CentOS7 Apache2.4
複数のドメインを1つのサーバで運用するためにバーチャルホストを使う事はよくあります。
ここではすでに一つのドメインでLetsEncryptを利用してhttps化していましたが、別のドメインでも同じようにhttps化する場合の手順です。
いろいろ設定しなきゃいけないのかな~などと思いつつ調べてみると。。すでにLetsEncryptのインストール(正確にはcertbot)が済んでいたのでコマンド一発でhttps化できました。
[root]# certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: test1.com
2: test2.com
3: test3.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1 ←ここでSSL化したドメインを選択
Cert not yet due for renewal
You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/test1.com.conf)
What would you like to do?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Attempt to reinstall this existing certificate
2: Renew & replace the certificate (may be subject to CA rate limits)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Renewing an existing certificate for test1.com
Created an SSL vhost at /etc/httpd/conf.d/vhost-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/conf.d/vhost-le-ssl.conf
Redirecting vhost in /etc/httpd/conf.d/vhost.conf to ssl vhost in /etc/httpd/conf.d/vhost-le-ssl.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Your existing certificate has been successfully renewed, and the new certificate
has been installed.
The new certificate covers the following domains: https://test1.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/test1.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/test1.com/privkey.pem
Your certificate will expire on 2022-03-21. To obtain a new or
tweaked version of this certificate in the future, simply run
certbot again with the "certonly" option. To non-interactively
renew *all* of your certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
[root]# apachectl restart ←apacheの再起動※ちなみに
1: Attempt to reinstall this existing certificate
2: Renew & replace the certificate (may be subject to CA rate limits)
は手動で設定をしようかと証明書だけ先に一度作ってしまったために選択画面がでていますが、通常はでません。
ファイルとしては次のファイルが編集されます
vhost.conf httpのバーチャルホストの設定ファイル443にリダイレクトされる設定が追加されます
vhost-le-ssl.conf httpsの設定が追加され、作成された証明書のパスなどが記載されます。
/etc/letsencrypt/live 配下にドメイン名のディレクトリが作成されてそこに証明書のシンボリックリンクが作成されます。
コメント