VPSでLet’s encryptを導入する

IPアドレス指定でアクセスする場合のSSLには対応していないので、独自ドメインをあらかじめ取得・設定しておく必要がある

$ sudo a2enmod ssl
$ sudo a2ensite default-ssl
$ service apache2 reload

$ sudo vi /etc/apache2/sites-available/virtual.host.conf

<VirtualHost *:80>
DocumentRoot /var/www/node
ServerName hoge.site
#ServerAlias www.hoge.site
# Other directives here

RewriteEngine on
RewriteCond %{SERVER_NAME} =hoge.site [OR]
RewriteCond %{SERVER_NAME} =www.hoge.site
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

<VirtualHost _default_:443>
DocumentRoot /var/www/node
ServerName hoge.site
ServerAlias www.hoge.site
# Other directives here

SSLCertificateFile /etc/letsencrypt/live/hoge.site/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/hoge.site/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>

$ sudo apt install firewalld
$ sudo firewall-cmd –add-service=http –zone=public –permanent
$ sudo firewall-cmd –add-service=https –zone=public –permanent
$ sudo systemctl restart firewalld
$ sudo firewall-cmd –list-all
services: dhcpv6-client http https ssh

$ sudo apt-get install certbot python3-certbot-apache
$ certbot –apache -d hoge-test.site

ほう