ググルと、「Let's Encryptは、amazon linuxでは試験段階」と言う情報が チラホラ見られましたが、私の試した範囲では、迷うようなことはありませんでした。
STEP0 参考url
何より日本語urlがあったお陰ですね。 https://letsencrypt.jp/docs/using.html#installation
STEP1 クライアントのinstall
# cd /usr/local git clone https://github.com/certbot/certbot
STEP2 証明書のinstall
# /usr/local/certbot/certbot-auto certonly --debug --webroot \ > -d hoge.example.mydns.jp \ > --webroot-path /usr/share/nginx/html Version: 1.1-20080819 Version: 1.1-20080819 IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/hoge.example.mydns.jp/fullchain.pem. Your cert will expire on 2016-10-05. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again. To non-interactively renew *all* of your certificates, run "certbot-auto renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le # ls -l /etc/letsencrypt/live/hoge.example.mydns.jp cert.pem -> ../../archive/hoge.example.mydns.jp/cert1.pem chain.pem -> ../../archive/hoge.example.mydns.jp/chain1.pem fullchain.pem -> ../../archive/hoge.example.mydns.jp/fullchain1.pem privkey.pem -> ../../archive/hoge.example.mydns.jp/privkey1.pem
STEP3 nginxの設定
# vi /etc/nginx/nginx.conf http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; include /etc/nginx/mime.types; default_type application/octet-stream; include /etc/nginx/conf.d/*.conf; index index.html index.htm; server { listen 80; return 302 https://$host$request_uri; } server { listen 443 ssl; ssl_certificate /etc/letsencrypt/live/hoge.example.mydns.jp/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/hoge.example.mydns.jp/privkey.pem; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; root /usr/share/nginx/html; index index.html index.htm index.nginx-debian.html; server_name _; location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ =404; } } }
STEP4 nginxの再起動
# /etc/rc.d/init.d/nginx restart
その他
Let's Encrypt によるssl証明書の有効期間は90日間らしく 「certbot renew」コマンドで証明書を更新するようです。
気が向いたら、証明書を更新します。