Ubuntu20.04 に certbot をインストール

• 概要
• 環境
• certbot のインストール
• nginx のインストール
• IP を A レコードに登録
• 80ポートを Let’sEncrypt からアクセスできるようにする
• 証明書取得
• 動作確認
• 削除

概要

過去の手順が少し古くなったのでそれのブラッシュアップ版になります

certbot + nginx の公式手順になります

環境

• Ubuntu 20.04
• certbot 1.32.2

certbot のインストール

• sudo snap install core; sudo snap refresh core
• sudo apt-get remove certbot
• sudo snap install --classic certbot
• sudo ln -s /snap/bin/certbot /usr/bin/certbot

nginx のインストール

• sudo apt -y update
• sudo apt -y install nginx-core

IP を A レコードに登録

たぶん必要

80ポートを Let’sEncrypt からアクセスできるようにする

これはいらない？

証明書取得

• sudo certbot certonly --nginx

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel): your.mail@address.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N
Account registered.
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): your.domain.com
Requesting a certificate for your.domain.com

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/your.domain.com/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/your.domain.com/privkey.pem
This certificate expires on 2023-05-15.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

動作確認

• sudo certbot certificates

削除

• sudo certbot delete