-apache2-4-18-wordpress%ef%bc%89","status":"publish","type":"post","link":"https:\/\/ur.edu-connect.net\/archives\/29149","title":{"rendered":"Let’s Encrypt\u3092\u5c0e\u5165\uff08Ubuntu16.04LTS + Apache2.4.18 + WordPress\uff09"},"content":{"rendered":"\n

Certbot\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u304b\u3089\u8a3c\u660e\u66f8\u306e\u53d6\u5f97\u3001\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/h1>\n\n\n\n

Ubuntu 16.04 LTS\u5411\u3051\u306e\u516c\u5f0f\u63a8\u5968\u624b\u9806 https:\/\/certbot.eff.org\/#ubuntuxenial-apache<\/a> \u306b\u5f93\u3063\u3066\u5b9f\u65bd\u3002\u307e\u305a\u306f apt-get\u3067Certbot \u30d1\u30c3\u30b1\u30fc\u30b8\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u307e\u3059\u3002<\/p>\n\n\n\n

$ sudo apt-get update\n$ sudo apt-get install software-properties-common\n$ sudo add-apt-repository ppa:certbot\/certbot\n$ sudo apt-get update\n$ sudo apt-get install python-certbot-apache\n<\/code><\/pre>\n\n\n\n
\u5ff5\u306e\u305f\u3081\u8ffd\u52a0\u3067 $ sudo apt-get upgrade \u3082\u5b9f\u65bd\u3002\u8a3c\u660e\u66f8\u306e\u53d6\u5f97\u306f\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u304b\u3089\u3001\u5bfe\u8a71\u578b\u3067\u8a2d\u5b9a\u3067\u304d\u307e\u3059\u3002<\/p>\n\n\n\n
$ sudo certbot --apache\n<\/code><\/pre>\n\n\n\n
\u4ee5\u4e0b\u3001\u8d64\u5b57\u90e8\u5206\u304c\u5165\u529b\u304c\u5fc5\u8981\u306a\u7b87\u6240\u3002<\/p>\n\n\n\n
Saving debug log to \/var\/log\/letsencrypt\/letsencrypt.log\nEnter email address (used for urgent renewal and security notices) (Enter 'c' to\ncancel): \uff08\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u3092\u5165\u529b\uff09\n<\/span>\n-------------------------------------------------------------------------------\nPlease read the Terms of Service at\nhttps:\/\/letsencrypt.org\/documents\/LE-SA-v1.1.1-August-1-2016.pdf. You must agree\nin order to register with the ACME server at\nhttps://acme-v01.api.letsencrypt.org\/directory\n-------------------------------------------------------------------------------\n(A)gree\/(C)ancel: \uff08A\u3067\u5229\u7528\u6761\u4ef6\u306b\u540c\u610f\uff09<\/span>\n\n-------------------------------------------------------------------------------\nWould you be willing to share your email address with the Electronic Frontier\nFoundation, a founding partner of the Let's Encrypt project and the non-profit\norganization that develops Certbot? We'd like to send you email about EFF and\nour work to encrypt the web, protect its users and defend digital rights.\n-------------------------------------------------------------------------------\n(Y)es\/(N)o: \uff08EFF\u306b\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u3092\u77e5\u3089\u305b\u3066\u826f\u3044\u304b\uff09<\/span>\n\nWhich names would you like to activate HTTPS for?\n-------------------------------------------------------------------------------\n1: \uff08\u81ea\u5206\u306e\u30c9\u30e1\u30a4\u30f31\uff09\n2: \uff08\u81ea\u5206\u306e\u30c9\u30e1\u30a4\u30f32\uff09\n-------------------------------------------------------------------------------\nSelect the appropriate numbers separated by commas and\/or spaces, or leave input\nblank to select all options shown (Enter 'c' to cancel): \uff08HTTPS\u3092\u6709\u52b9\u306b\u3059\u308b\u30c9\u30e1\u30a4\u30f3\u3092\u30ab\u30f3\u30de\u304b\u30b9\u30da\u30fc\u30b9\u3067\u533a\u5207\u3063\u3066\u5217\u6319\uff09<\/span>\n\nObtaining a new certificate\nPerforming the following challenges:\ntls-sni-01 challenge for \uff08\u81ea\u5206\u306e\u30c9\u30e1\u30a4\u30f31\uff09\ntls-sni-01 challenge for \uff08\u81ea\u5206\u306e\u30c9\u30e1\u30a4\u30f32\uff09\nWaiting for verification...\nCleaning up challenges\nCreated an SSL vhost at \/etc\/apache2\/sites-available\/\uff08\u30c9\u30e1\u30a4\u30f31\u306eSSL\u30a2\u30af\u30bb\u30b9\u7528\u306eApache\u306econf\uff09\nDeploying Certificate for \uff08\u81ea\u5206\u306e\u30c9\u30e1\u30a4\u30f31) to VirtualHost \/etc\/apache2\/sites-available\/\uff08\u30c9\u30e1\u30a4\u30f31\u306eSSL\u30a2\u30af\u30bb\u30b9\u7528\u306eApache\u306econf\uff09\nEnabling available site: \/etc\/apache2\/sites-available\/\uff08\u30c9\u30e1\u30a4\u30f31\u306eSSL\u30a2\u30af\u30bb\u30b9\u7528\u306eApache\u306econf\uff09\n\n\uff08\u4ed6\u306b\u3082\u5bfe\u8c61\u30c9\u30e1\u30a4\u30f3\u304c\u3042\u308c\u3070\u7e70\u308a\u8fd4\u3057\uff09\n\nPlease choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.\n-------------------------------------------------------------------------------\n1: No redirect - Make no further changes to the webserver configuration.\n2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for\nnew sites, or if you're confident your site works on HTTPS. You can undo this\nchange by editing your web server's configuration.\n-------------------------------------------------------------------------------\nSelect the appropriate number [1-2] then [enter] (press 'c' to cancel): \uff08HTTP\u3068HTTPS\u3092\u5171\u5b58\u3055\u305b\u308b\u5834\u5408\u306f1\u3001HTTP\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3092HTTPS\u306b\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u3057\u3066HTTPS\u306e\u307f\u306e\u30a2\u30af\u30bb\u30b9\u306b\u9650\u5b9a\u3059\u308b\u5834\u5408\u306f2\u3002\u3053\u3053\u3067\u306f2\u3092\u9078\u629e\u3002\u305f\u3060\u3057\u3001Wordpress\u306a\u3069\u304cHTTPS\u3067\u52d5\u304f\u3053\u3068\u3092\u78ba\u304b\u3081\u3089\u308c\u3066\u3044\u306a\u3044\u3046\u3061\u306f1\u3092\u9078\u629e\u3059\u308b\u307b\u3046\u304c\u5b89\u5168\uff09<\/span>\n\nRedirecting vhost in \/etc\/apache2\/sites-available\/\uff08\u30c9\u30e1\u30a4\u30f31\u306eHTTP\u30a2\u30af\u30bb\u30b9\u7528\u306eApache\u306econf\uff09 to ssl vhost in \/etc\/apache2\/sites-available\/\uff08\u30c9\u30e1\u30a4\u30f31\u306eSSL\u30a2\u30af\u30bb\u30b9\u7528\u306eApache\u306econf\uff09\n\n-------------------------------------------------------------------------------\nCongratulations! You have successfully enabled https:\/\/\uff08\u30c9\u30e1\u30a4\u30f31\uff09 and\nhttps:\/\/\uff08\u30c9\u30e1\u30a4\u30f32\uff09\n\nYou should test your configuration at:\nhttps:\/\/www.ssllabs.com\/ssltest\/analyze.html?d=\uff08\u30c9\u30e1\u30a4\u30f31\uff09\nhttps:\/\/www.ssllabs.com\/ssltest\/analyze.html?d=\uff08\u30c9\u30e1\u30a4\u30f32\uff09\n-------------------------------------------------------------------------------\n<\/code><\/pre>\n\n\n\n
\u3068\u3044\u3046\u308f\u3051\u3067\u3001\u5e7e\u3064\u304b\u306e\u8cea\u554f\u306b\u7b54\u3048\u308b\u3060\u3051\u3067\u8a3c\u660e\u66f8\u306e\u53d6\u5f97\u3068\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u304c\u7d42\u4e86\u3057\u307e\u3059\u3002<\/p>\n\n\n\n
\u8a3c\u660e\u66f8\u306f90\u65e5\u3067\u671f\u9650\u5207\u308c\u306b\u306a\u308b\u305f\u3081\u3001cron\u3067\u81ea\u52d5\u66f4\u65b0\u3059\u308b\u3088\u3046\u8a2d\u5b9a\u3057\u305f\u3044\u3068\u3053\u308d\u3002\u307e\u305a\u306f\u81ea\u52d5\u66f4\u65b0\u306e\u30b7\u30df\u30e5\u30ec\u30fc\u30b7\u30e7\u30f3\u3092\u3057\u3066\u3001\u554f\u984c\u304c\u306a\u3044\u304b\u78ba\u304b\u3081\u307e\u3059\u3002<\/p>\n\n\n\n
$ sudo certbot renew --dry-run\n<\/code><\/pre>\n\n\n\n
\u554f\u984c\u304c\u306a\u3051\u308c\u3070\u3001\u4e0b\u8a18\u306e\u3088\u3046\u306a\u611f\u3058\u3067crontab\u306b\u767b\u9332\u3057\u307e\u3059\u3002<\/p>\n\n\n\n
30 5 1 * * sudo certbot renew && sudo service apache2 reload #letsencrypt\u306e\u8a3c\u660e\u66f8\u81ea\u52d5\u66f4\u65b0\n<\/code><\/pre>\n\n\n\n
\u6bce\u67081\u65e5\u306e5:30\u306b\u8a3c\u660e\u66f8\u3092\u81ea\u52d5\u66f4\u65b0\u3057\u3001apache\u3092\u30ea\u30ed\u30fc\u30c9\u3059\u308b\u8a2d\u5b9a\u3067\u3059\u3002<\/p>\n\n\n\n
WordPress\u3078\u306e\u5bfe\u5fdc<\/h1>\n\n\n\n
\u307e\u305a\u306f\u3001WordPress\u306e\u4e00\u822c\u8a2d\u5b9a\u306b\u3066\u3001WordPress\u30a2\u30c9\u30ec\u30b9\u3068\u30b5\u30a4\u30c8\u30a2\u30c9\u30ec\u30b9\u3092https\u304b\u3089\u59cb\u307e\u308b\u3088\u3046\u306b\u4fee\u6b63\u3057\u307e\u3059\u3002<\/p>\n\n\n\n
\u6b21\u306b\u3001HTTPS\u3067WordPress\u306e\u30b5\u30a4\u30c8\u306b\u30a2\u30af\u30bb\u30b9\u3057\u305f\u3068\u3053\u308d\u3001403\u30a8\u30e9\u30fc\u3067\u5f3e\u304b\u308c\u3066\u3057\u307e\u3044\u307e\u3057\u305f\u3002\u52dd\u624b\u306b\u4f5c\u3089\u308c\u305f\uff08\uff1f\uff09\u3068\u601d\u308f\u308c\u308b \/etc\/apache2\/sites-available\/default-ssl.conf \u304c\u6709\u52b9\u306b\u306a\u3063\u3066\u3044\u305f\u305f\u3081\u306b\u3001Wordpress\u306e\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u30eb\u30fc\u30c8\u306b\u30a2\u30af\u30bb\u30b9\u3067\u304d\u306a\u3044\u72b6\u614b\u306b\u306a\u3063\u3066\u3044\u305f\u3088\u3046\u3067\u3001\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3067default-ssl\u3092\u7121\u52b9\u5316\u3057\u307e\u3057\u305f\u3002<\/p>\n\n\n\n
$ sudo a2dissite default-ssl\n<\/code><\/pre>\n\n\n\n
\u6700\u5f8c\u306b\u3001\u30b5\u30a4\u30c8\u3092HTTPS\u3067\u78ba\u8a8d\u3057\u3001HTTP\u30b3\u30f3\u30c6\u30f3\u30c4\u304c\u6df7\u5728\u3057\u3066\u3044\u306a\u3044\u304b\u3092\u30c1\u30a7\u30c3\u30af\u3057\u307e\u3059\u3002Chrome\u306e\u691c\u8a3c\u30c4\u30fc\u30eb\u7b49\u3092\u5229\u7528\u3057\u3066\u78ba\u8a8d\u3057\u305f\u3068\u3053\u308d\u3001favicon\u306e\u30ea\u30f3\u30af\u306a\u3069\u304chttp\u30ea\u30f3\u30af\u306b\u306a\u3063\u3066\u3044\u305f\u306e\u3067\u3001https\u306b\u4fee\u6b63\u3057\u307e\u3057\u305f\u3002\u4ee5\u4e0a\u3067HTTPS\u5316\u304c\u5b8c\u4e86\u3057\u305f\u306e\u3067\u3001\u3082\u3046\u4e00\u5ea6\u4e0b\u8a18\u3092\u5b9f\u884c\u3057\u3001<\/p>\n\n\n\n
$ sudo certbot --apache\n<\/code><\/pre>\n\n\n\n
http\u30ea\u30af\u30a8\u30b9\u30c8\u3092https\u3078\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u3059\u308b\u8a2d\u5b9a\u306b\u5909\u66f4\u3057\u3066\u3001\u5b8c\u4e86\u3067\u3059\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"
Certbot\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u304b\u3089\u8a3c\u660e\u66f8\u306e\u53d6\u5f97\u3001\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb Ubuntu 16.04 LTS\u5411\u3051\u306e\u516c\u5f0f\u63a8\u5968\u624b\u9806 https:\/\/certbot.eff.org\/#ubuntuxenial-apache \u306b\u5f93\u3063\u3066\u5b9f\u65bd\u3002\u307e\u305a\u306f apt-get\u3067Certbot \u30d1\u30c3\u30b1\u30fc\u30b8\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u307e\u3059\u3002 \u5ff5\u306e\u305f\u3081\u8ffd\u52a0\u3067 $ sudo apt-get upgrade \u3082\u5b9f\u65bd\u3002\u8a3c\u660e\u66f8\u306e\u53d6\u5f97\u306f\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u304b\u3089\u3001\u5bfe\u8a71\u578b\u3067\u8a2d\u5b9a\u3067\u304d\u307e\u3059\u3002 \u4ee5\u4e0b\u3001\u8d64\u5b57\u90e8\u5206\u304c\u5165\u529b\u304c […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[168,27,42],"class_list":["post-29149","post","type-post","status-publish","format-standard","hentry","category-misc","tag-lets-encrypt","tag-ubuntu","tag-wordpress"],"_links":{"self":[{"href":"https:\/\/ur.edu-connect.net\/wp-json\/wp\/v2\/posts\/29149"}],"collection":[{"href":"https:\/\/ur.edu-connect.net\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ur.edu-connect.net\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ur.edu-connect.net\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ur.edu-connect.net\/wp-json\/wp\/v2\/comments?post=29149"}],"version-history":[{"count":9,"href":"https:\/\/ur.edu-connect.net\/wp-json\/wp\/v2\/posts\/29149\/revisions"}],"predecessor-version":[{"id":29679,"href":"https:\/\/ur.edu-connect.net\/wp-json\/wp\/v2\/posts\/29149\/revisions\/29679"}],"wp:attachment":[{"href":"https:\/\/ur.edu-connect.net\/wp-json\/wp\/v2\/media?parent=29149"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ur.edu-connect.net\/wp-json\/wp\/v2\/categories?post=29149"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ur.edu-connect.net\/wp-json\/wp\/v2\/tags?post=29149"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}