{"id":11205,"date":"2022-05-01T03:50:06","date_gmt":"2022-04-30T18:50:06","guid":{"rendered":"http:\/\/www.webcyou.com\/?p=11205"},"modified":"2022-05-02T16:37:50","modified_gmt":"2022-05-02T07:37:50","slug":"ubuntu-20-04-lts-%e3%82%b5%e3%83%bc%e3%83%90%e6%a7%8b%e7%af%89-lets-encrypt%e3%81%a7ssl-tls%e5%8c%96","status":"publish","type":"post","link":"https:\/\/www.webcyou.com\/?p=11205","title":{"rendered":"Ubuntu 20.04 LTS \u30b5\u30fc\u30d0\u69cb\u7bc9 &#8211; Let\u2019s Encrypt\u3067SSL\/TLS\u5316"},"content":{"rendered":"<p>\u524d\u56de\u306e<a href=\"https:\/\/www.webcyou.com\/?p=11197\">Ubuntu 20.04 LTS \u30b5\u30fc\u30d0\u69cb\u7bc9 \u2013 Nginx\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/a>\u306e\u7d9a\u304d\u3067\u3059\u3002<\/p>\n<p>\u4eca\u56de\u306f\u3001Let\u2019s Encrypt\u3067SSL\/TLS\u5316\u3057\u3066\u3044\u304d\u307e\u3059\u3002<\/p>\n<h4>\u30e1\u30cb\u30e5\u30fc<\/h4>\n<ul>\n<li><a href=\"https:\/\/www.webcyou.com\/?p=11191\">Ubuntu 20.04 LTS \u30b5\u30fc\u30d0\u69cb\u7bc9 \u2013 \u521d\u671f\u30bb\u30c3\u30c8\u30a2\u30c3\u30d7<\/a><\/li>\n<li><a href=\"https:\/\/www.webcyou.com\/?p=11197\">Ubuntu 20.04 LTS \u30b5\u30fc\u30d0\u69cb\u7bc9 \u2013 Nginx\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/a><\/li>\n<li><a href=\"https:\/\/www.webcyou.com\/?p=11205\">Ubuntu 20.04 LTS \u30b5\u30fc\u30d0\u69cb\u7bc9 \u2013 Let\u2019s Encrypt\u3067SSL\/TLS\u5316<\/a><\/li>\n<li><a href=\"https:\/\/www.webcyou.com\/?p=11211\">Ubuntu 20.04 LTS \u30b5\u30fc\u30d0\u69cb\u7bc9 \u2013 Postfix\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/a><\/li>\n<li><a href=\"https:\/\/www.webcyou.com\/?p=11218\">Ubuntu 20.04 LTS \u30b5\u30fc\u30d0\u69cb\u7bc9 \u2013 Dovecot\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/a><\/li>\n<li><a href=\"https:\/\/www.webcyou.com\/?p=11221\">Ubuntu 20.04 LTS \u30b5\u30fc\u30d0\u69cb\u7bc9 \u2013 Postfix SASL\u8a8d\u8a3c<\/a><\/li>\n<li><a href=\"https:\/\/www.webcyou.com\/?p=11230\">Ubuntu 20.04 LTS \u30b5\u30fc\u30d0\u69cb\u7bc9 \u2013 Postfix Let\u2019s Encrypt\u3067TLS\u5316<\/a><\/li>\n<li><a href=\"https:\/\/www.webcyou.com\/?p=11234\">Ubuntu 20.04 LTS \u30b5\u30fc\u30d0\u69cb\u7bc9 \u2013 DKIM\u3001DMARC\u3092\u8a2d\u5b9a\u3059\u308b<\/a><\/li>\n<\/ul>\n<h4>Cerbot\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/h4>\n<p>Certbot\u3068Nginx\u30d7\u30e9\u30b0\u30a4\u30f3\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3002<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">$ sudo apt install certbot python3-certbot-nginx<\/pre>\n<h4>Nginx\u306e\u8a2d\u5b9a\u78ba\u8a8d<\/h4>\n<p>Certbot\u304c`server`\u30d6\u30ed\u30c3\u30af\u3092\u898b\u3064\u3051\u3089\u308c\u308b\u304b\u3001Nginx\u306e\u8a2d\u5b9a\u78ba\u8a8d\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">$ sudo vim \/etc\/nginx\/sites-available\/example.com<\/pre>\n<p>\u65e2\u5b58\u306eserver_name\u00a0\u884c\u3092\u78ba\u8a8d\u3002<\/p>\n<p>\/etc\/nginx\/sites-available\/example.com<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">...\r\nserver_name example.com www.example.com;\r\n...<\/pre>\n<p>\u554f\u984c\u306a\u3051\u308c\u3070Nginx\u306e\u8a2d\u5b9a\u306e\u69cb\u6587\u30c1\u30a7\u30c3\u30af\u3002<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">$ sudo nginx -t<\/pre>\n<p>\u4fee\u6b63\u304c\u767a\u751f\u3057\u305f\u969b\u306f\u3001Nginx\u3092\u30ea\u30ed\u30fc\u30c9\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">$ sudo systemctl reload nginx<\/pre>\n<h4>SSL\u8a3c\u660e\u66f8\u306e\u53d6\u5f97<\/h4>\n<p>Certbot\u3067\u8a2d\u5b9a\u3057\u3066\u3044\u308b\u30c9\u30e1\u30a4\u30f3\u306b\u5bfe\u3057\u3066SSL\u8a3c\u660e\u66f8\u3092\u53d6\u5f97\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">$ sudo certbot --nginx -d example.com -d www.example.com<\/pre>\n<p>\u521d\u3081\u3066certbot\u3092\u5b9f\u884c\u3059\u308b\u5834\u5408\u306f\u3001\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u3092\u5165\u529b\u3057\u3001\u5229\u7528\u898f\u7d04\u306b\u540c\u610f\u3059\u308b\u3088\u3046\u6c42\u3081\u3089\u308c\u308b\u306e\u3067\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u5165\u529b\u3002<\/p>\n<p>\u305d\u306e\u5f8c\u3001\u3059\u3079\u3066HTTPS\u306b\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u3059\u308b\u304b\u3069\u3046\u304b\u805e\u304b\u308c\u308b\u306e\u3067\u30012\u3092\u9078\u629e\u3002<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n1: No redirect - Make no further changes to the webserver configuration.\r\n2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for\r\nnew sites, or if you're confident your site works on HTTPS. You can undo this\r\nchange by editing your web server's configuration.\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nSelect the appropriate number &#x5B;1-2] then &#x5B;enter] (press 'c' to cancel):<\/pre>\n<p>ENTER\u30ad\u30fc\u3067\u8a2d\u5b9a\u304c\u66f4\u65b0\u3055\u308c\u3001Nginx\u304c\u30ea\u30ed\u30fc\u30c9\u3057\u3066\u65b0\u3057\u3044\u8a2d\u5b9a\u3092\u53d6\u5f97\u3002<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">Output\r\nIMPORTANT NOTES:\r\n - Congratulations! Your certificate and chain have been saved at:\r\n   \/etc\/letsencrypt\/live\/example.com\/fullchain.pem\r\n   Your key file has been saved at:\r\n   \/etc\/letsencrypt\/live\/example.com\/privkey.pem\r\n   Your cert will expire on 2022-07-13. To obtain a new or tweaked   \r\n   version of this certificate in the future, simply run certbot again\r\n   with the \"certonly\" option. To non-interactively renew *all* of\r\n   your certificates, run \"certbot renew\"\r\n - If you like Certbot, please consider supporting our work by:\r\n\r\n   Donating to ISRG \/ Let's Encrypt:   https:\/\/letsencrypt.org\/donate\r\n   Donating to EFF:                    https:\/\/eff.org\/donate-le<\/pre>\n<p>\/etc\/nginx\/sites-available\/example.com \u3092\u78ba\u8a8d\u3002<br \/>\nserver\u30d6\u30ed\u30c3\u30af\u300180\u756a\u30dd\u30fc\u30c8\u306b301\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u304c\u633f\u5165\u3055\u308c\u308b<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">if ($host = example.com) {\r\n   return 301 https:\/\/$host$request_uri;\r\n}<\/pre>\n<p>server\u30d6\u30ed\u30c3\u30af\u3001443\u756a\u30dd\u30fc\u30c8\u306b\u4ee5\u4e0b\u304c\u633f\u5165\u3055\u308c\u308b<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">listen &#x5B;::]:443 ssl ipv6only=on; # managed by Certbot\r\nlisten 443 ssl; # managed by Certbot\r\nssl_certificate \/etc\/letsencrypt\/live\/example.com\/fullchain.pem; # managed by Certbot\r\nssl_certificate_key \/etc\/letsencrypt\/live\/example.com\/privkey.pem; # managed by Certbot\r\ninclude \/etc\/letsencrypt\/options-ssl-nginx.conf; # managed by Certbot\r\nssl_dhparam \/etc\/letsencrypt\/ssl-dhparams.pem; # managed by Certbot<\/pre>\n<p>http2\u306b\u3059\u308b\u5834\u5408\u306f\u5909\u66f4\u3002<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">listen 443 ssl http2;\r\nlisten &#x5B;::]:443 ssl http2;<\/pre>\n<p>\u30d6\u30e9\u30a6\u30b6\u3067\u3001https:\/\/example.com \u3092\u30a2\u30af\u30bb\u30b9\u3002\u30b5\u30a4\u30c8\u304c\u9069\u5207\u306b\u4fdd\u8b77\u3055\u308c\u3066\u3044\u308b\u3002<\/p>\n<p><a href=\"https:\/\/www.ssllabs.com\/ssltest\/\">SSL Labs Server Test<\/a>\u3067\u30c1\u30a7\u30c3\u30af\u3067A\u5224\u5b9a\u3068\u306a\u308b\u3002<\/p>\n<h4>Certbot\u306e\u81ea\u52d5\u66f4\u65b0<\/h4>\n<p>Let\u2019s Encrypt\u306e\u8a3c\u660e\u66f8\u306f90\u65e5\u9593\u306e\u307f\u6709\u52b9\u306a\u306e\u3067\u81ea\u52d5\u66f4\u65b0\u306e\u8a2d\u5b9a\u3002<\/p>\n<p>certbot.timer\u3092\u8ffd\u52a0\u3067\u51e6\u7406\u3092\u884c\u3044\u307e\u3059\u3002\u30b9\u30af\u30ea\u30d7\u30c8\u306f1\u65e5\u306b2\u56de\u5b9f\u884c\u3055\u308c\u3001\u6709\u52b9\u671f\u9650\u306e30\u65e5\u4ee5\u5185\u306b\u3042\u308b\u8a3c\u660e\u66f8\u3092\u81ea\u52d5\u66f4\u65b0\u3068\u306a\u308a\u307e\u3059\u3002<\/p>\n<p>\u30bf\u30a4\u30de\u30fc\u306e\u30b9\u30c6\u30fc\u30bf\u30b9\u3092\u78ba\u8a8d\u3002<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">$ sudo systemctl status certbot.timer<\/pre>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">Output\r\n\u25cf certbot.timer - Run certbot twice daily\r\n     Loaded: loaded (\/lib\/systemd\/system\/certbot.timer; enabled; vendor preset: enabled)\r\n     Active: active (waiting) since Mon 2020-05-04 20:04:36 UTC; 2 weeks 1 days ago\r\n    Trigger: 2022-04-15 04:03:32 UTC; 10h left\r\n   Triggers: \u25cf certbot.service<\/pre>\n<p>certbot \u30c9\u30e9\u30a4\u30e9\u30f3\u3067\u3001\u66f4\u65b0\u30d7\u30ed\u30bb\u30b9\u3092\u30c6\u30b9\u30c8<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">$ sudo certbot renew --dry-run<\/pre>\n<p>\u30a8\u30e9\u30fc\u304c\u8868\u793a\u3055\u308c\u306a\u3051\u308c\u3070\u3001\u8a2d\u5b9a\u306f\u5b8c\u4e86\u3002<\/p>\n<p>\u5fc5\u8981\u306b\u5fdc\u3058\u3066\u3001Certbot\u306f\u8a3c\u660e\u66f8\u3092\u66f4\u65b0\u3057\u3001Nginx\u3092\u30ea\u30ed\u30fc\u30c9\u3057\u3066\u5909\u66f4\u3092\u53cd\u6620\u3002<\/p>\n<p>\u81ea\u52d5\u66f4\u65b0\u30d7\u30ed\u30bb\u30b9\u304c\u5931\u6557\u6642\u306f\u3001\u8a2d\u5b9a\u3057\u305f\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u306b\u30e1\u30c3\u30bb\u30fc\u30b8\u3092\u9001\u4fe1\u3055\u308c\u308b\u3002<\/p>\n<p>\u6b21\u306fPostfix\u306e\u8a2d\u5b9a\u3092\u884c\u3063\u3066\u3044\u304d\u307e\u3057\u3087\u3046\u3002<\/p>\n<p><a href=\"https:\/\/www.webcyou.com\/?p=11211\">Ubuntu 20.04 LTS \u30b5\u30fc\u30d0\u69cb\u7bc9 \u2013 Postfix\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u524d\u56de\u306eUbuntu 20.04 LTS \u30b5\u30fc\u30d0\u69cb\u7bc9 \u2013 Nginx\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u306e\u7d9a\u304d\u3067\u3059\u3002 \u4eca\u56de\u306f\u3001Let\u2019s Encrypt\u3067SSL\/TLS\u5316\u3057\u3066\u3044\u304d\u307e\u3059\u3002 \u30e1\u30cb\u30e5\u30fc Ubuntu 20.04 LTS \u30b5\u30fc\u30d0\u69cb\u7bc9 \u2013  [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":11192,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[248],"tags":[221,44,45,293],"class_list":{"0":"post-11205","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","6":"hentry","7":"category-ubuntu","8":"tag-linux","9":"tag-web","11":"tag-293"},"_links":{"self":[{"href":"https:\/\/www.webcyou.com\/index.php?rest_route=\/wp\/v2\/posts\/11205","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.webcyou.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.webcyou.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.webcyou.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.webcyou.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=11205"}],"version-history":[{"count":8,"href":"https:\/\/www.webcyou.com\/index.php?rest_route=\/wp\/v2\/posts\/11205\/revisions"}],"predecessor-version":[{"id":11260,"href":"https:\/\/www.webcyou.com\/index.php?rest_route=\/wp\/v2\/posts\/11205\/revisions\/11260"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.webcyou.com\/index.php?rest_route=\/wp\/v2\/media\/11192"}],"wp:attachment":[{"href":"https:\/\/www.webcyou.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=11205"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.webcyou.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=11205"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.webcyou.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=11205"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}