lightsailでwordpressにLet’sencryptの証明書を設定する IT by NHM - 2021-02-01 下記のオフィシャルにとても丁寧に書いてある。 Generate And Install A Let's Encrypt SSL Certificate For A Bitnami Applicationhttps://docs.bitnami.com/aws/how-to/generate-install-lets-encrypt-ssl/ Amazon Lightsail でホストされている Bitnami スタックに SSL 証明書をインストールする方法を教えてください。https://aws.amazon.com/jp/premiumsupport/knowledge-center/linux-lightsail-ssl-bitnami/ ようするにコマンド利用して設定してくださいってこと。 sudo /opt/bitnami/bncert-tool ドメイン聞かれるので記述する。複数ある場合は空白。wwwサブドメインを利用するかも聞かれるのでyes ---------------------------------------------------------------------------- Welcome to the Bitnami HTTPS Configuration tool. ---------------------------------------------------------------------------- Domains Please provide a valid space-separated list of domains for which you wish to configure your web server. Domain list []: test.co.jp test.com The following domains were not included: www.test.co.jp www.test.com. Do you want to add them? [Y/n]: Y リダイレクトしますか? HTTP -> HTTPS: Y, test.com -> www.test.com: Y, www.test.com -> test.com : n ---------------------------------------------------------------------------- Enable/disable redirections Please select the redirections you wish to enable or disable on your Bitnami installation. Enable HTTP to HTTPS redirection [Y/n]: Y Enable non-www to www redirection [Y/n]: Y Enable www to non-www redirection [y/N]: n --------------------------------------------------------------------------- Changes to perform この設定で設定しちゃって良いですか? yes The following changes will be performed to your Bitnami installation: 1. Stop web server 2. Configure web server to use a free Let's Encrypt certificate for the domains: test.co.jp test.com www.test.co.jp www.test.com 3. Configure a cron job to automatically renew the certificate each month 4. Configure web server name to: www.test.co.jp 5. Enable HTTP to HTTPS redirection (example: redirect http://test.co.jp to https://test.co.jp) 6. Enable non-www to www redirection (example: redirect test.co.jp to www.test.co.jp) 7. Start web server once all changes have been performed Do you agree to these changes? [Y/n]: Y 証明書作成しますか? yes ---------------------------------------------------------------------------- Create a free HTTPS certificate with Let's Encrypt Please provide a valid e-mail address for which to associate your Let's Encrypt certificate. Domain list: test.co.jp test.com www.test.co.jp www.test.com Server name: www.test.co.jp E-mail address []: test@gmail.com The Let's Encrypt Subscriber Agreement can be found at: https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf Do you agree to the Let's Encrypt Subscriber Agreement? [Y/n]: Y まあ色々と出力される。 ---------------------------------------------------------------------------- Performing changes to your installation The Bitnami HTTPS Configuration Tool will perform any necessary actions to your Bitnami installation. This may take some time, please be patient. ---------------------------------------------------------------------------- Success The Bitnami HTTPS Configuration Tool succeeded in modifying your installation. The configuration report is shown below. Backup files: * /opt/bitnami/apache2/conf/httpd.conf.back.202102010803 * /opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf.back.202102010803 * /opt/bitnami/apache2/conf/bitnami/bitnami.conf.back.202102010803 Find more details in the log file: /tmp/bncert-202102010803.log If you find any issues, please check Bitnami Support forums at: # # This is the main Apache HTTP server configuration file. It contains the # configuration directives that give the server its instructions. # See <URL:http://httpd.apache.org/docs/2.4/> for detailed information. # In particular, see # <URL:http://httpd.apache.org/docs/2.4/mod/directives.html> # for a discussion of each configuration directive. # # Do NOT simply read the instructions in here without understanding # what they do. They're here only as hints or reminders. If you are unsure # consult the online docs. You have been warned. # # Configuration and logfile names: If the filenames you specify for many # of the server's control files begin with "/" (or "drive:/" for Win32), the # server will use that explicit path. If the filenames do *not* begin # with "/", the value of ServerRoot is prepended -- so "logs/access_log" # with ServerRoot set to "/usr/local/apache2" will be interpreted by the # server as "/usr/local/apache2/logs/access_log", whereas "/logs/access_log" # will be interpreted as '/logs/access_log'. # # ServerRoot: The top of the directory tree under which the server's # configuration, error, and log files are kept. # "httpd.conf" 566L, 20188C 1,1 Top https://community.bitnami.com Press [Enter] to continue:ENTER で、これはオフィシャルにも書いてあるが、複数ドメインのサイトの場合、crontabに自動登録されるスクリプトは使わずに自作したsh利用してくださいとのこと。で、作ったのがこれ。とりあえず90日有効期限。domainsの記述順は最初に設定したドメインを先頭に持ってくること。 cat /opt/bitnami/letsencrypt/scripts/renew-certificate.sh #!/bin/bash sudo /opt/bitnami/ctlscript.sh stop apache sudo /opt/bitnami/letsencrypt/lego --tls --email="test@gmail.com" --domains="test.co.jp" --domains="test.com" --domains="www.test.com" --domains="www.test.co.jp" --path="/opt/bitnami/letsencrypt" renew --days 90 sudo /opt/bitnami/ctlscript.sh start apache crontab -e でcrontab書き換える。有効期限が30日切らないと証明書更新できないので毎月cron実行させる意味はないが、とりあえず毎月実行にしておく。 crontab -e 0 0 * * * /opt/bitnami/letsencrypt/scripts/renew-certificate.sh #0 0 * * * sudo /opt/bitnami/letsencrypt/lego --path /opt/bitnami/letsencrypt --email="test@gmail.com" --http --http-timeout 90 --http.webroot /opt/bitnami/apps/letsencrypt --domains=test.co.jp renew && sudo /opt/bitnami/apache2/bin/httpd -f /opt/bitnami/apache2/conf/httpd.conf -k graceful # bncert-autorenew で、実際にサイトにhttpsでアクセスすると証明書に4ドメインが含まれていることが確認できる。 Share on Facebook Share Share on TwitterTweet Share on Pinterest Share Share on LinkedIn Share Share on Digg Share Tags: Let'sEncrypt / Lightsail / SSL証明書 / wordpress