{"id":1816,"date":"2016-10-13T00:19:21","date_gmt":"2016-10-12T15:19:21","guid":{"rendered":"http:\/\/blog.4star.link\/?p=1816"},"modified":"2016-10-13T00:19:21","modified_gmt":"2016-10-12T15:19:21","slug":"%e7%84%a1%e6%96%99ssl-lets-encrypt%e3%82%92%e6%9b%b4%e6%96%b0%e3%81%97%e3%81%9f%e9%9a%9b%e3%81%ae%e3%83%a1%e3%83%a2","status":"publish","type":"post","link":"https:\/\/blog.4star.link\/?p=1816","title":{"rendered":"\u7121\u6599SSL Let’s encrypt\u3092\u66f4\u65b0\u3057\u305f\u969b\u306e\u30e1\u30e2"},"content":{"rendered":"

\u7121\u6599SSL\u3067\u6709\u540d\u306aLet’s encrypt<\/a><\/strong>\u3092\u3001\u5229\u7528\u3055\u305b\u3066\u9802\u3044\u3066\u304a\u308a\u3001
\n\u305d\u308c\u306e\u6709\u52b9\u671f\u96503\u30f6\u6708\u3068\u77ed\u304f\u3001\u305d\u306e\u6709\u52b9\u671f\u9650\u304c\u8feb\u3063\u305f\u306e\u3067\u3001\u66f4\u65b0\u5bfe\u5fdc\u3057\u305f\u969b\u306e\u30e1\u30e2<\/p>\n

\u5c0e\u5165\u306f\u307b\u307c200\uff05\u3053\u3061\u3089\u306e\u30b5\u30a4\u30c8\u69d8\u3092\u53c2\u8003\u306b\u3055\u305b\u3066\u3044\u305f\u3060\u304d\u307e\u3057\u305fm( _ _ ; )m
\nhttp:\/\/qiita.com\/sak_2\/items\/ff835b669c0a7e110b09<\/a><\/p>\n

\u305d\u3082\u305d\u3082\u81ea\u52d5\u5316\u3057\u308d\u3088\u3063\u3066\u8a71\u3067\u3059\u304c\u3001
\n\u624b\u52d5\u3067\u66f4\u65b0\u3057\u305f\u969b\u306e\u30e1\u30e2\uff57<\/p>\n

1. \u6050\u3089\u304f\u5c0e\u5165\u6642\u306b\u4f7f\u3063\u305fletsencrypt-auto\u3068\u3044\u3046\u30d5\u30a1\u30a4\u30eb\u3092\u63a2\u3059\u3002<\/h3>\n

2. \u751f\u6210\u3057\u305f\u30ad\u30fc\u30d5\u30a1\u30a4\u30eb\u985e\u3092\u78ba\u8a8d\u3057\u3066\u304a\u304f\u3001\u5fc5\u8981\u3067\u3042\u308c\u3070\u30d0\u30c3\u30af\u30a2\u30c3\u30d7\u3082<\/h3>\n

$ cd \/etc\/letsencrypt\/live\/blog.4star.link\/\ncert.pem       chain.pem      fullchain.pem  privkey.pem    \n\n<\/code><\/pre>\n
3. \u305d\u308c\u305e\u308c\u306epem\u30d5\u30a1\u30a4\u30eb\u304c\u30b7\u30f3\u30dc\u30ea\u30c3\u30af\u3067\u53c2\u7167\u3055\u308c\u3066\u3044\u308b\u306e\u3067\u3001\u305d\u308c\u304cnginx\u3067\u8a2d\u5b9a\u3057\u3066\u3044\u308b\u30d5\u30a1\u30a4\u30eb\u3068\u540c\u3058\u304b\u78ba\u8a8d<\/h3>\n

cert.pem -> ..\/..\/archive\/blog.4star.link\/cert1.pem\nchain.pem -> ..\/..\/archive\/blog.4star.link\/chain1.pem\nfullchain.pem -> ..\/..\/archive\/blog.4star.link\/fullchain1.pem\nprivkey.pem -> ..\/..\/archive\/blog.4star.link\/privkey1.pem\n\n\n<\/code><\/pre>\n
4. \u30671.\u306e\u30b3\u30de\u30f3\u30c9\u5b9f\u884c\u3057\u66f4\u65b0\uff01<\/h3>\n

$ .\/letsencrypt-auto renew\n\n<\/code><\/pre>\n
\u30a8\u30e9\u30fc\u304c\u3067\u305f<\/h4>\n

$ .\/letsencrypt-auto renew\nSaving debug log to \/var\/log\/letsencrypt\/letsencrypt.log\n\n-------------------------------------------------------------------------------\nProcessing \/etc\/letsencrypt\/renewal\/blog.4star.link.conf\n-------------------------------------------------------------------------------\nCert is due for renewal, auto-renewing...\nStarting new HTTPS connection (1): acme-v01.api.letsencrypt.org\nRenewing an existing certificate\nPerforming the following challenges:\ntls-sni-01 challenge for blog.4star.link\n\n-------------------------------------------------------------------------------\nPort 443 is already in use by another process. This will prevent us from binding\nto that port. Please stop the process that is populating the port in question\nand try again.  For automated renewal, you may want to use a script that stops\nand starts your webserver. You can find an example at\nhttps:\/\/certbot.eff.org\/docs\/using.html#renewal . Alternatively you can use the\nwebroot plugin to renew without needing to stop and start your webserver.\n-------------------------------------------------------------------------------\nCleaning up challenges\nAttempting to renew cert from \/etc\/letsencrypt\/renewal\/blog.4star.link.conf produced an unexpected error: At least one of the (possibly) required ports is already taken.. Skipping.\n\nAll renewal attempts failed. The following certs could not be renewed:\n  \/etc\/letsencrypt\/live\/blog.4star.link\/fullchain.pem (failure)\n1 renew failure(s), 0 parse failure(s)\n\n\n<\/code><\/pre>\n
\u5fc5\u8981\u306a\u30dd\u30fc\u30c8\u304c\u65e2\u306b\u4f7f\u308f\u308c\u3066\u3044\u308b\u3089\u3057\u3044\u3002<\/p>\n
\u30dd\u30fc\u30c8\u30c1\u30a7\u30c3\u30af<\/h4>\n

$ netstat -tanplsof -i:80\n\n<\/code><\/pre>\n
nginx\u3067\u4f7f\u3063\u3066\u3044\u308b\u306e\u3067\u4e00\u65e6\u505c\u6b62\uff08\u30b5\u30fc\u30d3\u30b9\u304c\u6b62\u307e\u308b\u306e\u3067\u6ce8\u610f\uff01<\/p>\n

$ service nginx stop\n\n<\/code><\/pre>\n
\u518d\u3073renew!<\/h4>\n

$ .\/letsencrypt-auto renew\nSaving debug log to \/var\/log\/letsencrypt\/letsencrypt.log\n\n-------------------------------------------------------------------------------\nProcessing \/etc\/letsencrypt\/renewal\/blog.4star.link.conf\n-------------------------------------------------------------------------------\nCert is due for renewal, auto-renewing...\nStarting new HTTPS connection (1): acme-v01.api.letsencrypt.org\nRenewing an existing certificate\nPerforming the following challenges:\ntls-sni-01 challenge for blog.4star.link\n\n-------------------------------------------------------------------------------\nPort 443 is already in use by another process. This will prevent us from binding\nto that port. Please stop the process that is populating the port in question\nand try again.  For automated renewal, you may want to use a script that stops\nand starts your webserver. You can find an example at\nhttps:\/\/certbot.eff.org\/docs\/using.html#renewal . Alternatively you can use the\nwebroot plugin to renew without needing to stop and start your webserver.\n-------------------------------------------------------------------------------\nCleaning up challenges\nAttempting to renew cert from \/etc\/letsencrypt\/renewal\/blog.4star.link.conf produced an unexpected error: At least one of the (possibly) required ports is already taken.. Skipping.\n\nAll renewal attempts failed. The following certs could not be renewed:\n  \/etc\/letsencrypt\/live\/blog.4star.link\/fullchain.pem (failure)\n1 renew failure(s), 0 parse failure(s)\n\n<\/code><\/pre>\n
\u307e\u305f\u540c\u3058\u30a8\u30e9\u30fc\u304c\u3002\u3002\u3002<\/p>\n
<\/p>\n
\u3055\u3089\u306b\u3082\u3046\u4e00\u56de\uff01<\/h4>\n
<\/p>\n
\u3069\u308a\u3083\u3063\u3063\uff58\u3055\u3089\u306b\u3082\u3046\u4e00\u56de\uff01<\/h4>\n
<\/p>\n
\u3050\u3042\u3042\u30fc\u30fc\u3063\u3057\u3083\u3044\u3055\u3089\u306b\u3082\u3046\uff11\u3063\u304b\u3044\uff01<\/h3>\n
<\/p>\n
\u3002\u3002\u3002\u3002<\/p>\n
\u3002\u3002\u3002\u3002\u3002<\/p>\n
\u4f55\u5ea6\u304b\u540c\u3058\u30a8\u30e9\u30fc\u304c\u3067\u305f\u3042\u3068\u3001<\/p>\n
<\/p>\n

$ .\/letsencrypt-auto renew\nSaving debug log to \/var\/log\/letsencrypt\/letsencrypt.log\n\n-------------------------------------------------------------------------------\nProcessing \/etc\/letsencrypt\/renewal\/blog.4star.link.conf\n-------------------------------------------------------------------------------\nCert is due for renewal, auto-renewing...\nStarting new HTTPS connection (1): acme-v01.api.letsencrypt.org\nRenewing an existing certificate\nPerforming the following challenges:\ntls-sni-01 challenge for blog.4star.link\nWaiting for verification...\nCleaning up challenges\nGenerating key (2048 bits): \/etc\/letsencrypt\/keys\/0001_key-certbot.pem\nCreating CSR: \/etc\/letsencrypt\/csr\/0001_csr-certbot.pem\n\n-------------------------------------------------------------------------------\nnew certificate deployed without reload, fullchain is\n\/etc\/letsencrypt\/live\/blog.4star.link\/fullchain.pem\n-------------------------------------------------------------------------------\n\nCongratulations, all renewals succeeded. The following certs have been renewed:\n  \/etc\/letsencrypt\/live\/blog.4star.link\/fullchain.pem (success)\n\n<\/code><\/pre>\n
\u6210\u529f\u30fc\u30fc\u30fc\u30fc\u30fc\u30fc\u30fc\uff01<\/h3>\n<\/p>\n
\u6700\u9ad8\u30fc\u30fc\u30fc\u30fc\u30fc\u30fc\u30fc\uff01<\/h3>\n<\/p>\n
\u308f\u3063\u307b\u3044\uff01<\/h3>\n
<\/p>\n
\u3067<\/p>\n

$ service nginx start \n\n<\/code><\/pre>\n
\u8a3c\u660e\u66f8\u304c\u66f4\u65b0\u3055\u308c\u3066\u3044\u306a\u3044\u3002\u3002\u3002\u3002<\/p>\n
\u751f\u6210\u3055\u308c\u305fpem\u30d5\u30a1\u30a4\u30eb\u3092\u30c1\u30a7\u30c3\u30af\u3002\u3002\u3002<\/p>\n<\/p>\n
pem\u304c\u8907\u6570\u9023\u756a\u306b\u306a\u3063\u3066\u3064\u304f\u3089\u308c\u3066\u3044\u308b\u3001\u3001<\/p>\n

\/archive\/blog.4star.link\/cert1.pem\n\/archive\/blog.4star.link\/cert2.pem\n\n<\/code><\/pre>\n
\u50d5\u306e\u5834\u5408archive\u306e\u30d5\u30a1\u30a4\u30eb\u3092nginx.conf\u306b\u6307\u5b9a\u3057\u3066\u3044\u305f\u306e\u3067\u3001
\n\u751f\u6210\u3055\u308c\u305f\u756a\u53f7\u306e\u3064\u304d\u306e\u540d\u524d\u306e\u65b9\u3092\u5909\u66f4\u3002\u3002
\n\u4eba\u529b\u3067\u30d5\u30a1\u30a4\u30eb\u3092\u5909\u66f4\u3002\u3002\u3002\uff57<\/p>\n
nginx.conf<\/p>\n

ssl_certificate \/etc\/letsencrypt\/archive\/blog.4star.link\/fullchain**2**.pem;\nssl_certificate_key \/etc\/letsencrypt\/archive\/blog.4star.link\/privkey**2**.pem;\nssl_trusted_certificate \/etc\/letsencrypt\/archive\/blog.4star.link\/fullchain**2**.pem;\n\n<\/code><\/pre>\n
\u3042\u3068\u306f\u3001<\/p>\n
\u305b\u3044\u3084\u3002\u3002\u3002\uff01\uff01\uff01\uff01<\/p>\n

$ service nginx start\n\n<\/code><\/pre>\n
\"\u7121\u6599SSL\u8a3c\u660e\u66f8\"<\/a>
\u7121\u6599SSL\u8a3c\u660e\u66f8<\/figcaption><\/figure>\n<\/p>\n
\u6210\u529fdone!<\/h3>\n","protected":false},"excerpt":{"rendered":"
\u7121\u6599SSL\u3067\u6709\u540d\u306aLet’s encrypt\u3092\u3001\u5229\u7528\u3055\u305b\u3066\u9802\u3044\u3066\u304a\u308a\u3001 \u305d\u308c\u306e\u6709\u52b9\u671f\u96503\u30f6\u6708\u3068\u77ed\u304f\u3001\u305d\u306e\u6709\u52b9\u671f\u9650\u304c\u8feb\u3063\u305f\u306e\u3067\u3001\u66f4\u65b0\u5bfe\u5fdc\u3057\u305f\u969b\u306e\u30e1\u30e2 \u5c0e\u5165\u306f\u307b\u307c200\uff05\u3053\u3061\u3089\u306e\u30b5\u30a4\u30c8\u69d8\u3092\u53c2\u8003\u306b\u3055\u305b\u3066\u3044\u305f\u3060\u304d\u307e\u3057 … <\/p>\n
“\u7121\u6599SSL Let’s encrypt\u3092\u66f4\u65b0\u3057\u305f\u969b\u306e\u30e1\u30e2” \u306e<\/span>\u7d9a\u304d\u3092\u8aad\u3080<\/a><\/p>\n","protected":false},"author":1,"featured_media":1817,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[243,224],"tags":[227,334,301,222,239,299,332,333],"class_list":["post-1816","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-243","category-224","tag-centos6","tag-http2","tag-https","tag-nginx","tag-php-fpm","tag-ssl","tag-332","tag-333"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/blog.4star.link\/index.php?rest_route=\/wp\/v2\/posts\/1816"}],"collection":[{"href":"https:\/\/blog.4star.link\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.4star.link\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.4star.link\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.4star.link\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1816"}],"version-history":[{"count":2,"href":"https:\/\/blog.4star.link\/index.php?rest_route=\/wp\/v2\/posts\/1816\/revisions"}],"predecessor-version":[{"id":1819,"href":"https:\/\/blog.4star.link\/index.php?rest_route=\/wp\/v2\/posts\/1816\/revisions\/1819"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.4star.link\/index.php?rest_route=\/wp\/v2\/media\/1817"}],"wp:attachment":[{"href":"https:\/\/blog.4star.link\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1816"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.4star.link\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1816"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.4star.link\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1816"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}