{"id":168,"date":"2019-01-07T09:00:00","date_gmt":"2019-01-07T00:00:00","guid":{"rendered":"https:\/\/www.miracleave.co.jp\/contents\/?p=168"},"modified":"2023-05-23T13:26:52","modified_gmt":"2023-05-23T04:26:52","slug":"post-168","status":"publish","type":"post","link":"https:\/\/www.miracleave.co.jp\/contents\/168\/post-168\/","title":{"rendered":"Let&#8217;s encrypt \u3067 ssl \u901a\u4fe1\u3057\u3066\u307f\u305f\u8a71"},"content":{"rendered":"\n<div class=\"wp-block-cocoon-blocks-icon-box common-icon-box block-box information-box\">\n\n<p>\u8a18\u4e8b\u4f5c\u6210\u304b\u30891\u5e74\u4ee5\u4e0a\u7d4c\u904e\u3057\u3066\u3044\u307e\u3059\u3002<br>\u5185\u5bb9\u304c\u53e4\u3044\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n\n<\/div>\n\n\n\n<p><span class=\"fz-28px\">How to Let&#8217;s encrypt<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">TL;DR<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li><a href=\"https:\/\/letsencrypt.org\">Let&#8217;s encrypt<\/a>\u3092\u4f7f\u3063\u3066<\/li>\n\n\n\n<li>Puma\u3067\u52d5\u304fRails\u30a2\u30d7\u30ea\u3092<\/li>\n\n\n\n<li>ssl\u5bfe\u5fdc\u3057\u305f\u8a71<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\">\u624b\u9806<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Certbot \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e\u5c0e\u5165<\/li>\n\n\n\n<li>\u8a3c\u660e\u66f8\u306e\u767a\u884c<\/li>\n\n\n\n<li>\u30a2\u30d7\u30ea\u3078\u8a2d\u5b9a<\/li>\n\n\n\n<li>\u52d5\u4f5c\u78ba\u8a8d<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\">Certbot \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e\u5c0e\u5165<\/h2>\n\n\n\n<p>\u8a3c\u660e\u66f8\u3092\u767a\u884c\u3059\u308b\u305f\u3081\u306b\u4f7f\u3046 <code>Certbot<\/code> \u306e\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3059\u308b\u3002<\/p>\n\n\n\n<p>\u4eca\u56de\u4f7f\u7528\u3059\u308b\u30c9\u30e1\u30a4\u30f3\u306f\u3053\u3061\u3089<\/p>\n\n\n\n<p><code>myapp.sample.biz<\/code><\/p>\n\n\n\n<p>\u4eca\u56de\u4f7f\u7528\u3057\u305f\u74b0\u5883\u306f\u3053\u3061\u3089<\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-plain\"><code>CentOS Linux release 7.6.1810 (Core)\nNAME=&quot;CentOS Linux&quot;\nVERSION=&quot;7 (Core)&quot;\nID=&quot;centos&quot;\nID_LIKE=&quot;rhel fedora&quot;\nVERSION_ID=&quot;7&quot;\nPRETTY_NAME=&quot;CentOS Linux 7 (Core)&quot;\nANSI_COLOR=&quot;0;31&quot;\nCPE_NAME=&quot;cpe:\/o:centos:centos:7&quot;\nHOME_URL=&quot;https:\/\/www.centos.org\/&quot;\nBUG_REPORT_URL=&quot;https:\/\/bugs.centos.org\/&quot;\n\nCENTOS_MANTISBT_PROJECT=&quot;CentOS-7&quot;\nCENTOS_MANTISBT_PROJECT_VERSION=&quot;7&quot;\nREDHAT_SUPPORT_PRODUCT=&quot;centos&quot;\nREDHAT_SUPPORT_PRODUCT_VERSION=&quot;7&quot;<\/code><\/pre><\/div>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>CentOS 7 \/ Red Hat Enterprise Linux 7 \u7528\u306e Certbot \u30d1\u30c3\u30b1\u30fc\u30b8\u306f\u3001EPEL (Extra Packages for Enterprise Linux) \u30ea\u30dd\u30b8\u30c8\u30ea\u304b\u3089\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n<\/blockquote>\n\n\n\n<p>\u3060\u305d\u3046\u306a\u306e\u3067\u3001<code>epel<\/code>\u306e\u78ba\u8a8d<\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-plain\"><code>$ yum repolist | grep epel\n * epel: d2lzkl7pfhq30w.cloudfront.net\nepel\/x86_64             Extra Packages for Enterprise Linux 7 - x86_64    12,843<\/code><\/pre><\/div>\n\n\n\n<p>\u5165\u3063\u3066\u308b\u306e\u3067\u30ea\u30dd\u30b8\u30c8\u30ea\u306e\u8ffd\u52a0\u306f\u30b9\u30ad\u30c3\u30d7\u3057\u3066 <code>certbot<\/code> \u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3002<\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-bash\" data-lang=\"Bash\"><code>$ sudo yum install certbot # install\n$ type certbot   # path\u306e\u78ba\u8a8d\n$ certbot --help # install\u306e\u78ba\u8a8d<\/code><\/pre><\/div>\n\n\n\n<p>\u30d8\u30eb\u30d7\u304c\u78ba\u8a8d\u3067\u304d\u308c\u3070\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u304c\u5b8c\u4e86\u3067\u3059\u3002<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">\u8a3c\u660e\u66f8\u306e\u767a\u884c<\/h2>\n\n\n\n<p>\u8a3c\u660e\u66f8\u3092\u767a\u884c\u3057\u3066\u3082\u3089\u3046\u3002\u4e00\u756a\u5927\u5207\u306a\u3068\u3053\u308d\u3002<\/p>\n\n\n\n<p><code>standalone<\/code>\u30d7\u30e9\u30b0\u30a4\u30f3\u3092\u4f7f\u3063\u3066\u767a\u884c\u3059\u308b\u5834\u5408\u306f\u3001\u30dd\u30fc\u30c8 <code>80<\/code>, <code>443<\/code> \u3092\u4f7f\u3046\u305f\u3081\u306b root \u6a29\u9650\u304c\u5fc5\u8981\u3089\u3057\u3044\u3002<br>\u3044\u304f\u3064\u304b\u306e\u30d5\u30a1\u30a4\u30eb\u4f5c\u6210\u306e\u305f\u3081\u306b\u3082 root \u6a29\u9650\u304c\u5fc5\u8981\u307f\u305f\u3044\u3002<\/p>\n\n\n\n<p>\u306a\u306e\u3067\u3001\u30dd\u30fc\u30c8 <code>80<\/code> or <code>443<\/code> \u3067\u4f55\u304b\u304c\u8d77\u52d5\u3057\u3066\u3044\u308b\u5834\u5408\u306f\u505c\u6b62\u3057\u3066\u304a\u304f\u3002<br><code>root<\/code> \u30e6\u30fc\u30b6\u3067 <code>certbot<\/code> \u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3059\u308b\u3002<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># certbot certonly --standalone -d myapp.sample.biz\nSaving debug log to \/var\/log\/letsencrypt\/letsencrypt.log\nPlugins selected: Authenticator standalone, Installer None\nStarting new HTTPS connection (1): acme-v02.api.letsencrypt.org\nObtaining a new certificate\nPerforming the following challenges:\nhttp-01 challenge for ses-api.miracleave.biz\nWaiting for verification...\nCleaning up challenges\nResetting dropped connection: acme-v02.api.letsencrypt.org\n\nIMPORTANT NOTES:\n - Congratulations! Your certificate and chain have been saved at:\n   \/etc\/letsencrypt\/live\/myapp.sample.biz\/fullchain.pem\n   Your key file has been saved at:\n   \/etc\/letsencrypt\/live\/myapp.sample.biz\/privkey.pem\n   Your cert will expire on 2019-04-02. To obtain a new or tweaked\n   version of this certificate in the future, simply run certbot\n   again. To non-interactively renew *all* of your certificates, run\n   \"certbot renew\"\n - If you like Certbot, please consider supporting our work by:\n\n   Donating to ISRG \/ Let's Encrypt:   https:\/\/letsencrypt.org\/donate\n   Donating to EFF:                    https:\/\/eff.org\/donate-le\n\n# ll \/etc\/letsencrypt\/live\/myapp.sample.biz\/\n-rw-r--r--. 1 root root 692  1\u6708  2 09:42 README\nlrwxrwxrwx. 1 root root  46  1\u6708  2 09:42 cert.pem -&gt; ..\/..\/archive\/myapp.sample.biz\/cert1.pem\nlrwxrwxrwx. 1 root root  47  1\u6708  2 09:42 chain.pem -&gt; ..\/..\/archive\/myapp.sample.biz\/chain1.pem\nlrwxrwxrwx. 1 root root  51  1\u6708  2 09:42 fullchain.pem -&gt; ..\/..\/archive\/myapp.sample.biz\/fullchain1.pem\nlrwxrwxrwx. 1 root root  49  1\u6708  2 09:42 privkey.pem -&gt; ..\/..\/archive\/myapp.sample.biz\/privkey1.pem<\/code><\/pre>\n\n\n\n<p>\u4eca\u56de\u306e\u8a2d\u5b9a\u3067\u306f <code>privkey.pem<\/code> \u3068 <code>fullchain.pem<\/code> \u3092\u4f7f\u7528\u3059\u308b\u3002<br>\u306a\u304a\u3001\u3053\u308c\u3089(<code>*.pem<\/code>)\u306e\u30d5\u30a1\u30a4\u30eb\u306f\u79fb\u52d5\u3059\u308b\u3068 <code>certbot<\/code> \u304c\u6b63\u5e38\u306b\u52d5\u4f5c\u3057\u306a\u304f\u306a\u308b\u305d\u3046\u306a\u306e\u3067\u79fb\u52d5\u3057\u306a\u3044\u3053\u3068\u3092\u304a\u3059\u3059\u3081\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">\u30a2\u30d7\u30ea\u3078\u8a2d\u5b9a<\/h2>\n\n\n\n<p><code>puma<\/code> \u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u306bssl\u306e\u8a2d\u5b9a\u3092\u8ffd\u52a0\u3059\u308b\u3002<\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-bash\" data-lang=\"Bash\"><code>$ cd $PRJ_ROOT\n$ echo &#39;ssl_bind &quot;0.0.0.0&quot;, 443, {\n  key: &quot;\/etc\/letsencrypt\/live\/myapp.sample.biz\/privkey.pem&quot;,\n  cert: &quot;\/etc\/letsencrypt\/live\/myapp.sample.biz\/fullchain.pem&quot;\n}&#39; &gt;&gt; .\/config\/puma.rb<\/code><\/pre><\/div>\n\n\n\n<p>\u3053\u308c\u3067 3000\u756aport\u3067http\u901a\u4fe1\u3092\u884c\u3044\u3001443\u756aport \u3067https\u901a\u4fe1\u3092\u884c\u3046\u3002<\/p>\n\n\n\n<p>3000\u756aport \u306e http\u901a\u4fe1\u3092\u3057\u305f\u304f\u306a\u3044\u5834\u5408\u306f <code>.\/config\/puma.rb<\/code> \u306e<\/p>\n\n\n\n<p><code>port ENV.fetch(\"PORT\") { 3000 }<\/code><\/p>\n\n\n\n<p>\u3092\u524a\u9664 or \u30b3\u30e1\u30f3\u30c8\u30a2\u30a6\u30c8 \u3057\u3066\u304a\u304f\u30683000\u756a\u3067 LISTEN \u3057\u306a\u304f\u306a\u308b\u3002<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">\u52d5\u4f5c\u78ba\u8a8d<\/h2>\n\n\n\n<p>https\u3067\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u6295\u3052\u3066\u5e30\u3063\u3066\u304f\u308b\u304b\u78ba\u8a8d\u3059\u308b\u3002<\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-plain\"><code>$ curl -D - -s -o \/dev\/null https:\/\/myapp.sample.biz:443\/\nHTTP\/1.1 200 OK<\/code><\/pre><\/div>\n\n\n\n<p>HTTPS\u901a\u4fe1\u304c\u3067\u304d\u307e\u3057\u305f\uff01<br>\u3081\u3067\u305f\u3057\u3081\u3067\u305f\u3057\u3002<br>\u203b \u30c9\u30e1\u30a4\u30f3\u3067\u8a3c\u660e\u66f8\u3092\u4f5c\u6210\u3057\u3066\u3044\u308b\u305f\u3081\u3001<code>https:\/\/localhost:443<\/code> \u3067\u306f\u8a8d\u8a3c\u30a8\u30e9\u30fc\u306b\u306a\u308b\u306e\u3067\u6ce8\u610f\u3059\u308b\u3002<\/p>\n\n\n\n<p>\u8a3c\u660e\u66f8\u306e\u66f4\u65b0\u65b9\u6cd5\u306a\u3069\u306f\u305d\u306e\u3046\u3061\u8ffd\u52a0\u4e88\u5b9a\u3067\u3059\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>How to Let&#8217;s encrypt TL;DR \u624b\u9806 Certbot \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e\u5c0e\u5165 \u8a3c\u660e\u66f8\u3092\u767a\u884c\u3059\u308b\u305f\u3081\u306b\u4f7f\u3046 Certbot \u306e\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3059\u308b\u3002 \u4eca\u56de\u4f7f\u7528\u3059\u308b\u30c9\u30e1\u30a4\u30f3\u306f\u3053\u3061\u3089 m [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":298,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"swell_btn_cv_data":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[76],"class_list":["post-168","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tech","tag-linux"],"jetpack_featured_media_url":"https:\/\/www.miracleave.co.jp\/contents\/wp-content\/uploads\/2021\/10\/letsencrypt-logo-horizontal.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.miracleave.co.jp\/contents\/wp-json\/wp\/v2\/posts\/168","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.miracleave.co.jp\/contents\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.miracleave.co.jp\/contents\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.miracleave.co.jp\/contents\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.miracleave.co.jp\/contents\/wp-json\/wp\/v2\/comments?post=168"}],"version-history":[{"count":3,"href":"https:\/\/www.miracleave.co.jp\/contents\/wp-json\/wp\/v2\/posts\/168\/revisions"}],"predecessor-version":[{"id":2445,"href":"https:\/\/www.miracleave.co.jp\/contents\/wp-json\/wp\/v2\/posts\/168\/revisions\/2445"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.miracleave.co.jp\/contents\/wp-json\/wp\/v2\/media\/298"}],"wp:attachment":[{"href":"https:\/\/www.miracleave.co.jp\/contents\/wp-json\/wp\/v2\/media?parent=168"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.miracleave.co.jp\/contents\/wp-json\/wp\/v2\/categories?post=168"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.miracleave.co.jp\/contents\/wp-json\/wp\/v2\/tags?post=168"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}