読者です 読者をやめる 読者になる 読者になる

まとめも

大事だと思ったこと、困ったところのメモ

Ubuntu Server 16.04 + Apache2 + Let's EncryptでSSL 通信が出来るようにする

追記

このページの情報が多すぎて見づらいと感じたので整理しました。 li-one.hatenablog.jp

手順

まず、ダウンロードしたいディレクトリに移動します。 ここでは、自分のホームディレクトリにダウンロードします。

admin@ubuntu:~$ cd /home/admin/

次に、Let's Encrypt のリポジトリをクローンします。 正式なサービスがスタートしてから certbot という名前に変わったようです。

admin@ubuntu:~$ git clone https://github.com/certbot/certbot
Cloning into 'certbot'...
remote: Counting objects: 37795, done.
remote: Compressing objects: 100% (130/130), done.
remote: Total 37795 (delta 73), reused 0 (delta 0), pack-reused 37664
Receiving objects: 100% (37795/37795), 10.26 MiB | 2.94 MiB/s, done.
Resolving deltas: 100% (26948/26948), done.
Checking connectivity... done.

処理が終わったらcertbotディレクトリに移動します。

admin@ubuntu:~$ cd certbot/

ディレクトリの中身は次のようになっていました。

root@ubuntu:/home/admin/certbot# ls
acme                        letsencrypt-nginx
certbot                     letshelp-certbot
certbot-apache              letshelp-letsencrypt
certbot-auto                LICENSE.txt
certbot-compatibility-test  linter_plugin.py
certbot-nginx               MANIFEST.in
CHANGES.rst                 pep8.travis.sh
CONTRIBUTING.md             README.rst
docker-compose.yml          readthedocs.org.requirements.txt
Dockerfile                  setup.cfg
Dockerfile-dev              setup.py
docs                        tests
examples                    tools
letsencrypt                 tox.cover.sh
letsencrypt-apache          tox.ini
letsencrypt-auto            Vagrantfile
letsencrypt-auto-source

実行してみますが、私の環境では、最初の数行で0%から動かなくなりました。

root@ubuntu:/home/admin/certbot# ./letsencrypt-auto
Bootstrapping dependencies for Debian-based OSes...
Hit:1 http://jp.archive.ubuntu.com/ubuntu xenial InRelease
Hit:3 http://jp.archive.ubuntu.com/ubuntu xenial-backports InRelease
Get:2 http://jp.archive.ubuntu.com/ubuntu xenial-updates InRelease [94.5 kB]
0% [Connecting to security.ubuntu.com (2001:67c:1560:8001::11)]
  • しばらく待ちます。10分以上かかりました。途中で中断せずのんびりと待ちます。

  • 以下実行結果ですが、とても長いです。読み飛ばしてください。

root@ubuntu:/home/admin/certbot# ./letsencrypt-auto
Bootstrapping dependencies for Debian-based OSes...
Hit:1 http://jp.archive.ubuntu.com/ubuntu xenial InRelease
Get:2 http://jp.archive.ubuntu.com/ubuntu xenial-updates InRelease [94.5 kB]
Hit:3 http://jp.archive.ubuntu.com/ubuntu xenial-backports InRelease
Get:4 http://security.ubuntu.com/ubuntu xenial-security InRelease [94.5 kB]
Fetched 189 kB in 12min 1s (261 B/s)
Reading package lists... Done
Reading package lists... Done
Building dependency tree
Reading state information... Done
ca-certificates is already the newest version (20160104ubuntu1).
The following additional packages will be installed:
  binutils cpp cpp-5 gcc-5 libasan2 libatomic1 libc-dev-bin libc6-dev libcc1-0
  libcilkrts5 libexpat1-dev libgcc-5-dev libgomp1 libisl15 libitm1 liblsan0
  libmpc3 libmpx0 libpython-dev libpython-stdlib libpython2.7 libpython2.7-dev
  libpython2.7-minimal libpython2.7-stdlib libquadmath0 libtsan0 libubsan0
  linux-libc-dev python-minimal python-pip-whl python-pkg-resources python2.7
  python2.7-dev python2.7-minimal python3-virtualenv zlib1g-dev
Suggested packages:
  augeas-doc binutils-doc cpp-doc gcc-5-locales gcc-multilib make manpages-dev
  autoconf automake libtool flex bison gdb gcc-doc gcc-5-multilib gcc-5-doc
  libgcc1-dbg libgomp1-dbg libitm1-dbg libatomic1-dbg libasan2-dbg
  liblsan0-dbg libtsan0-dbg libubsan0-dbg libcilkrts5-dbg libmpx0-dbg
  libquadmath0-dbg augeas-tools glibc-doc python-doc python-tk
  python-setuptools python2.7-doc binfmt-support
Recommended packages:
  manpages-dev libssl-doc
The following NEW packages will be installed:
  augeas-lenses binutils cpp cpp-5 dialog gcc gcc-5 libasan2 libatomic1
  libaugeas0 libc-dev-bin libc6-dev libcc1-0 libcilkrts5 libexpat1-dev
  libffi-dev libgcc-5-dev libgomp1 libisl15 libitm1 liblsan0 libmpc3 libmpx0
  libpython-dev libpython-stdlib libpython2.7 libpython2.7-dev
  libpython2.7-minimal libpython2.7-stdlib libquadmath0 libssl-dev libtsan0
  libubsan0 linux-libc-dev python python-dev python-minimal python-pip-whl
  python-pkg-resources python-virtualenv python2.7 python2.7-dev
  python2.7-minimal python3-virtualenv virtualenv zlib1g-dev
0 upgraded, 46 newly installed, 0 to remove and 7 not upgraded.
Need to get 62.3 MB of archives.
After this operation, 171 MB of additional disk space will be used.
Get:1 http://jp.archive.ubuntu.com/ubuntu xenial/main amd64 libpython2.7-minimal amd64 2.7.11-7ubuntu1 [335 kB]
Get:2 http://jp.archive.ubuntu.com/ubuntu xenial/main amd64 python2.7-minimal amd64 2.7.11-7ubuntu1 [1,288 kB]
Get:3 http://jp.archive.ubuntu.com/ubuntu xenial/main amd64 python-minimal amd64 2.7.11-1 [28.2 kB]
Get:4 http://jp.archive.ubuntu.com/ubuntu xenial/main amd64 libpython2.7-stdlib amd64 2.7.11-7ubuntu1 [1,852 kB]
Get:5 http://jp.archive.ubuntu.com/ubuntu xenial/main amd64 python2.7 amd64 2.7.11-7ubuntu1 [220 kB]
Get:6 http://jp.archive.ubuntu.com/ubuntu xenial/main amd64 libpython-stdlib amd64 2.7.11-1 [7,656 B]
Get:7 http://jp.archive.ubuntu.com/ubuntu xenial/main amd64 python amd64 2.7.11-1 [137 kB]
Get:8 http://jp.archive.ubuntu.com/ubuntu xenial/main amd64 libmpc3 amd64 1.0.3-1 [39.7 kB]
Get:9 http://jp.archive.ubuntu.com/ubuntu xenial/main amd64 augeas-lenses all 1.4.0-0ubuntu1 [263 kB]
Get:10 http://jp.archive.ubuntu.com/ubuntu xenial-updates/main amd64 binutils amd64 2.26-8ubuntu2.1 [2,306 kB]
Get:11 http://jp.archive.ubuntu.com/ubuntu xenial/main amd64 libisl15 amd64 0.16.1-1 [524 kB]
Get:12 http://jp.archive.ubuntu.com/ubuntu xenial-updates/main amd64 cpp-5 amd64 5.3.1-14ubuntu2.1 [7,788 kB]
Get:13 http://jp.archive.ubuntu.com/ubuntu xenial/main amd64 cpp amd64 4:5.3.1-1ubuntu1 [27.7 kB]
Get:14 http://jp.archive.ubuntu.com/ubuntu xenial/universe amd64 dialog amd64 1.3-20160209-1 [215 kB]
Get:15 http://jp.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libcc1-0 amd64 5.3.1-14ubuntu2.1 [38.7 kB]
Get:16 http://jp.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libgomp1 amd64 5.3.1-14ubuntu2.1 [55.0 kB]
Get:17 http://jp.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libitm1 amd64 5.3.1-14ubuntu2.1 [27.4 kB]
Get:18 http://jp.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libatomic1 amd64 5.3.1-14ubuntu2.1 [8,882 B]
Get:19 http://jp.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libasan2 amd64 5.3.1-14ubuntu2.1 [269 kB]
Get:20 http://jp.archive.ubuntu.com/ubuntu xenial-updates/main amd64 liblsan0 amd64 5.3.1-14ubuntu2.1 [110 kB]
Get:21 http://jp.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libtsan0 amd64 5.3.1-14ubuntu2.1 [249 kB]
Get:22 http://jp.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libubsan0 amd64 5.3.1-14ubuntu2.1 [100 kB]
Get:23 http://jp.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libcilkrts5 amd64 5.3.1-14ubuntu2.1 [40.1 kB]
Get:24 http://jp.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libmpx0 amd64 5.3.1-14ubuntu2.1 [9,752 B]
Get:25 http://jp.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libquadmath0 amd64 5.3.1-14ubuntu2.1 [131 kB]
Get:26 http://jp.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libgcc-5-dev amd64 5.3.1-14ubuntu2.1 [2,234 kB]
Get:27 http://jp.archive.ubuntu.com/ubuntu xenial-updates/main amd64 gcc-5 amd64 5.3.1-14ubuntu2.1 [8,548 kB]
Get:28 http://jp.archive.ubuntu.com/ubuntu xenial/main amd64 gcc amd64 4:5.3.1-1ubuntu1 [5,244 B]
Get:29 http://jp.archive.ubuntu.com/ubuntu xenial/main amd64 libaugeas0 amd64 1.4.0-0ubuntu1 [154 kB]
Get:30 http://jp.archive.ubuntu.com/ubuntu xenial/main amd64 libc-dev-bin amd64 2.23-0ubuntu3 [68.7 kB]
Get:31 http://jp.archive.ubuntu.com/ubuntu xenial-updates/main amd64 linux-libc-dev amd64 4.4.0-28.47 [842 kB]
Get:32 http://jp.archive.ubuntu.com/ubuntu xenial/main amd64 libc6-dev amd64 2.23-0ubuntu3 [2,084 kB]
Get:33 http://jp.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libexpat1-dev amd64 2.1.0-7ubuntu0.16.04.2 [115 kB]
Get:34 http://jp.archive.ubuntu.com/ubuntu xenial/main amd64 libpython2.7 amd64 2.7.11-7ubuntu1 [1,069 kB]
Get:35 http://jp.archive.ubuntu.com/ubuntu xenial/main amd64 libpython2.7-dev amd64 2.7.11-7ubuntu1 [27.8 MB]
Get:36 http://jp.archive.ubuntu.com/ubuntu xenial/main amd64 libpython-dev amd64 2.7.11-1 [7,728 B]
Get:37 http://jp.archive.ubuntu.com/ubuntu xenial/main amd64 zlib1g-dev amd64 1:1.2.8.dfsg-2ubuntu4 [168 kB]
Get:38 http://jp.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libssl-dev amd64 1.0.2g-1ubuntu4.1 [1,394 kB]
Get:39 http://jp.archive.ubuntu.com/ubuntu xenial/main amd64 python2.7-dev amd64 2.7.11-7ubuntu1 [280 kB]
Get:40 http://jp.archive.ubuntu.com/ubuntu xenial/main amd64 python-dev amd64 2.7.11-1 [1,160 B]
Get:41 http://jp.archive.ubuntu.com/ubuntu xenial-updates/universe amd64 python-pip-whl all 8.1.1-2ubuntu0.1 [1,110 kB]
Get:42 http://jp.archive.ubuntu.com/ubuntu xenial/main amd64 python-pkg-resources all 20.7.0-1 [108 kB]
Get:43 http://jp.archive.ubuntu.com/ubuntu xenial/universe amd64 python-virtualenv all 15.0.1+ds-3 [46.7 kB]
Get:44 http://jp.archive.ubuntu.com/ubuntu xenial/universe amd64 python3-virtualenv all 15.0.1+ds-3 [43.3 kB]
Get:45 http://jp.archive.ubuntu.com/ubuntu xenial/universe amd64 virtualenv all 15.0.1+ds-3 [4,342 B]
Get:46 http://jp.archive.ubuntu.com/ubuntu xenial/main amd64 libffi-dev amd64 3.2.1-4 [161 kB]
Fetched 62.3 MB in 5s (11.5 MB/s)
Extracting templates from packages: 100%
Selecting previously unselected package libpython2.7-minimal:amd64.
(Reading database ... 60131 files and directories currently installed.)
Preparing to unpack .../libpython2.7-minimal_2.7.11-7ubuntu1_amd64.deb ...
Unpacking libpython2.7-minimal:amd64 (2.7.11-7ubuntu1) ...
Selecting previously unselected package python2.7-minimal.
Preparing to unpack .../python2.7-minimal_2.7.11-7ubuntu1_amd64.deb ...
Unpacking python2.7-minimal (2.7.11-7ubuntu1) ...
Selecting previously unselected package python-minimal.
Preparing to unpack .../python-minimal_2.7.11-1_amd64.deb ...
Unpacking python-minimal (2.7.11-1) ...
Selecting previously unselected package libpython2.7-stdlib:amd64.
Preparing to unpack .../libpython2.7-stdlib_2.7.11-7ubuntu1_amd64.deb ...
Unpacking libpython2.7-stdlib:amd64 (2.7.11-7ubuntu1) ...
Selecting previously unselected package python2.7.
Preparing to unpack .../python2.7_2.7.11-7ubuntu1_amd64.deb ...
Unpacking python2.7 (2.7.11-7ubuntu1) ...
Selecting previously unselected package libpython-stdlib:amd64.
Preparing to unpack .../libpython-stdlib_2.7.11-1_amd64.deb ...
Unpacking libpython-stdlib:amd64 (2.7.11-1) ...
Processing triggers for man-db (2.7.5-1) ...
Processing triggers for mime-support (3.59ubuntu1) ...
Setting up libpython2.7-minimal:amd64 (2.7.11-7ubuntu1) ...
Setting up python2.7-minimal (2.7.11-7ubuntu1) ...
Linking and byte-compiling packages for runtime python2.7...
Setting up python-minimal (2.7.11-1) ...
Selecting previously unselected package python.
(Reading database ... 60877 files and directories currently installed.)
Preparing to unpack .../python_2.7.11-1_amd64.deb ...
Unpacking python (2.7.11-1) ...
Selecting previously unselected package libmpc3:amd64.
Preparing to unpack .../libmpc3_1.0.3-1_amd64.deb ...
Unpacking libmpc3:amd64 (1.0.3-1) ...
Selecting previously unselected package augeas-lenses.
Preparing to unpack .../augeas-lenses_1.4.0-0ubuntu1_all.deb ...
Unpacking augeas-lenses (1.4.0-0ubuntu1) ...
Selecting previously unselected package binutils.
Preparing to unpack .../binutils_2.26-8ubuntu2.1_amd64.deb ...
Unpacking binutils (2.26-8ubuntu2.1) ...
Selecting previously unselected package libisl15:amd64.
Preparing to unpack .../libisl15_0.16.1-1_amd64.deb ...
Unpacking libisl15:amd64 (0.16.1-1) ...
Selecting previously unselected package cpp-5.
Preparing to unpack .../cpp-5_5.3.1-14ubuntu2.1_amd64.deb ...
Unpacking cpp-5 (5.3.1-14ubuntu2.1) ...
Selecting previously unselected package cpp.
Preparing to unpack .../cpp_4%3a5.3.1-1ubuntu1_amd64.deb ...
Unpacking cpp (4:5.3.1-1ubuntu1) ...
Selecting previously unselected package dialog.
Preparing to unpack .../dialog_1.3-20160209-1_amd64.deb ...
Unpacking dialog (1.3-20160209-1) ...
Selecting previously unselected package libcc1-0:amd64.
Preparing to unpack .../libcc1-0_5.3.1-14ubuntu2.1_amd64.deb ...
Unpacking libcc1-0:amd64 (5.3.1-14ubuntu2.1) ...
Selecting previously unselected package libgomp1:amd64.
Preparing to unpack .../libgomp1_5.3.1-14ubuntu2.1_amd64.deb ...
Unpacking libgomp1:amd64 (5.3.1-14ubuntu2.1) ...
Selecting previously unselected package libitm1:amd64.
Preparing to unpack .../libitm1_5.3.1-14ubuntu2.1_amd64.deb ...
Unpacking libitm1:amd64 (5.3.1-14ubuntu2.1) ...
Selecting previously unselected package libatomic1:amd64.
Preparing to unpack .../libatomic1_5.3.1-14ubuntu2.1_amd64.deb ...
Unpacking libatomic1:amd64 (5.3.1-14ubuntu2.1) ...
Selecting previously unselected package libasan2:amd64.
Preparing to unpack .../libasan2_5.3.1-14ubuntu2.1_amd64.deb ...
Unpacking libasan2:amd64 (5.3.1-14ubuntu2.1) ...
Selecting previously unselected package liblsan0:amd64.
Preparing to unpack .../liblsan0_5.3.1-14ubuntu2.1_amd64.deb ...
Unpacking liblsan0:amd64 (5.3.1-14ubuntu2.1) ...
Selecting previously unselected package libtsan0:amd64.
Preparing to unpack .../libtsan0_5.3.1-14ubuntu2.1_amd64.deb ...
Unpacking libtsan0:amd64 (5.3.1-14ubuntu2.1) ...
Selecting previously unselected package libubsan0:amd64.
Preparing to unpack .../libubsan0_5.3.1-14ubuntu2.1_amd64.deb ...
Unpacking libubsan0:amd64 (5.3.1-14ubuntu2.1) ...
Selecting previously unselected package libcilkrts5:amd64.
Preparing to unpack .../libcilkrts5_5.3.1-14ubuntu2.1_amd64.deb ...
Unpacking libcilkrts5:amd64 (5.3.1-14ubuntu2.1) ...
Selecting previously unselected package libmpx0:amd64.
Preparing to unpack .../libmpx0_5.3.1-14ubuntu2.1_amd64.deb ...
Unpacking libmpx0:amd64 (5.3.1-14ubuntu2.1) ...
Selecting previously unselected package libquadmath0:amd64.
Preparing to unpack .../libquadmath0_5.3.1-14ubuntu2.1_amd64.deb ...
Unpacking libquadmath0:amd64 (5.3.1-14ubuntu2.1) ...
Selecting previously unselected package libgcc-5-dev:amd64.
Preparing to unpack .../libgcc-5-dev_5.3.1-14ubuntu2.1_amd64.deb ...
Unpacking libgcc-5-dev:amd64 (5.3.1-14ubuntu2.1) ...
Selecting previously unselected package gcc-5.
Preparing to unpack .../gcc-5_5.3.1-14ubuntu2.1_amd64.deb ...
Unpacking gcc-5 (5.3.1-14ubuntu2.1) ...
Selecting previously unselected package gcc.
Preparing to unpack .../gcc_4%3a5.3.1-1ubuntu1_amd64.deb ...
Unpacking gcc (4:5.3.1-1ubuntu1) ...
Selecting previously unselected package libaugeas0.
Preparing to unpack .../libaugeas0_1.4.0-0ubuntu1_amd64.deb ...
Unpacking libaugeas0 (1.4.0-0ubuntu1) ...
Selecting previously unselected package libc-dev-bin.
Preparing to unpack .../libc-dev-bin_2.23-0ubuntu3_amd64.deb ...
Unpacking libc-dev-bin (2.23-0ubuntu3) ...
Selecting previously unselected package linux-libc-dev:amd64.
Preparing to unpack .../linux-libc-dev_4.4.0-28.47_amd64.deb ...
Unpacking linux-libc-dev:amd64 (4.4.0-28.47) ...
Selecting previously unselected package libc6-dev:amd64.
Preparing to unpack .../libc6-dev_2.23-0ubuntu3_amd64.deb ...
Unpacking libc6-dev:amd64 (2.23-0ubuntu3) ...
Selecting previously unselected package libexpat1-dev:amd64.
Preparing to unpack .../libexpat1-dev_2.1.0-7ubuntu0.16.04.2_amd64.deb ...
Unpacking libexpat1-dev:amd64 (2.1.0-7ubuntu0.16.04.2) ...
Selecting previously unselected package libpython2.7:amd64.
Preparing to unpack .../libpython2.7_2.7.11-7ubuntu1_amd64.deb ...
Unpacking libpython2.7:amd64 (2.7.11-7ubuntu1) ...
Selecting previously unselected package libpython2.7-dev:amd64.
Preparing to unpack .../libpython2.7-dev_2.7.11-7ubuntu1_amd64.deb ...
Unpacking libpython2.7-dev:amd64 (2.7.11-7ubuntu1) ...
Selecting previously unselected package libpython-dev:amd64.
Preparing to unpack .../libpython-dev_2.7.11-1_amd64.deb ...
Unpacking libpython-dev:amd64 (2.7.11-1) ...
Selecting previously unselected package zlib1g-dev:amd64.
Preparing to unpack .../zlib1g-dev_1%3a1.2.8.dfsg-2ubuntu4_amd64.deb ...
Unpacking zlib1g-dev:amd64 (1:1.2.8.dfsg-2ubuntu4) ...
Selecting previously unselected package libssl-dev:amd64.
Preparing to unpack .../libssl-dev_1.0.2g-1ubuntu4.1_amd64.deb ...
Unpacking libssl-dev:amd64 (1.0.2g-1ubuntu4.1) ...
Selecting previously unselected package python2.7-dev.
Preparing to unpack .../python2.7-dev_2.7.11-7ubuntu1_amd64.deb ...
Unpacking python2.7-dev (2.7.11-7ubuntu1) ...
Selecting previously unselected package python-dev.
Preparing to unpack .../python-dev_2.7.11-1_amd64.deb ...
Unpacking python-dev (2.7.11-1) ...
Selecting previously unselected package python-pip-whl.
Preparing to unpack .../python-pip-whl_8.1.1-2ubuntu0.1_all.deb ...
Unpacking python-pip-whl (8.1.1-2ubuntu0.1) ...
Selecting previously unselected package python-pkg-resources.
Preparing to unpack .../python-pkg-resources_20.7.0-1_all.deb ...
Unpacking python-pkg-resources (20.7.0-1) ...
Selecting previously unselected package python-virtualenv.
Preparing to unpack .../python-virtualenv_15.0.1+ds-3_all.deb ...
Unpacking python-virtualenv (15.0.1+ds-3) ...
Selecting previously unselected package python3-virtualenv.
Preparing to unpack .../python3-virtualenv_15.0.1+ds-3_all.deb ...
Unpacking python3-virtualenv (15.0.1+ds-3) ...
Selecting previously unselected package virtualenv.
Preparing to unpack .../virtualenv_15.0.1+ds-3_all.deb ...
Unpacking virtualenv (15.0.1+ds-3) ...
Selecting previously unselected package libffi-dev:amd64.
Preparing to unpack .../libffi-dev_3.2.1-4_amd64.deb ...
Unpacking libffi-dev:amd64 (3.2.1-4) ...
Processing triggers for man-db (2.7.5-1) ...
Processing triggers for libc-bin (2.23-0ubuntu3) ...
Processing triggers for install-info (6.1.0.dfsg.1-5) ...
Setting up libpython2.7-stdlib:amd64 (2.7.11-7ubuntu1) ...
Setting up python2.7 (2.7.11-7ubuntu1) ...
Setting up libpython-stdlib:amd64 (2.7.11-1) ...
Setting up python (2.7.11-1) ...
Setting up libmpc3:amd64 (1.0.3-1) ...
Setting up augeas-lenses (1.4.0-0ubuntu1) ...
Setting up binutils (2.26-8ubuntu2.1) ...
Setting up libisl15:amd64 (0.16.1-1) ...
Setting up cpp-5 (5.3.1-14ubuntu2.1) ...
Setting up cpp (4:5.3.1-1ubuntu1) ...
Setting up dialog (1.3-20160209-1) ...
Setting up libcc1-0:amd64 (5.3.1-14ubuntu2.1) ...
Setting up libgomp1:amd64 (5.3.1-14ubuntu2.1) ...
Setting up libitm1:amd64 (5.3.1-14ubuntu2.1) ...
Setting up libatomic1:amd64 (5.3.1-14ubuntu2.1) ...
Setting up libasan2:amd64 (5.3.1-14ubuntu2.1) ...
Setting up liblsan0:amd64 (5.3.1-14ubuntu2.1) ...
Setting up libtsan0:amd64 (5.3.1-14ubuntu2.1) ...
Setting up libubsan0:amd64 (5.3.1-14ubuntu2.1) ...
Setting up libcilkrts5:amd64 (5.3.1-14ubuntu2.1) ...
Setting up libmpx0:amd64 (5.3.1-14ubuntu2.1) ...
Setting up libquadmath0:amd64 (5.3.1-14ubuntu2.1) ...
Setting up libgcc-5-dev:amd64 (5.3.1-14ubuntu2.1) ...
Setting up gcc-5 (5.3.1-14ubuntu2.1) ...
Setting up gcc (4:5.3.1-1ubuntu1) ...
Setting up libaugeas0 (1.4.0-0ubuntu1) ...
Setting up libc-dev-bin (2.23-0ubuntu3) ...
Setting up linux-libc-dev:amd64 (4.4.0-28.47) ...
Setting up libc6-dev:amd64 (2.23-0ubuntu3) ...
Setting up libexpat1-dev:amd64 (2.1.0-7ubuntu0.16.04.2) ...
Setting up libpython2.7:amd64 (2.7.11-7ubuntu1) ...
Setting up libpython2.7-dev:amd64 (2.7.11-7ubuntu1) ...
Setting up libpython-dev:amd64 (2.7.11-1) ...
Setting up zlib1g-dev:amd64 (1:1.2.8.dfsg-2ubuntu4) ...
Setting up libssl-dev:amd64 (1.0.2g-1ubuntu4.1) ...
Setting up python2.7-dev (2.7.11-7ubuntu1) ...
Setting up python-dev (2.7.11-1) ...
Setting up python-pip-whl (8.1.1-2ubuntu0.1) ...
Setting up python-pkg-resources (20.7.0-1) ...
Setting up python-virtualenv (15.0.1+ds-3) ...
Setting up python3-virtualenv (15.0.1+ds-3) ...
Setting up virtualenv (15.0.1+ds-3) ...
Setting up libffi-dev:amd64 (3.2.1-4) ...
Processing triggers for libc-bin (2.23-0ubuntu3) ...
Creating virtual environment...
Installing Python packages...
Installation succeeded.

ヘルプを表示してみました。

root@ubuntu:/home/admin/certbot# ./letsencrypt-auto --help
  letsencrypt-auto [SUBCOMMAND] [options] [-d domain] [-d domain] ...

Certbot can obtain and install HTTPS/TLS/SSL certificates.  By default,
it will attempt to use a webserver both for obtaining and installing the
cert. Major SUBCOMMANDS are:

  (default) run        Obtain & install a cert in your current webserver
  certonly             Obtain cert, but do not install it (aka "auth")
  install              Install a previously obtained cert in a server
  renew                Renew previously obtained certs that are near expiry
  revoke               Revoke a previously obtained certificate
  register             Perform tasks related to registering with the CA
  rollback             Rollback server configuration changes made during install
  config_changes       Show changes made to server config during installation
  plugins              Display information about installed plugins

Choice of server plugins for obtaining and installing cert:

  --apache          Use the Apache plugin for authentication & installation
  --standalone      Run a standalone webserver for authentication
  (nginx support is experimental, buggy, and not installed by default)
  --webroot         Place files in a server's webroot folder for authentication

OR use different plugins to obtain (authenticate) the cert and then install it:

  --authenticator standalone --installer apache

More detailed help:

  -h, --help [topic]    print this message, or detailed help on a topic;
                        the available topics are:

   all, automation, paths, security, testing, or any of the subcommands or
   plugins (certonly, install, register, nginx, apache, standalone, webroot,
   etc.)

certbotクライアントを実行します。

root@ubuntu:/home/admin/certbot# ./certbot-auto certonly --standalone -d exapmle.hoge.com -d www.exapmle.hoge.com

以下のような画面が表示されます。 ここで入力したメールアドレスは、緊急の通知、鍵を紛失したときの復旧、証明書の有効期限が近付いた場合の通知に使用されるそうです。

   ┌──────────────────────────────────────────────────────────────────────┐
   │ Enter email address (used for urgent notices and lost key recovery)  │
   │ ┌──────────────────────────────────────────────────────────────────┐ │
   │ │hogehoge@example.com                                              │ │
   │ └──────────────────────────────────────────────────────────────────┘ │
   ├──────────────────────────────────────────────────────────────────────┤
   │                     <  OK  >           <Cancel>                      │
   └──────────────────────────────────────────────────────────────────────┘

メールアドレスの入力後、OKを選択すると、利用規約に同意するか尋ねられるので、内容を確認し同意(Agree)を選択します。

   ┌──────────────────────────────────────────────────────────────────────┐
   │ Please read the Terms of Service at                                  │
   │ https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf. You │
   │ must agree in order to register with the ACME server at              │
   │ https://acme-v01.api.letsencrypt.org/directory                       │
   │                                                                      │
   │                                                                      │
   │                                                                      │
   │                                                                      │
   │                                                                      │
   │                                                                      │
   │                                                                      │
   │                                                                      │
   │                                                                      │
   │                                                                      │
   │                                                                      │
   │                                                                      │
   ├──────────────────────────────────────────────────────────────────────┤
   │                     <Agree >           <Cancel>                      │
   └──────────────────────────────────────────────────────────────────────┘

Apacheが80番ポートを使用してますよ。Apacheを止めてもう一度実行してくださいね。という警告が出ました。

   ┌──────────────────────────────────────────────────────────────────────┐
   │ The program apache2 (process ID 27582) is already listening on TCP   │
   │ port 80. This will prevent us from binding to that port. Please stop │
   │ the apache2 program temporarily and then try again.                  │
   │                                                                      │
   │                                                                      │
   │                                                                      │
   │                                                                      │
   │                                                                      │
   │                                                                      │
   ├──────────────────────────────────────────────────────────────────────┤
   │                               <  OK  >                               │
   └──────────────────────────────────────────────────────────────────────┘

At least one of the (possibly) required ports is already taken.

IMPORTANT NOTES:
 - If you lose your account credentials, you can recover through
   e-mails sent to hogehoge@exapmle.com.
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.

Apacheを止めます。

root@ubuntu:/home/admin/certbot# apachectl stop

再び実行してみます。サーバー証明書の取得ができたようです。

root@ubuntu:/home/admin/certbot# ./certbot-auto certonly --standalone -d exapmle.hoge.com -d www.exapmle.hoge.com
Failed authorization procedure. www.exapmle.hoge.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: NXDOMAIN looking up A for www.exapmle.hoge.com

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: www.exapmle.hoge.com
   Type:   connection
   Detail: DNS problem: NXDOMAIN looking up A for www.exapmle.hoge.com

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

鍵の確認

root@ubuntu:~# cd /etc/letsencrypt/live/exapmle.hoge.com/
root@ubuntu:/etc/letsencrypt/live/exapmle.hoge.com# cat cert.pem
-----BEGIN CERTIFICATE-----

ここに鍵が表示されています。

-----END CERTIFICATE-----

止めたApacheを動かします。

root@ubuntu:~# apachectl start

ApacheSSLモジュールを有効化します。

root@ubuntu:~# a2enmod ssl
Considering dependency setenvif for ssl:
Module setenvif already enabled
Considering dependency mime for ssl:
Module mime already enabled
Considering dependency socache_shmcb for ssl:
Enabling module socache_shmcb.
Enabling module ssl.
See /usr/share/doc/apache2/README.Debian.gz on how to configure SSL and create self-signed certificates.
To activate the new configuration, you need to run:
  service apache2 restart

バーチャルホストも有効化します。

root@ubuntu:~# a2ensite default-ssl
Enabling site default-ssl.
To activate the new configuration, you need to run:
  service apache2 reload

Apacheを再起動します。

root@ubuntu:~# service apache2 restart

証明書の再インストールを行います。

root@ubuntu:/home/admin/certbot# ./letsencrypt-auto

次のような画面が表示されるので、 Yes を選択します。


   ┌──────────────────────────────────────────────────────────────────────┐
   │ No names were found in your configuration files.                     │
   │ You should specify ServerNames in your config files in order to      │
   │ allow for accurate installation of your certificate.                 │
   │ If you do use the default vhost, you may specify the name manually.  │
   │ Would you like to continue?                                          │
   │                                                                      │
   │                                                                      │
   │                                                                      │
   │                                                                      │
   │                                                                      │
   │                                                                      │
   │                                                                      │
   │                                                                      │
   │                                                                      │
   │                                                                      │
   │                                                                      │
   ├──────────────────────────────────────────────────────────────────────┤
   │                     < Yes >           < No  >                        │
   └──────────────────────────────────────────────────────────────────────┘

証明書のドメイン名を入力します。

   ┌──────────────────────────────────────────────────────────────────────┐
   │ Please enter in your domain name(s) (comma and/or space separated)   │
   │ ┌──────────────────────────────────────────────────────────────────┐ │
   │ │exapmle.hoge.com                                                  │ │
   │ └──────────────────────────────────────────────────────────────────┘ │
   ├──────────────────────────────────────────────────────────────────────┤
   │                     <  OK  >           <Cancel>                      │
   └──────────────────────────────────────────────────────────────────────┘

同じドメイン名の証明書を持ってますよね。どの作業をしたいのですか。と聞かれるので、1を選択します。

   ┌──────────────────────────────────────────────────────────────────────┐
   │ You have an existing certificate that contains exactly the same      │
   │ domains you requested and isn't close to expiry.                     │
   │ (ref: /etc/letsencrypt/renewal/exapmle.hoge.com.conf)                │
   │                                                                      │
   │ What would you like to do?                                           │
   │ ┌──────────────────────────────────────────────────────────────────┐ │
   │ │        1  Attempt to reinstall this existing certificate         │ │
   │ │        2  Renew & replace the cert (limit ~5 per 7 days)         │ │
   │ │                                                                  │ │
   │ │                                                                  │ │
   │ │                                                                  │ │
   │ │                                                                  │ │
   │ │                                                                  │ │
   │ │                                                                  │ │
   │ │                                                                  │ │
   │ └──────────────────────────────────────────────────────────────────┘ │
   ├──────────────────────────────────────────────────────────────────────┤
   │                     <  OK  >           <Cancel>                      │
   └──────────────────────────────────────────────────────────────────────┘

HTTP通信とHTTPS通信の両方を許可する場合はEasyを、常時HTTPS通信を行う場合はSecureを選択します。

   ┌──────────────────────────────────────────────────────────────────────┐
   │ Please choose whether HTTPS access is required or optional.          │
   │ ┌──────────────────────────────────────────────────────────────────┐ │
   │ │    Easy    Allow both HTTP and HTTPS access to these sites       │ │
   │ │    Secure  Make all requests redirect to secure HTTPS access     │ │
   │ │                                                                  │ │
   │ │                                                                  │ │
   │ │                                                                  │ │
   │ │                                                                  │ │
   │ │                                                                  │ │
   │ │                                                                  │ │
   │ │                                                                  │ │
   │ │                                                                  │ │
   │ │                                                                  │ │
   │ │                                                                  │ │
   │ │                                                                  │ │
   │ └──────────────────────────────────────────────────────────────────┘ │
   ├──────────────────────────────────────────────────────────────────────┤
   │                     <  OK  >           <Cancel>                      │
   └──────────────────────────────────────────────────────────────────────┘

以下のようなが面が表示されれば、成功です! HTTPSで通信しているはずです。ブラウザで確認してみてください。

   ┌──────────────────────────────────────────────────────────────────────┐
   │ Congratulations! You have successfully enabled                       │
   │ https://exapmle.hoge.com                                             │
   │                                                                      │
   │ You should test your configuration at:                               │
   │ https://www.ssllabs.com/ssltest/analyze.html?d=exapmle.hoge.com      │
   │                                                                      │
   │                                                                      │
   ├──────────────────────────────────────────────────────────────────────┤
   │                               <  OK  >                               │
   └──────────────────────────────────────────────────────────────────────┘

証明書の自動更新

Let's Encryptの証明書は有効期限が90日と短いことが特徴です。そのため、自動更新が必須といえます。

li-one.hatenablog.jp