AWS EC2のApache環境をLets EncriptでSSL化する

なんかELBでのSSL化がうまくいかなかったのでApacheでSSL化の設定をやっていきますよ。証明書は検証用には大変便利な皆大好きなLet`s Encriptを使っていきますよ。

$ sudo amazon-linux-extras install -y epel
$ sudo yum update
$ sudo yum install -y certbot python2-certbot-apache
$ sudo certbot

メールアドレスとか聞かれるので良い感じに答えるのですが、私はなんか以下のエラー出ました。virtualhostの80ポート足せやって書いてあるので足します。

Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.

Apacheのhttpd.confに適当にそれっぽいの足したら大丈夫でした。

NameVirtualHost *:80

<VirtualHost *:80>
ServerAdmin root@hogehoge
DocumentRoot /var/www/html
ServerName hogehoge
</VirtualHost>

もっかいやってみます。

$ sudo certbot

なんか成功したっぽいです。勝手にファイル書き換えていい感じにしてくれるのでもう接続できるはずです。接続してみてね。接続確認出来たらセキュリティ設定とかいい感じにしないとダメよ？あと3か月で切れるからちゃんと更新してね。

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
No names were found in your configuration files. Please enter in your domain
name(s) (comma and/or space separated)  (Enter 'c' to cancel): [ドメイン名]
Requesting a certificate for [ドメイン名]
Performing the following challenges:
http-01 challenge for [ドメイン名]
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/httpd/conf/httpd-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/conf/httpd-le-ssl.conf
Enabling site /etc/httpd/conf/httpd-le-ssl.conf by adding Include to root configuration
Redirecting vhost in /etc/httpd/conf/httpd.conf to ssl vhost in /etc/httpd/conf/httpd-le-ssl.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https:[ドメイン名]
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Subscribe to the EFF mailing list (email: [メールアドレス]).

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/[ドメイン名]/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/[ドメイン名]/privkey.pem
   Your certificate will expire on 2022-08-30. To obtain a new or
   tweaked version of this certificate in the future, simply run
   certbot again with the "certonly" option. To non-interactively
   renew *all* of your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le