Amazon Lightsailの設定で、プラットフォームで Linux/Unix、設計図で WordPress を選択した場合における内容です。
ロードバランサを利用し ACM を用いた方法でも可能ですが、ここではロードバランサを利用しないで Let’s Encrypt による方法となります。

Let’s Encrypt による SSL 証明書の導入

$ sudo su
# apt-get install -y git
# git clone https://github.com/letsencrypt/letsencrypt
# cd letsencrypt
# ./letsencrypt-auto certonly --webroot -w /opt/bitnami/apps/wordpress/htdocs/ -d hayashier.com
# cp /etc/letsencrypt/live/hayashier.com/fullchain.pem /opt/bitnami/apache2/conf/server.crt
# cp /etc/letsencrypt/live/hayashier.com/privkey.pem /opt/bitnami/apache2/conf/server.key
# /opt/bitnami/ctlscript.sh restart apache

正常に設定が行えていることを確認

$ curl -svo /dev/null https://hayashier.com
* Rebuilt URL to: https://hayashier.com/
*   Trying 34.225.220.198...
* TCP_NODELAY set
* Connected to hayashier.com (34.225.220.198) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
  CAfile: /usr/local/etc/openssl/cert.pem
  CApath: /usr/local/etc/openssl/certs
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
} [5 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.2 (IN), TLS handshake, Server hello (2):
{ [109 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [2731 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [333 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [70 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
{ [1 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: CN=hayashier.com
*  start date: Aug 30 00:49:36 2018 GMT
*  expire date: Nov 28 00:49:36 2018 GMT
*  subjectAltName: host "hayashier.com" matched cert's "hayashier.com"
*  issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
*  SSL certificate verify ok.
} [5 bytes data]

SSL 証明書の自動更新設定

cron 処理により更新

# crontab -e

以下設定内容

1 1 1 * * /tmp/letsencrypt/letsencrypt-auto renew
2 1 1 * * cp /etc/letsencrypt/live/hayashier.com/privkey.pem /opt/bitnami/apache2/conf/server.key
3 1 1 * * cp /etc/letsencrypt/live/hayashier.com/fullchain.pem /opt/bitnami/apache2/conf/server.crt
4 1 1 * * /opt/bitnami/ctlscript.sh restart apache

httpsへ強制

sudo vim /opt/bitnami/apache2/conf/bitnami/bitnami.conf

bitnami.conf

RewriteEngine On
RewriteCond %{HTTP} .*
RewriteRule ^/(.*) https://hayashier.com/$1 [R=301,L]

再起動して設定変更の読み込み

sudo /opt/bitnami/ctlscript.sh restart apache

コメントを残す

メールアドレスが公開されることはありません。 * が付いている欄は必須項目です