KAGOYA VPS での certbot » 履歴 » バージョン 1
Tatsuya ISHIGAKI, 2025/10/03 10:14
| 1 | 1 | Tatsuya ISHIGAKI | # KAGOYA VPS での certbot |
|---|---|---|---|
| 2 | bitnami の SSL ツール **bncert-tool** を試した ([[KAGOYA_VPS_での_bncert-tool]]) がうまくできなかったので、**certbot** での SSL 化を行う |
||
| 3 | |||
| 4 | ## 参考 |
||
| 5 | - (公式) [certbot](https://certbot.eff.org/) |
||
| 6 | - (bncert-tool での同じ失敗例もあり) [aws light sail に bitnamiを使わずにSSL設定](https://qiita.com/ma7ma7pipipi/items/f97d77b815a81fcaa8aa) |
||
| 7 | - [Certbotを使ってSSL証明書を発行し、HTTP通信を暗号化しよう](https://avinton.com/academy/creating-ssl-certificate-by-certbot/) |
||
| 8 | - [Let's Encryptで証明書を発行・管理する(snap版)](https://zenn.dev/mqn22/articles/68e87d4c0468dd) |
||
| 9 | |||
| 10 | ## 実施記録 |
||
| 11 | |||
| 12 | ### certbot |
||
| 13 | 【参考】vps 上の docker コンテナの様子 |
||
| 14 | ```bash |
||
| 15 | # docker container ls |
||
| 16 | CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES |
||
| 17 | 3144a13de656 bitnami/redmine:latest "/opt/bitnami/script…" 4 months ago Up 56 minutes 127.0.0.1:8080->3000/tcp root-redmine-1 |
||
| 18 | ddf0dafbc53a bitnami/mariadb:latest "/opt/bitnami/script…" 4 months ago Up 56 minutes 3306/tcp root-mariadb-1 |
||
| 19 | ``` |
||
| 20 | 1. vps インスタンスへ SSH ログイン (root) |
||
| 21 | 1. `snapd` のインストール (以下、[certbot公式内の参考ページ](https://snapcraft.io/docs/installing-snap-on-almalinux) の手順通り) |
||
| 22 | - **EPEL** (Extra Packages for Enterprise Linux) をまずインストール |
||
| 23 | ```bash |
||
| 24 | sudo dnf install epel-release |
||
| 25 | sudo dnf upgrade |
||
| 26 | ``` |
||
| 27 | - **snapd** のインストール |
||
| 28 | ```bash |
||
| 29 | dnf install snapd |
||
| 30 | ``` |
||
| 31 | - systemd で snap ソケットを有効化 |
||
| 32 | ```bash |
||
| 33 | # systemctl enable --now snapd.socket |
||
| 34 | Created symlink /etc/systemd/system/sockets.target.wants/snapd.socket → /usr/lib/systemd/system/snapd.socket. |
||
| 35 | ``` |
||
| 36 | - 古い snap との互換性の為、シンボリックリンクを作成 |
||
| 37 | ```bash |
||
| 38 | ln -s /var/lib/snapd/snap /snap |
||
| 39 | ``` |
||
| 40 | - snap のパス有効化のために、再ログインまたは再起動 (とりあえず vps インスタンスを再起動) |
||
| 41 | 1. snap パッケージ以外の **certbot-auto**, **Certbot** を削除 |
||
| 42 | - 説明では `apt` `dnf` `yum` の `certbot` 削除指示があった |
||
| 43 | - vps に `apt` が無かったので、ほかの2つを一応実行したが、インストールはされていなかった |
||
| 44 | ```bash |
||
| 45 | # dnf remove certbot |
||
| 46 | No match for argument: certbot |
||
| 47 | No packages marked for removal. |
||
| 48 | Dependencies resolved. |
||
| 49 | Nothing to do. |
||
| 50 | Complete! |
||
| 51 | # yum remove certbot |
||
| 52 | No match for argument: certbot |
||
| 53 | No packages marked for removal. |
||
| 54 | Dependencies resolved. |
||
| 55 | Nothing to do. |
||
| 56 | Complete! |
||
| 57 | ``` |
||
| 58 | 1. **certbot** のインストール |
||
| 59 | - エラーとなった |
||
| 60 | ```bash |
||
| 61 | # snap install --classic certbot |
||
| 62 | error: too early for operation, device not yet seeded or device model not acknowledged |
||
| 63 | ``` |
||
| 64 | - snap install 時の同様のエラー報告があった |
||
| 65 | - [snap install coreでエラーが出るとき](https://www.quick-solutions.jp/snap-install-core_error/) |
||
| 66 | - [Let's Encryptで証明書を発行・管理する(snap版)](https://zenn.dev/mqn22/articles/68e87d4c0468dd) |
||
| 67 | - どちらも、少し待ってから再度実行すればよいと記載あり |
||
| 68 | - 本当に少し待っただけで実行成功した |
||
| 69 | ```bash |
||
| 70 | # snap install --classic certbot |
||
| 71 | 2025-10-03T18:50:06+09:00 INFO Waiting for automatic snapd restart... |
||
| 72 | certbot 5.0.0 from Certbot Project (certbot-eff✓) installed |
||
| 73 | ``` |
||
| 74 | 1. certbot 実行用のシンボリックリンク作成 |
||
| 75 | - `ln -s /snap/bin/certbot /usr/bin/certbot` |
||
| 76 | 1. 証明書の取得とインストール |
||
| 77 | - 連絡メール: greennail3804@gmail.com |
||
| 78 | - 利用規約同意: Y |
||
| 79 | - ニュース等のメール送付: N |
||
| 80 | - ドメイン選択: 1 (redmine.smismith.com) |
||
| 81 | ```bash |
||
| 82 | # certbot --nginx |
||
| 83 | Saving debug log to /var/log/letsencrypt/letsencrypt.log |
||
| 84 | Enter email address or hit Enter to skip. |
||
| 85 | (Enter 'c' to cancel): greennail3804@gmail.com |
||
| 86 | |||
| 87 | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
||
| 88 | Please read the Terms of Service at: |
||
| 89 | https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf |
||
| 90 | You must agree in order to register with the ACME server. Do you agree? |
||
| 91 | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
||
| 92 | (Y)es/(N)o: Y |
||
| 93 | |||
| 94 | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
||
| 95 | Would you be willing, once your first certificate is successfully issued, to |
||
| 96 | share your email address with the Electronic Frontier Foundation, a founding |
||
| 97 | partner of the Let's Encrypt project and the non-profit organization that |
||
| 98 | develops Certbot? We'd like to send you email about our work encrypting the web, |
||
| 99 | EFF news, campaigns, and ways to support digital freedom. |
||
| 100 | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
||
| 101 | (Y)es/(N)o: N |
||
| 102 | Account registered. |
||
| 103 | |||
| 104 | Which names would you like to activate HTTPS for? |
||
| 105 | We recommend selecting either all domains, or all domains in a VirtualHost/server block. |
||
| 106 | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
||
| 107 | 1: redmine.smismith.com |
||
| 108 | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
||
| 109 | Select the appropriate numbers separated by commas and/or spaces, or leave input |
||
| 110 | blank to select all options shown (Enter 'c' to cancel): 1 |
||
| 111 | Requesting a certificate for redmine.smismith.com |
||
| 112 | |||
| 113 | Successfully received certificate. |
||
| 114 | Certificate is saved at: /etc/letsencrypt/live/redmine.smismith.com/fullchain.pem |
||
| 115 | Key is saved at: /etc/letsencrypt/live/redmine.smismith.com/privkey.pem |
||
| 116 | This certificate expires on 2026-01-01. |
||
| 117 | These files will be updated when the certificate renews. |
||
| 118 | Certbot has set up a scheduled task to automatically renew this certificate in the background. |
||
| 119 | |||
| 120 | Deploying certificate |
||
| 121 | Successfully deployed certificate for redmine.smismith.com to /etc/nginx/conf.d/tls.conf |
||
| 122 | Congratulations! You have successfully enabled HTTPS on https://redmine.smismith.com |
||
| 123 | |||
| 124 | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
||
| 125 | If you like Certbot, please consider supporting our work by: |
||
| 126 | * Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate |
||
| 127 | * Donating to EFF: https://eff.org/donate-le |
||
| 128 | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
||
| 129 | ``` |
||
| 130 | 1. 手動更新でのテスト |
||
| 131 | - `--dry-run` で確認、問題なさそう |
||
| 132 | ```bash |
||
| 133 | # certbot renew --dry-run |
||
| 134 | Saving debug log to /var/log/letsencrypt/letsencrypt.log |
||
| 135 | |||
| 136 | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
||
| 137 | Processing /etc/letsencrypt/renewal/redmine.smismith.com.conf |
||
| 138 | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
||
| 139 | Account registered. |
||
| 140 | Simulating renewal of an existing certificate for redmine.smismith.com |
||
| 141 | |||
| 142 | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
||
| 143 | Congratulations, all simulated renewals succeeded: |
||
| 144 | /etc/letsencrypt/live/redmine.smismith.com/fullchain.pem (success) |
||
| 145 | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
||
| 146 | ``` |