SSL letsencrypt de Virtual_Host
をテンプレートにして作成
[
トップ
] [
新規
|
一覧
|
検索
|
最終更新
|
ヘルプ
|
ログイン
]
開始行:
[[SSL]]
CONTENTS
#contents
----
Lastmodified &lastmod;
----
*SSL letsencrypt de Virtual_Host [#bacb641e]
** portinstall security/py-certbot [#n753d43f]
*** certbot certonly --standalone -d www.smb.net [#c101a0...
これで、/usr/local/etc/letsencrypt が作成される。
** portinstall www/mod_http2-devel [#i818a033]
* /usr/local/etc/apache24/httpd.conf 設定変更 [#o643027c]
以下は、コメントアウトされている場合は、コメントを外す。
LoadModule log_config_module libexec/apache24/mod_log_co...
LoadModule setenvif_module libexec/apache24/mod_setenvif...
LoadModule ssl_module libexec/apache24/mod_ssl.so
LoadModule socache_shmcb_module libexec/apache24/mod_soc...
追加設定
LoadModule http2_module libexec/apache24/mod_h2.so
LoadModuleの下に、以下の設定(SSL設定を読み込む)を設定す...
Include etc/apache24/extra/httpd-ssl.conf
* vi /usr/local/etc/apache24/extra/httpd-ssl.conf [#w28a6...
Listen 443
SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES:!IDEA
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES:!IDEA
SSLHonorCipherOrder on
SSLProtocol all -SSLv3 -SSLv2
SSLProxyProtocol all -SSLv3 -SSLv2
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/var/run/ssl_scache(512000)"
SSLSessionCacheTimeout 300
SSLUseStapling On
SSLStaplingCache "shmcb:/var/run/ssl_stapling(32768)"
SSLStaplingStandardCacheTimeout 3600
SSLStaplingErrorCacheTimeout 600
<VirtualHost _default_:443>
Protocols h2 http/1.1 # 有効化するには po...
ServerName sun1.smb.net:443
ServerAdmin webmaster@smb.net
ErrorLog "/var/log/httpd-error.log"
TransferLog "/var/log/httpd-access.log"
SSLEngine on
SSLCertificateFile "/usr/local/etc/letsencrypt/live/www....
SSLCertificateKeyFile "/usr/local/etc/letsencrypt/live/w...
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/usr/local/www/apache24/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog "/var/log/httpd-ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" ...
</VirtualHost>
# ファイル末尾に以下の1文を追加する。 ...
Header set Strict-Transport-Security " max-age=315360000;"
* HOST 証明書作成 [#mb038f0c]
** # apachectl stop [#sbacb2eb]
Stopping apache24.
Waiting for PIDS: 878.
** # certbot certonly --standalone -d www.smb.net [#u3c17...
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.smb.net
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been...
/usr/local/etc/letsencrypt/live/www.smb.net/fullchain...
Your key file has been saved at:
/usr/local/etc/letsencrypt/live/www.smb.net/privkey.pem
Your cert will expire on 2018-09-06. To obtain a new ...
version of this certificate in the future, simply run...
again. To non-interactively renew *all* of your certi...
"certbot renew"
- If you like Certbot, please consider supporting our w...
Donating to ISRG / Let's Encrypt: https://letsencry...
Donating to EFF: https://eff.org/d...
** # apachectl start [#zc138a28]
Performing sanity check on apache24 configuration:
Syntax OK
Starting apache24.
* IP Based Vertuao HOST 証明書作成 [#dc65f060]
# apachectl stop
# certbot certonly --standalone -d virtualhost_FQDN
# apachectl start
これで、/usr/local/etc/letsencrypt/archive/virtualhost_FQ...
* httpd-vhosts.conf [#y192bc4d]
----
Total access &counter(total);:本日 &counter(today);:昨...
#counter([total|today|yesterday]);
終了行:
[[SSL]]
CONTENTS
#contents
----
Lastmodified &lastmod;
----
*SSL letsencrypt de Virtual_Host [#bacb641e]
** portinstall security/py-certbot [#n753d43f]
*** certbot certonly --standalone -d www.smb.net [#c101a0...
これで、/usr/local/etc/letsencrypt が作成される。
** portinstall www/mod_http2-devel [#i818a033]
* /usr/local/etc/apache24/httpd.conf 設定変更 [#o643027c]
以下は、コメントアウトされている場合は、コメントを外す。
LoadModule log_config_module libexec/apache24/mod_log_co...
LoadModule setenvif_module libexec/apache24/mod_setenvif...
LoadModule ssl_module libexec/apache24/mod_ssl.so
LoadModule socache_shmcb_module libexec/apache24/mod_soc...
追加設定
LoadModule http2_module libexec/apache24/mod_h2.so
LoadModuleの下に、以下の設定(SSL設定を読み込む)を設定す...
Include etc/apache24/extra/httpd-ssl.conf
* vi /usr/local/etc/apache24/extra/httpd-ssl.conf [#w28a6...
Listen 443
SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES:!IDEA
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES:!IDEA
SSLHonorCipherOrder on
SSLProtocol all -SSLv3 -SSLv2
SSLProxyProtocol all -SSLv3 -SSLv2
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/var/run/ssl_scache(512000)"
SSLSessionCacheTimeout 300
SSLUseStapling On
SSLStaplingCache "shmcb:/var/run/ssl_stapling(32768)"
SSLStaplingStandardCacheTimeout 3600
SSLStaplingErrorCacheTimeout 600
<VirtualHost _default_:443>
Protocols h2 http/1.1 # 有効化するには po...
ServerName sun1.smb.net:443
ServerAdmin webmaster@smb.net
ErrorLog "/var/log/httpd-error.log"
TransferLog "/var/log/httpd-access.log"
SSLEngine on
SSLCertificateFile "/usr/local/etc/letsencrypt/live/www....
SSLCertificateKeyFile "/usr/local/etc/letsencrypt/live/w...
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/usr/local/www/apache24/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog "/var/log/httpd-ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" ...
</VirtualHost>
# ファイル末尾に以下の1文を追加する。 ...
Header set Strict-Transport-Security " max-age=315360000;"
* HOST 証明書作成 [#mb038f0c]
** # apachectl stop [#sbacb2eb]
Stopping apache24.
Waiting for PIDS: 878.
** # certbot certonly --standalone -d www.smb.net [#u3c17...
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.smb.net
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been...
/usr/local/etc/letsencrypt/live/www.smb.net/fullchain...
Your key file has been saved at:
/usr/local/etc/letsencrypt/live/www.smb.net/privkey.pem
Your cert will expire on 2018-09-06. To obtain a new ...
version of this certificate in the future, simply run...
again. To non-interactively renew *all* of your certi...
"certbot renew"
- If you like Certbot, please consider supporting our w...
Donating to ISRG / Let's Encrypt: https://letsencry...
Donating to EFF: https://eff.org/d...
** # apachectl start [#zc138a28]
Performing sanity check on apache24 configuration:
Syntax OK
Starting apache24.
* IP Based Vertuao HOST 証明書作成 [#dc65f060]
# apachectl stop
# certbot certonly --standalone -d virtualhost_FQDN
# apachectl start
これで、/usr/local/etc/letsencrypt/archive/virtualhost_FQ...
* httpd-vhosts.conf [#y192bc4d]
----
Total access &counter(total);:本日 &counter(today);:昨...
#counter([total|today|yesterday]);
ページ名:
![[PukiWiki]](image/pukiwiki.png "[PukiWiki]")
