GCPServerWordpress

【WordPress】GCP、WordPress 証明書設定(https化)

2020年5月1日
Google Cloud Platform

WordPress証明書設定を紹介します。

今回はletsencryptの証明書を使用します。letsencrypt.org

下記のように実行します。

#rootに変更(追加)
sudo su root

#certbot-autoをインストール
sudo curl https://dl.eff.org/certbot-auto -o /usr/bin/certbot-auto

#certbot-autoを アクセス権限変更
sudo chmod 700 /usr/bin/certbot-auto

次はドメイン設定をします。

下記を実行します。

domeinのどころは自分のドメインに変更してください。

sudo certbot-auto certonly --agree-tos --email user@mail.com --webroot --webroot-pat
h /var/www/html/ -d domain.com -d   www.domain.com
<div class="content">
<p>実行すると下記のような画面になります。</p>
</div>
Bootstrapping dependencies for Debian-based OSes... (you can skip this with --no-bootstrap)
Hit:1 http://security.debian.org stretch/updates InRelease
Ign:2 http://deb.debian.org/debian stretch InRelease                                           
Get:3 http://deb.debian.org/debian stretch-updates InRelease [93.6 kB]                         
Hit:4 http://repo.mysql.com/apt/debian stretch InRelease                                              
Get:5 http://deb.debian.org/debian stretch-backports InRelease [91.8 kB]                              
Hit:6 http://deb.debian.org/debian stretch Release                              
Get:7 http://packages.cloud.google.com/apt google-cloud-logging-stretch InRelease [3,806 B]
Hit:8 https://packages.sury.org/php stretch InRelease
Get:9 http://packages.cloud.google.com/apt google-cloud-monitoring-stretch InRelease [3,806 B]
Hit:10 http://packages.cloud.google.com/apt cloud-sdk-stretch InRelease
Get:11 http://packages.cloud.google.com/apt google-compute-engine-stretch-stable InRelease [3,843 B]
Hit:12 http://packages.cloud.google.com/apt google-cloud-packages-archive-keyring-stretch InRelease
Get:14 http://packages.cloud.google.com/apt google-compute-engine-stretch-stable/main amd64 Packages [1,570 B]
Fetched 198 kB in 1s (189 kB/s)                       
Reading package lists... Done
Reading package lists... Done
Building dependency tree       
.
.
.

Do you want to continue? [Y/n] y
.
.
.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y  
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for domain.com
http-01 challenge for www.domain.com
Using the webroot path /var/www/html for all unmatched domains.
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   
   Your key file has been saved at:
   /etc/letsencrypt/live/unitd.net/privkey.pem
   Your cert will expire on 2020-09-23. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot-auto
   again. To non-interactively renew *all* of your certificates, run
   "certbot-auto renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:
   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le
 

次は証明証を設定します。

sudo vi /etc/apache2/sites-available/default-ssl.conf
 

default-ssl.confに下記のように追加します。

<Directory /var/www/html/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>

defaultの証明書をコメントアウトして下記のように追加します。

SSLCertificateFile "/etc/letsencrypt/live/domein.com/cert.pem"
SSLCertificateKeyFile "/etc/letsencrypt/live/domein.com/privkey.pem"
SSLCertificateChainFile "/etc/letsencrypt/live/domein.com/chain.pem"
<div class="content">
 <p><b class="point">wordpress.conf</b>にリダイレクトの設定をします。</p>
</div>
sudo vi /etc/apache2/sites-available/wordpress.conf

defaultにあるものを消して、wordpress.confに下記のように追加します。

domainには自分のドメインを追加します。

<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html

ServerName www.domein.com
ServerAlias domain.com
Redirect permanent / https://www.domain.com/

<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/html/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<div class="content">
 <p>サーバーを再起動します</p>
</div>
sudo a2ensite default-ssl
sudo a2enmod ssl
sudo service apache2 restart
Related tags :