【tech】【動画あり】WORDPRESSのhttps化メモ-Let'sEncryptをで無料の常時SSL化(自動定期更新)GCP




※2018/11/24更新!

こちらもblogはGCPのWORDPRESSでhttps化しているのですが、Let's Encryptをインストールして常時SSL通信の証明書定期更新システムを導入した時のメモ書きです

動画つくりました!(InstallMovie)

環境


クラウド(ホスト):Google Cloud Platform
         Bitnami WORDPRESS
         ※ブラウザからのSSH接続
domain:ohanamama.work
googleアカウント:ohana
※ohanamama.workをご自身のドメインへ置き換えて下さい

※DNS登録済みであり、pingが通る状態で行ってください。

手順




・まずはGCPのconsoleからhttps化(SSL化)したいVMへ
 SSH接続しましょう。

・certbotのインストール&permissionの変更
wget https://dl.eff.org/certbot-auto && chmod a+x certbot-auto


--2018-11-22 15:22:06-- https://dl.eff.org/certbot-auto
Resolving dl.eff.org (dl.eff.org)... 151.101.0.201, 151.101.64.201, 151.101.128.201, ...
Connecting to dl.eff.org (dl.eff.org)|151.101.0.201|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 62298 (61K) [application/octet-stream]
Saving to: ‘certbot-auto’

certbot-auto 100%[===================>] 60.84K --.-KB/s in 0.02s

2018-11-22 15:22:06 (2.73 MB/s) - ‘certbot-auto’ saved [62298/62298]


・証明書を生成します
./certbot-auto certonly --webroot -w /opt/bitnami/apps/wordpress/htdocs/ -d ohanamama.work


Requesting to rerun ./certbot-auto with root privileges...
Bootstrapping dependencies for Debian-based OSes... (you can skip this with --no-bootstrap)

Hit:1 http://security.debian.org stretch/updates InRelease
Ign:2 http://deb.debian.org/debian stretch InRelease

~略~

0 upgraded, 13 newly installed, 0 to remove and 23 not upgraded.
Need to get 32.6 MB of archives.
After this operation, 54.7 MB of additional disk space will be used.
Do you want to continue? [Y/n] y


・Do you want to continue? [Y/n] が表示されたら
→「y」を入力して「Enter」


Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel):


・Enter email address (used ///s) (Enter 'c' to cancel): が表示されたら、
emailアドレスを入力して「Enter」

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: a


「a」(同意して)Enter


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: n


「n」→「Enter」


Obtaining a new certificate
Performing the following challenges:
http-01 challenge for ohanamama.work
Using the webroot path /opt/bitnami/apps/wordpress/htdocs for all unmatched domains.
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/ohanamama.work/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/ohanamama.work/privkey.pem
Your cert will expire on 2019-01-29. To obtain a new or tweaked
version of this certificate in the future, simply run certbot-auto
again. To non-interactively renew all of your certificates, run
"certbot-auto renew"
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
- If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le




※以下のエラーが出た時は名前解決ができていない??
英語がわからないのではっきりとはわかりませんが、
DNSへ登録したIPアドレスが正しいか確認してみる
DNSへ新規登録したばかりだと反映に時間がかかったりするようですので
1日程度時間をおいて試してみるなどしてみるとうまくいくと思います!

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: ohanamama.work
   Type:   unauthorized
   Detail: Invalid response from
   http://ohanamama.work/.well-known/acme-challenge/GG5_ETKH-hztyFd9NXLk_OjXirpMzlU8pooVZAVQW6E:
   "<!DOCTYPE html>\n<html lang=\"ja\" class=\"no-js
   no-svg\">\n<head>\n<meta charset=\"UTF-8\">\n<meta
   name=\"viewport\" content=\"width=device-"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.

・自動更新の設定
./certbot-auto renew --dry-run


------------
Requesting to rerun ./certbot-auto with root privileges...
Saving debug log to /var/log/letsencrypt/letsencrypt.log

~略~

IMPORTANT NOTES:
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.


・自動更新の為のcronの設定
sudo crontab -e


Select an editor. To change later, run 'select-editor'.
1. /bin/nano <---- easiest
2. /usr/bin/vim.basic
3. /usr/bin/vim.tiny


「1」→「Enter」

最下部へ下記1行を追記して保存して終了する


0 3 1 * * /home/ohana/certbot-auto renew --quiet --no-self-upgrade ; sudo /opt/bitnami/ctlscript.sh restart apache


・保存して終了
Ctrl+o
→enter
Ctrl+x



・Apacheの設定ファイルを更新
sudo nano /opt/bitnami/apache2/conf/bitnami/bitnami.conf

約10行目の
DocumentRoot "/opt/bitnami/apache2/htdocs"
の下に

ServerName ohanamama.work
ServerAlias ohanamama.work
Redirect permanent / https://ohanamama.work/

の三行を追記し、
そこからさらに40行ほど下の下記2行をコメントアウト、下記の3行を追加する


コメントアウト

SSLCertificateFile "/opt/bitnami/apache2/conf/server.crt"
SSLCertificateKeyFile "/opt/bitnami/apache2/conf/server.key"
→#SSLCertificateFile "/opt/bitnami/apache2/conf/server.crt"
→#SSLCertificateKeyFile "/opt/bitnami/apache2/conf/server.key"

追加

SSLCertificateFile "/etc/letsencrypt/live/ohanamama.work/cert.pem"
SSLCertificateKeyFile "/etc/letsencrypt/live/ohanamama.work/privkey.pem"
SSLCertificateChainFile "/etc/letsencrypt/live/ohanamama.work/chain.pem"


・wp-config.phpの設定ファイルを更新
sudo nano /opt/bitnami/apps/wordpress/htdocs/wp-config.php

ファイルの一番下の方までいくと、画面の上の方に下記2行があるので
コメントアウトして、自身のドメインへ書き換えます。


コメントアウト

define('WP_SITEURL', 'http://' . $_SERVER['HTTP_HOST'] . '/');
define('WP_HOME', 'http://' . $_SERVER['HTTP_HOST'] . '/');
→define('WP_SITEURL', 'http://' . $_SERVER['HTTP_HOST'] . '/');
→define('WP_HOME', 'http://' . $_SERVER['HTTP_HOST'] . '/');

追加

define('WP_SITEURL','https://ohanamama.work');
define('WP_HOME','https://ohanamama.work');


保存して終了しましょう
Ctrl+o
→enter
Ctrl+x

・apacheの再起動
sudo /opt/bitnami/ctlscript.sh restart apache


Unmonitored apache
Syntax OK
/opt/bitnami/apache2/scripts/ctl.sh : httpd stopped
Syntax OK
/opt/bitnami/apache2/scripts/ctl.sh : httpd started at port 80
Monitored apache


の表示が出たら

ブラウザからドメインへアクセスしてみましょう。

ohanamama.work



アクセスして右下のbitnamiのロゴが気になった方はこちらのエントリーから
消しておきましょう!

sudo /opt/bitnami/apps/wordpress/bnconfig --disable_banner
sudo /opt/bitnami/ctlscript.sh restart apache


私がメインで使っているWindowsPC(のメモリが8GBの物)です!
私はこのPCのメモリを現在では32GBにアップグレードして使っています!笑


楽天トラベル

下のVimの本は kindle unlimitedで無料で読めますのでお勧めです!(30日無料期間に読んで解約もアリだと思います。笑)

本は苦手でしたが、技術を身に着けるためには、なんだかんだお金を払うのが近道だなと最近感じています。(お金を払ってもったいない精神で無理やり読書するなど。笑)

viで検索したらFF6がひっかかりました笑