NginxにLet's Encryptを導入

    [環境]
    AmazonLinux2
    Nginx1.12系
  
    # cd /etc/pki
    # wget https://dl.eff.org/certbot-auto
    # chmod a+x certbot-auto
    # cp certbot-auto{,_ORG}
    # vim certbot-auto
        843行目の
        elif [ -f /etc/issue ] && grep -iq "Amazon Linux" /etc/issue ; then
        をコメントアウトして
        elif grep -i "Amazon Linux" /etc/issue > /dev/null 2>&1 || \
            grep 'cpe:.*:amazon_linux:2' /etc/os-release > /dev/null 2>&1; then
    # systemctl stop nginx
    # ./certbot-auto certonly --standalone -d sample.com --debug -m mail@pear.jp --agree-tos
    # vim /etc/nginx/conf.d/sample.com.conf
        …serverディレクティブの中に
        ssl_certificate /etc/letsencrypt/live/sample.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/sample.com/privkey.pem;
        を追加
        …
    # systemctl restart nginx
    # vim /etc/cron.d/letsencrypt
      0 23 * * 7 root /etc/pki/certbot-auto renew --post-hook "systemctl restart nginx"
トップへ