OCI(Oracle Cloud Infrastructure)Always Freeサービス＋letsencryptで無料でWordPressのSSL設定

サラリーマン兼業投資家

2023年7月23日 16:30

動作環境

Oracle Cloud Infrastructure Always Free

Ubuntu20.04
letsencrypt
certbot

手順

VCN設定

Oracle Cloud Consoleにて、Networking -> Virtual Cloud Networksを選択する

作成したVCN -> Default Security List -> Add Ingress Rules, 443 portを追加する

OSのファイアウォールを設定する

iptablesの設定確認コマンド

sudo iptables -L

該当ポートの許可

sudo iptables -I INPUT 5 -p tcp --dport [ポート番号] -j ACCEPT

iptablesの設定を永続化する

sudo /etc/init.d/netfilter-persistent save
sudo /etc/init.d/netfilter-persistent reload

certbotのインストール

$ sudo apt update
$ sudo apt -y upgrade
$ sudo apt -y install certbot python3-certbot-apache
$ sudo certbot --apache

# 証明書を生成
$ sudo certbot certonly --standalone -d EXAMPLE.com

letsencryptで生成した証明書の有効期限は３ヶ月なので、cronjobを作成して、定期的に自動的に証明書を更新する必要がある

sudo vim /etc/cron.d/letsencrypt

00 04 01 * * root /bin/certbot renew --force-renew --webroot-path /var/www/html/ --post-hook "systemctl restart apache2"

設定ファイルの編集

sudo vim /etc/apache2/sites-available/000-default.conf

編集後の000-default.conf

<VirtualHost *:80>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        #ServerName  www.example.com

        ServerName EXAMPLE.com
        ServerAlias www.EXAMPLE.com

        # ServerAdmin webmaster@localhost
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel  info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include  conf-available/serve-cgi-bin.conf
        RewriteEngine on
        RewriteCond %{SERVER_NAME} =EXAMPLE.com [OR]
        RewriteCond %{SERVER_NAME} =www.EXAMPLE.com
        RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

<VirtualHost *:443>
    ServerName EXAMPLE.com
    ServerAlias www.EXAMPLE.com
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html/
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
    #Include  /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateChainFile /etc/letsencrypt/live/EXAMPLE.com/chain.pem
    SSLCertificateFile /etc/letsencrypt/live/EXAMPLE.com/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/EXAMPLE.com/privkey.pem
</VirtualHost>

default-ssl.confにて同様にSSL証明書に関連する設定をする

sudo vim /etc/apache2/sites-available/default-ssl.conf

// ...
SSLCertificateFile      /etc/letsencrypt/live/EXAMPLE.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/EXAMPLE.com/privkey.pem

SSLCertificateChainFile /etc/letsencrypt/live/EXAMPLE.com/chain.pem
// ...

Apache再起動

sudo systemctl restart apache2

この記事が気に入ったらサポートをしてみませんか？