Click here for "Error Codes for Commercial Air Conditioners".

ArchLinux ; Web server SSL ( Let's Encrypt )

1.Obtain SSL Certificate ( Let's Encrypt )

Install the latest open ssl

1.1 advance preparation

1.Package management system Snappy installation
Since the SSL certificate issuing tool "certbot" of Let's Encrypt is recommended to be installed using "snap" after 2021, install Snapd first.

Enable systemd unit to manage the main snap communication socket

Enable Classics Snap support

Version Check

Log out and log in again or reboot the system to ensure that the snap path is updated correctly

2.certbot package installation

Create symbolic link to /snap/bin/certbot

Confirmation

1.2 Obtaining Certificates

Registration of e-mail address and agreement to terms of use required for the first time only
Specify an email address that you can receive

1.2 Automatic certificate renewal (Let's Encrypt)

①Pre-registration testing
First, test the automatic renewal using the following --dry-run option. With this option, the certificate is not renewed, but only the operation is tested, so there is no need to worry about being caught by the limit on the number of times a certificate can be obtained.

②When you install the snap version of certbot, the automatic certificate renewal function is also installed.

snap.certbot.renew.timer is registered

Check the unit file snap.certbot.renew.timer

According to the above settings, it will attempt to update at 5:54 and 22:38 every day as specified in the OnCalender parameter (but the set time will change randomly for each update).

Check the unit file snap.certbot.renew.service

However, the web server that uses the certificate will not be restarted, so set up a script that will run automatically after the update

2. Converting Apache to https

2.1 Edit ssl.conf file

Edit httpd.conf

Restart Apache.

UFWでhttpsを許可する

2.2 Redirect HTTP communications to HTTPS

Create .htaccess under /srv/[FQDN]/.
Contents of .htaccess

タイトルとURLをコピーしました