====== Let's encryptを使ったマルチドメイン設定2 ======
ドメインを移行したため、サーバー証明書も再作成を行った。
ついでにWebのディレクトリ構成も変更することにする。
===== 旧サーバー証明書の失効 =====
ほとんど意味はないのだが、サーバー証明書の失効手順は下記の通り。\\
- サーバー証明書のパスを検索する。
- 検索した証明書のパスを指定して失効させる。
$ sudo find /etc/letsencrypt/ -type f -name 'cert1.pem'
$ sudo certbot revoke --cert-path /etc/letsencrypt/archive//cert1.pem --reason keycompromise
===== サーバー証明書の削除 =====
サーバー証明書のディレクトリ内を削除してもよいのだが、certbotから削除できる。
$ sudo certbot delete
sudo certbot delete
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Which certificate(s) would you like to delete?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: domain-1.com
2: domain-2.jp
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
===== サーバー証明書の作成と設定反映 =====
WebサーバーがApacheであれば、certbotで証明書作成から設定反映まで実行できる。
$ sudo certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: domain-1.com
2: domain-2.jp
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Obtaining a new certificate
Created an SSL vhost at /etc/apache2/sites-available/domain-1.com-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/domain-1.com.si-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/domain-1.com-le-ssl.conf
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Enhancement redirect was already set.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://domain-1.com
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=domain-1.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/domain-1.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/domain-1.com/privkey.pem
Your cert will expire on 2023-11-18. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- Some rewrite rules copied from
/etc/apache2/sites-enabled/domain-1.com.conf were disabled in the
vhost for your HTTPS site located at
/etc/apache2/sites-available/domain-1.com-le-ssl.conf because they
have the potential to create redirection loops.
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
===== サーバー証明書の設定をやり直す場合 =====
Apacheの設定もされてしまっているので、設定の無効化から行う。
- Apacheのサイト設定の無効化
- certbotの生成したSSL設定ファイルの削除
- Apacheへの設定反映
==== Apacheのサイト設定の無効化 ====
$ cd /etc/apache2/sites-enabled
$ sudo a2dissite domain-1-le-ssl.conf
==== certbotの生成したSSL設定ファイルの削除 ====
$ cd
$ sudo rm -i domain-1-le-ssl.conf
==== Apacheへの設定反映 ====
$ sudo systemctl reload apache2