CONTENTS
Lastmodified 2018-06-08 (金) 16:23:19
これで、/usr/local/etc/letsencrypt が作成される。
以下は、コメントアウトされている場合は、コメントを外す。
LoadModule log_config_module libexec/apache24/mod_log_config.so LoadModule setenvif_module libexec/apache24/mod_setenvif.so LoadModule ssl_module libexec/apache24/mod_ssl.so LoadModule socache_shmcb_module libexec/apache24/mod_socache_shmcb.so
追加設定
LoadModule http2_module libexec/apache24/mod_h2.so
LoadModuleの下に、以下の設定(SSL設定を読み込む)を設定する。
Include etc/apache24/extra/httpd-ssl.conf
Listen 443 SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES:!IDEA SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES:!IDEA SSLHonorCipherOrder on SSLProtocol all -SSLv3 -SSLv2 SSLProxyProtocol all -SSLv3 -SSLv2 SSLPassPhraseDialog builtin SSLSessionCache "shmcb:/var/run/ssl_scache(512000)" SSLSessionCacheTimeout 300 SSLUseStapling On SSLStaplingCache "shmcb:/var/run/ssl_stapling(32768)" SSLStaplingStandardCacheTimeout 3600 SSLStaplingErrorCacheTimeout 600 <VirtualHost _default_:443> Protocols h2 http/1.1 # 有効化するには portinstall www/mod_http2-devel ServerName sun1.smb.net:443 ServerAdmin webmaster@smb.net ErrorLog "/var/log/httpd-error.log" TransferLog "/var/log/httpd-access.log" SSLEngine on SSLCertificateFile "/usr/local/etc/letsencrypt/live/www.smb.net/fullchain.pem" SSLCertificateKeyFile "/usr/local/etc/letsencrypt/live/www.smb.net/privkey.pem" <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory "/usr/local/www/apache24/cgi-bin"> SSLOptions +StdEnvVars </Directory> BrowserMatch "MSIE [2-5]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog "/var/log/httpd-ssl_request.log" \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost> # ファイル末尾に以下の1文を追加する。 Header set Strict-Transport-Security " max-age=315360000;"
Stopping apache24. Waiting for PIDS: 878.
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for www.smb.net Waiting for verification... Cleaning up challenges IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /usr/local/etc/letsencrypt/live/www.smb.net/fullchain.pem Your key file has been saved at: /usr/local/etc/letsencrypt/live/www.smb.net/privkey.pem Your cert will expire on 2018-09-06. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
Performing sanity check on apache24 configuration: Syntax OK Starting apache24.
# apachectl stop # certbot certonly --standalone -d virtualhost_FQDN # apachectl start
これで、/usr/local/etc/letsencrypt/archive/virtualhost_FQDN に*.pem が生成される。
Total access 1543:本日 1:昨日 1