SSL証明書の作成

「Let’s Encrypt」とは? 「Let’s Encrypt」(レッツ・エンクリプト)は、無料ですぐに利用が可能なSSLサーバー証明書で、アメリカの非営利団体ISRG (Internet Security Research Group) が、2016年から提供しているサービスです。 それまでSSLといえば個人情報を入力するフォームなどには必要な手段にもかかわらず、高く(数万円~数十万円)、手続きが面倒でした。ところがLet’s Encrypt誕生のおかげで誰でも、いつでも、かなり簡単にSSLが利用できるようになります。画期的なサービスの登場です。

https://qiita.com/Shinya-Yamaguchi/items/7cb034bf05b93fe46d33
https://qiita.com/hidenorly/items/b324bc24b4d15401a824   Dynamic DNS と https化 (ownCloud + Raspberry Pi 続き)
https://matsup.blogspot.com/2017/03/mydns-lets-encrypt-freebsd-apache24_20.html  MyDNS と Let's Encrypt を使って,FreeBSD 上の  apache24 を https 化してみた(その3)

環境

●Raspberry Pi 3 Model B Rev 1.2
●Raspbian GNU/Linux 9 (stretch)
●Python 3.5.3

SSL証明書

certbot certonly --dry-run  --preferred-challenges http-01  -d www.f-itstar.mydns.jp -m kamanshino@gmail.com


certbot certonly --dry-run --apache -d f-itstar.mydns.jp 

certbot certonly --dry-run --apache -d f-itstar.org

certbot certonly --webroot -w /var/www/html/ -d www.f-itstar.mydns.jp


root@raspberrypi:/home/shino# certbot certonly --webroot -w /var/www/html/ -d www.f-itstar.mydns.jp
/usr/local/lib/python3.5/dist-packages/OpenSSL/crypto.py:14: CryptographyDeprecationWarning: Python 3.5 support will be dropped in the next release of cryptography. Please upgrade your Python.
  from cryptography import utils, x509
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.f-itstar.mydns.jp
Using the webroot path /var/www/html for all unmatched domains.
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
 
  /etc/letsencrypt/live/www.f-itstar.mydns.jp/fullchain.pem
   Your key file has been saved at:

   /etc/letsencrypt/live/www.f-itstar.mydns.jp/privkey.pem


   Your cert will expire on 2021-08-12. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le