目次
無料SSLを設定する
このサイトでも使っていますが、
Let's Encrypt
という非営利団体が発行してくれているので、それを使います!417
417
Cerbotとは
Certbotは、手動で管理されたWebサイトでLet's Encryptの証明書を自動的に使用し、HTTPSを実現するためのフリーでオープンソースのソフトウェアツールです。
https://certbot.eff.org/pages/about
何かわからんけど自動でやってくれるらしい。
Cerbotをインストールする
https://certbot.eff.org/instructions?ws=apache&os=ubuntufocal
公式サイトで自分の環境を入力すると、やり方が出てくる
Apatch
でUbunt20
なのでそれて進めていきます417
snapのインストール
Snapというパッケージ管理ソフトを使ってほしいらしいのでインストールする
インストール
sudo apt update
sudo apt install snapd
hello-worldパッケージをインストールして試す
sudo snap install hello-world
hello-world
Hello World!
Certbot をインストールする
sudo snap install --classic certbot
Certbotを実行できるか確認
sudo ln -s /snap/bin/certbot /usr/bin/certbot
417
証明書を取得してSSL接続!
sudo certbot --apache
登録するドメイン名
について確認されました。417
Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel): hoge@gmail.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
Account registered.
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): 417.run
Requesting a certificate for 417.run
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/417.run/fullchain.pem
Key is saved at: /etc/letsencrypt/live/417.run/privkey.pem
This certificate expires on 2023-05-31.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
Deploying certificate
Successfully deployed certificate for 417.run to /etc/apache2/sites-available/000-default-le-ssl.conf
Congratulations! You have successfully enabled HTTPS on https://417.run
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled HTTPS on https://417.run
417
417
SSL接続できない
fireallを確認
sudo ufw status
Status: active
To Action From
-- ------ ----
80 ALLOW Anywhere
22 ALLOW Anywhere
80 (v6) ALLOW Anywhere (v6)
22 (v6) ALLOW Anywhere (v6)
417
httpsを許可
sudo ufw allow 443/tcp
Rule added
Rule added (v6)
再び確認
django@118-27-36-19:~$ sudo ufw status
Status: active
To Action From
-- ------ ----
80 ALLOW Anywhere
22 ALLOW Anywhere
443/tcp ALLOW Anywhere
80 (v6) ALLOW Anywhere (v6)
22 (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)
417
自動更新のテスト
417
error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Service busy; retry later.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/417.run.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Simulating renewal of an existing certificate for 417.run
Failed to renew certificate 417.run with error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Service busy; retry later.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All simulated renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/417.run/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
417
417