Let’s Encrypt 

Certbot クライアントをインストール

# yum install certbot

SSL 証明書を取得

# certbot certonly --standalone -d www.anchorworks.jp

メールアドレスを入力：

更新状況など重要なメールが届くのでメールアドレスを入力しておきましょう。

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel): メールアドレスを入力

次に規約に同意するか：「Y(Yes)」を入力します（同意しないと利用できません）

If you really want to skip this, you can run the client with
--register-unsafely-without-email but you will then be unable to receive notice
about impending expiration or revocation of your certificates or problems with
your Certbot installation that will lead to failure to renew.

Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel): hotta@anchorworks.co.jp
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at

404 Page not found -  Let's Encrypt
Let's Encrypt is a free, automated, and open certificate authority brought to you by the nonprofit Internet Security Res...
letsencrypt.org You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y

メーリングリストに登録するか：（Noでも発行に問題ありません）

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N

ドメインチェックなど問題がなければ以下のメッセージが表示され完了

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/example.com/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/example.com/privkey.pem
This certificate expires on 2020-12-31-.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

※Let’s Encrypt 証明書を取得するときに、80番ポートを利用するので、Webサーバが起動していると下記のエラーが表示される。

Problem binding to port 80: Could not bind to IPv4 or IPv6.

Account registered.
Requesting a certificate for huum.test-view.net
Performing the following challenges:
http-01 challenge for huum.test-view.net
Cleaning up challenges
Problem binding to port 80: Could not bind to IPv4 or IPv6.

対策：Webサーバーを一時的に停止する。

Let’s Encrypt の証明書の更新を自動化する手順 (cron)

Let’s Encrypt の証明書を更新する certbot renew コマンドをcron を利用して、定期的に実行するようにする cron を設定する前にシミュレーション シミュレーションとして実行する  –dry-run オプション...

www.anchorworks.co.jp

2023.01.16