SSL化 | いとやんサイト

1 証明書を取得するためのツール Certbot クライアントをインストールします。

sudo apt -y install certbot

2 証明書を取得します。

sudo certbot certonly —-webroot -w /var/www/html/ito -d itoyan.com

sudo certbot certonly —-webroot -w /var/www/html/itoyan -d itoyan.mydns.jp

sudo certbot certonly —-webroot -w /var/www/html/itochin -d itochin.f5.si

sudo certbot certonly —-webroot -w /var/www/html/video1 -d video1.f5.si

sudo certbot certonly —-webroot -w /var/www/html/music1 -d music1.f5.si

(最初のみ　メールアドレス　利用規約の同意　電子フロンティア財団とのメールアドレス共有
聞かれるので　メールアドレス入力　y 入力)

バーチャルホストのドメイン設定。

sudo vi /etc/apache2/sites-available/virtual.host.conf

下記はhttpをhttpsへリダイレクト設定

スクリプト

—————————————————————————————-

<VirtualHost *:80>
ServerName itoyan.com
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</VirtualHost>

<VirtualHost *:443>
ServerName itoyan.com
DocumentRoot /var/www/html/ito
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:HIGH:MEDIUM:!aNULL:!MD5:!RC4
SSLCertificateFile /etc/letsencrypt/live/itoyan.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/itoyan.com/privkey.pem
</VirtualHost>

<VirtualHost *:80>
ServerName itoyan.mydns.jp
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</VirtualHost>

<VirtualHost *:443>
ServerName itoyan.mydns.jp
DocumentRoot /var/www/html/itoyan
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:HIGH:MEDIUM:!aNULL:!MD5:!RC4
SSLCertificateFile /etc/letsencrypt/live/itoyan.mydns.jp/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/itoyan.mydns.jp/privkey.pem
</VirtualHost>

<VirtualHost *:80>
ServerName itochin.f5.si
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</VirtualHost>

<VirtualHost *:443>
ServerName itochin.f5.si
DocumentRoot /var/www/html/itochin
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:HIGH:MEDIUM:!aNULL:!MD5:!RC4
SSLCertificateFile /etc/letsencrypt/live/itochin.f5.si/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/itochin.f5.si/privkey.pem
</VirtualHost>

<VirtualHost *:80>
ServerName video1.f5.si
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</VirtualHost>

<VirtualHost *:443>
ServerName video1.f5.si
DocumentRoot /var/www/html/video1
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:HIGH:MEDIUM:!aNULL:!MD5:!RC4
SSLCertificateFile /etc/letsencrypt/live/video1.f5.si/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/video1.f5.si/privkey.pem
</VirtualHost>

<VirtualHost *:80>
ServerName music1.f5.si
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</VirtualHost>

<VirtualHost *:443>
ServerName music1.f5.si
DocumentRoot /var/www/html/music1
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:HIGH:MEDIUM:!aNULL:!MD5:!RC4
SSLCertificateFile /etc/letsencrypt/live/music1.f5.si/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/music1.f5.si/privkey.pem
</VirtualHost>

—————————————————————————————-

4
sudo a2enmod rewrite

sudo a2enmod ssl

sudo systemctl reload apache2

sudo service apache2 restart