ググルと、「Let's Encryptは、amazon linuxでは試験段階」と言う情報が チラホラ見られましたが、私の試した範囲では、迷うようなことはありませんでした。
STEP0 参考url
何より日本語urlがあったお陰ですね。 https://letsencrypt.jp/docs/using.html#installation
STEP1 クライアントのinstall
# cd /usr/local git clone https://github.com/certbot/certbot
STEP2 証明書のinstall
# /usr/local/certbot/certbot-auto certonly --debug --webroot \ > -d hoge.example.mydns.jp \ > --webroot-path /usr/share/nginx/html Version: 1.1-20080819 Version: 1.1-20080819 IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/hoge.example.mydns.jp/fullchain.pem. Your cert will expire on 2016-10-05. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again. To non-interactively renew *all* of your certificates, run "certbot-auto renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le # ls -l /etc/letsencrypt/live/hoge.example.mydns.jp cert.pem -> ../../archive/hoge.example.mydns.jp/cert1.pem chain.pem -> ../../archive/hoge.example.mydns.jp/chain1.pem fullchain.pem -> ../../archive/hoge.example.mydns.jp/fullchain1.pem privkey.pem -> ../../archive/hoge.example.mydns.jp/privkey1.pem
STEP3 nginxの設定
# vi /etc/nginx/nginx.conf
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
index index.html index.htm;
server {
listen 80;
return 302 https://$host$request_uri;
}
server {
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/hoge.example.mydns.jp/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/hoge.example.mydns.jp/privkey.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
root /usr/share/nginx/html;
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
}
}
STEP4 nginxの再起動
# /etc/rc.d/init.d/nginx restart
その他
Let's Encrypt によるssl証明書の有効期間は90日間らしく 「certbot renew」コマンドで証明書を更新するようです。
気が向いたら、証明書を更新します。
