ドメインを移行したため、サーバー証明書も再作成を行った。 ついでにWebのディレクトリ構成も変更することにする。
ほとんど意味はないのだが、サーバー証明書の失効手順は下記の通り。
$ sudo find /etc/letsencrypt/ -type f -name 'cert1.pem' $ sudo certbot revoke --cert-path /etc/letsencrypt/archive/<domain-path>/cert1.pem --reason keycompromise
サーバー証明書のディレクトリ内を削除してもよいのだが、certbotから削除できる。
$ sudo certbot delete sudo certbot delete Saving debug log to /var/log/letsencrypt/letsencrypt.log Which certificate(s) would you like to delete? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: domain-1.com 2: domain-2.jp - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter 'c' to cancel):
WebサーバーがApacheであれば、certbotで証明書作成から設定反映まで実行できる。
$ sudo certbot --apache Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator apache, Installer apache Which names would you like to activate HTTPS for? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: domain-1.com 2: domain-2.jp - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter 'c' to cancel): 1 Obtaining a new certificate Created an SSL vhost at /etc/apache2/sites-available/domain-1.com-le-ssl.conf Deploying Certificate to VirtualHost /etc/apache2/sites-available/domain-1.com.si-le-ssl.conf Enabling available site: /etc/apache2/sites-available/domain-1.com-le-ssl.conf Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2 Enhancement redirect was already set. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations! You have successfully enabled https://domain-1.com You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=domain-1.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/domain-1.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/domain-1.com/privkey.pem Your cert will expire on 2023-11-18. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew" - Some rewrite rules copied from /etc/apache2/sites-enabled/domain-1.com.conf were disabled in the vhost for your HTTPS site located at /etc/apache2/sites-available/domain-1.com-le-ssl.conf because they have the potential to create redirection loops. - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
Apacheの設定もされてしまっているので、設定の無効化から行う。
$ cd /etc/apache2/sites-enabled $ sudo a2dissite domain-1-le-ssl.conf
$ cd $ sudo rm -i domain-1-le-ssl.conf
$ sudo systemctl reload apache2