AWS構築|Let’s Encrypt で レッツ暗号化
なにするの?
AWSにのっけたWebサービスをHTTPSでアクセスできるようにする。
HOW TO ENCRYPT on AWS
1.Apache停止
$ apachectl stop
2.Certbotをダウンロード
$ git clone https://github.com/certbot/certbot
3.Certbotの実行(証明書の取得)
$ cd certbot/ $ ./certbot-auto certonly --standalone -d kpter.net -d www.kpter.net --debug
※ AWS上では--debug
つけないと文句いわれちゃう
3.5.Emailアドレスの入力
途中、メールアドレスの入力を求められる。(緊急時の通知や鍵をなくした際の復旧用)
↓できたっぽい。
Requesting root privileges to run certbot... /home/ec2-user/.local/share/letsencrypt/bin/letsencrypt certonly --standalone -d kpter.net -d www.kpter.net --debug Version: 1.1-20080819 Version: 1.1-20080819 IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/kpter.net/fullchain.pem. Your cert will expire on 2016-10-16. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again. To non-interactively renew all of your certificates, run "certbot-auto renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
4.Apacheの設定いじる @ /etc/httpd/conf.d/ssl.conf
- 証明書 /etc/letsencrypt/live/kpter.net/cert.pem
- 秘密鍵 /etc/letsencrypt/live/kpter.net/privkey.pem
- 中間証明書 /etc/letsencrypt/live/kpter.net/chain.pem
<VirtualHost *:443> ServerName kpter.net DocumentRoot "/var/www/html/KPTer-web/lp" SSLEngine on SSLHonorCipherOrder on Header set Strict-Transport-Security "max-age=31536000; includeSubDomains" SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2 SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 SSLCertificateFile /etc/letsencrypt/live/kpter.net/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/kpter.net/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/kpter.net/chain.pem </VirtualHost>
※ ssl.confに書かないと以下の警告が出た
[warn] _default_ VirtualHost overlap on port 443, the first has precedence
5.Apache再起動
$ apachectl start
以上で完成です!