{"id":783,"date":"2019-02-14T23:02:11","date_gmt":"2019-02-14T14:02:11","guid":{"rendered":"https:\/\/rp-lifework.com\/?page_id=783"},"modified":"2019-02-14T23:04:45","modified_gmt":"2019-02-14T14:04:45","slug":"lets-encrypt%e3%82%92%e6%a8%99%e6%ba%96%e5%a4%96%e3%81%ae%e3%83%9d%e3%83%bc%e3%83%88%e3%81%a7%e5%8f%96%e5%be%97%e3%81%99%e3%82%8b%ef%bc%88dns%ef%bc%89","status":"publish","type":"page","link":"https:\/\/rp-lifework.com\/?page_id=783","title":{"rendered":"Let’s Encrypt\u3092\u6a19\u6e96\u5916\u306e\u30dd\u30fc\u30c8\u3067\u53d6\u5f97\u3059\u308b\uff08DNS\uff09"},"content":{"rendered":"\n

Ubuntu\u30b5\u30fc\u30d0\u306f\u30ed\u30fc\u30ab\u30eb\u5185\u306eNAS\u3068\u306e\u517c\u306d\u5408\u3044\u4e0a\u3001\u6a19\u6e96\u5916\u30dd\u30fc\u30c8\u3067\u30a2\u30af\u30bb\u30b9\u3059\u308b\u3088\u3046\u306b\u306a\u3063\u3066\u3044\u308b\u3002
\u6a19\u6e96\u5916\u30dd\u30fc\u30c8\u306e\u307e\u307e\u3001Let’s Encrypt<\/a>\u306eCertbot+Webroot\u3092\u4f7f\u7528\u3057\u3066SSL\u8a3c\u660e\u66f8\u3092\u53d6\u5f97\u3059\u308b\u65b9\u6cd5\u3092\u30b0\u30b0\u3063\u3066\u307f\u305f\u3082\u306e\u306e\u3001\u3084\u306f\u308a\u3069\u3046\u3057\u3066\u3082HTTP80 or HTTPS443\u30dd\u30fc\u30c8\u3092\u958b\u653e\u3059\u308b\u5fc5\u8981\u304c\u3042\u3063\u305f\u306e\u3067\u3001\u5225\u306e\u624b\u6bb5\u3092\u63a2\u3057\u3066\u307f\u305f\u3002
\u81ea\u52d5\u3067\u66f4\u65b0\u3059\u308b\u3053\u3068\u3082\u3067\u304d\u306a\u3055\u305d\u3046\u306a\u306e\u3067\u3001\u3053\u306e\u30da\u30fc\u30b8\u306b\u79c1\u81ea\u8eab\u306e\u899a\u3048\u3068\u3057\u3066\u30e1\u30e2\u3002<\/p>\n\n\n\n

DNS\u30c1\u30e3\u30ec\u30f3\u30b8\u306b\u3088\u308b\u8a8d\u8a3c<\/h2>\n\n\n\n
 # certbot certonly --manual -d XXXXXXX.xxx --preferred-challenges dns 

Saving debug log to \/var\/log\/letsencrypt\/letsencrypt.log
 Plugins selected: Authenticator manual, Installer None
 Obtaining a new certificate
 Performing the following challenges:
 dns-01 challenge for XXXXXX.com
 
 --------------------------------------------------------------------------
 NOTE: The IP of this machine will be publicly logged as having requested this
 certificate. If you're running certbot in manual mode on a machine that is not
 your server, please ensure you're okay with that.
 Are you OK with your IP being logged?
 -------------------------------------------------------------------------- 
(Y)es\/(N)o: y
 
 -------------------------------------------------------------------------- 
 Please deploy a DNS TXT record under the name
 _acme-challenge.XXXXXX.com with the following value:
 [\u30ad\u30fc]
 Before continuing, verify the record is deployed.
 --------------------------------------------------------------------------  
Press Enter to Continue<\/pre>\n\n\n\n
TeraTerm\u3067\u4e0a\u8a18\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u3066\u30ad\u30fc\u304c\u8868\u793a\u3055\u308c\u308b\u306e\u3067\u3001\u30ad\u30fc\u3092\u30b3\u30d4\u30fc\u3059\u308b\u3002
Press Enter to Continue\u306e\u307e\u307e\u653e\u7f6e\u3057\u3066DNS\u306e\u8a2d\u5b9a\u753b\u9762\u306b\u3002<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
VALUE-DOMAIN\u306eDNS\u8a2d\u5b9a\u753b\u9762\u3092\u958b\u304d\u3001\u4ee5\u4e0b\u306e\u901a\u308a\u30ec\u30b3\u30fc\u30c9\u3092\u8ffd\u52a0\u3059\u308b\u3002<\/p>\n\n\n\n
txt _acme-challenge.[\u30b5\u30d6\u30c9\u30e1\u30a4\u30f3] [\u30b3\u30d4\u30fc\u3057\u305f\u30ad\u30fc]<\/pre>\n\n\n\n
\u8a2d\u5b9a\u304c\u53cd\u6620\u3055\u308c\u308b\u307e\u30675\u5206\uff5e10\u5206\u7a0b\u5ea6\u5f85\u3063\u3066\u304b\u3089\u3001TeraTerm\u5074\u3067Enter\u30ad\u30fc\u3092\u62bc\u3059\u3068\u8a8d\u8a3c\u304c\u59cb\u307e\u308b\u3002
\u203b\u65e9\u3059\u304e\u308b\u3068DNS\u8a2d\u5b9a\u304c\u53cd\u6620\u3055\u308c\u306a\u3044\u307e\u307e\u8a8d\u8a3c\u304c\u59cb\u307e\u3063\u3066\u3057\u307e\u3044\u8a8d\u8a3c\u306b\u5931\u6557\u3059\u308b\u3002
\u3000\u30b3\u30fc\u30d2\u30fc\u3067\u3082\u98f2\u307f\u306a\u304c\u3089\u3086\u3063\u304f\u308a\u5f85\u3061\u307e\u3057\u3087\u3046\u3002<\/p>\n\n\n\n
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
  \/etc\/letsencrypt\/live\/XXXXXX.com\/fullchain.pem
  Your key file has been saved at:
  \/etc\/letsencrypt\/live\/XXXXXX.com\/privkey.pem
  Your cert will expire on 2019-05-15. To obtain a new or tweaked
  version of this certificate in the future, simply run certbot
  again. To non-interactively renew all<\/em> of your certificates, run
  \"certbot renew\"
- If you like Certbot, please consider supporting our work by:
  Donating to ISRG \/ Let's Encrypt:   https:\/\/letsencrypt.org\/donate
  Donating to EFF:                    https:\/\/eff.org\/donate-le <\/pre>\n\n\n\n
\u66f4\u65b0\u6642\u306f\u3053\u308c\u3092\u5b9f\u884c\u3059\u308b\u304b\u306f\u672a\u5b9a\u3060\u304c\u3001Apaceh2\u306edefault-ssl.conf\u3092\u7de8\u96c6\u3057\u3066Apache2\u3092\u518d\u8d77\u52d5\u3059\u308b\u3002
\uff08default-ssl.conf\u306e\u6709\u52b9\u5316\u306f\u3050\u3050\u3063\u3066\u306d\uff01\uff09<\/p>\n\n\n\n
$ sudo ls -l \/etc\/letsencrypt\/live\/XXXXXX.com\/
<\u8a18\u8f09\u7701\u7565\uff0f\u4ee5\u4e0b\u306e\u30d5\u30a1\u30a4\u30eb\u304c\u5b58\u5728\u3059\u308b\u3053\u3068\u3092\u78ba\u8a8d\u3059\u308b\uff1e
 cert.pem
 chain.pem
 fullchain.pem
 privkey.pem

$ sudo vi \/etc\/apache2\/sites-available\/default-ssl.conf
\uff1c\u4e0b\u8a18\u306e\u901a\u308a\u30d1\u30b9\u3092\u8a2d\u5b9a\u3059\u308b\uff1e
SSLCertificateFile      \/etc\/letsencrypt\/live\/XXXXXX.com\/cert.pem
SSLCertificateKeyFile   \/etc\/letsencrypt\/live\/ XXXXXX.com\/privkey.pem 
SSLCertificateChainFile\u00a0\/etc\/letsencrypt\/live\/XXXXXX.com\/chain.pem 

$ sudo systemctl restart apache2
$<\/pre>\n\n\n\n
\u3053\u308c\u3067OK\uff01<\/p>\n\n\n\n
\u53c2\u8003\u30b5\u30a4\u30c8<\/h2>\n\n\n\n
\u4ee5\u4e0b\u306e\u30b5\u30a4\u30c8\u3092\u53c2\u8003\u306b\u8a2d\u5b9a\u3044\u305f\u3057\u307e\u3057\u305f\u3002\u3068\u3066\u3082\u5206\u304b\u308a\u3084\u3059\u304b\u3063\u305f\u3067\u3059\u3002<\/p>\n\n\n\n