SSL証明書の設定でWebサイトを安全に

sudo dnf install certbot python3-certbot-apache

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/pki/tls/private/httpd.key -out /etc/pki/tls/certs/httpd.crt

Country Name (2 letter code) [XX]:JP
State or Province Name (full name) []:TOKYO
Locality Name (eg, city) [Default City]:MINATO
Organization Name (eg, company) [Default Company Ltd]:YourCom,Inc.
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:projects
Email Address []:webmaster@gmail.com

sudo vim /etc/httpd/conf.d/ssl.conf

<VirtualHost *:80>
    ServerName yourserver.com
    DocumentRoot "/opt/local/redmine/src/redmine-5.1.0/public"
    ErrorLog logs/yourserver.com-error_log
    CustomLog logs/yourserver.com-access_log common
</VirtualHost>
<VirtualHost *:443>
    ServerName yourserver.com
    DocumentRoot "/opt/local/redmine/src/redmine-5.1.0/public"
    SSLEngine on
    SSLCertificateFile /etc/pki/tls/certs/httpd.crt  
    SSLCertificateKeyFile /etc/pki/tls/private/httpd.key
</VirtualHost>

sudo certbot --apache

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel): webmaster@artjunkie.co.jp

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y → 規約に同意

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N → メールでの情報受取は不要
Account registered.

Which names would you like to activate HTTPS for?
We recommend selecting either all domains, or all domains in a VirtualHost/server block.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: yourserver.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1 → 1のドメインに適応
Requesting a certificate for yourserver.com

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/projects.artjunkie.co.jp/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/projects.artjunkie.co.jp/privkey.pem
This certificate expires on 2024-06-30.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate
Successfully deployed certificate for projects.artjunkie.co.jp to /etc/httpd/conf.d/ssl.conf
Congratulations! You have successfully enabled HTTPS on https://projects.artjunkie.co.jp

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

sudo service httpd restart

sudo certbot certonly --webroot --webroot-path=/opt/local/redmine/src/redmine-5.1.0/public -d yourserver.com