XserverVPSでWordPress環境を構築(4)SSLの有効化

XserverVPSでWordPress環境を構築していきます。Xserverでは無くとも、Ubuntuならば同様にできるようになっています。4回目は、SSL（Secure Sockets Layer）を有効化しHTTPS（HyperText Transfer Protocol Secure）でサイトを表示させます。

ファイアウォールのポート開放

22,80,443ポートの開放

22ポートの開放

# ufw allow 22
Rules updated
Rules updated (v6)

80ポートの開放

# ufw allow 80
Rules updated
Rules updated (v6)

443ポートの開放

# ufw allow 443
Rules updated
Rules updated (v6)

駄目押しでApache Fullでも（80と443）開放・・・やらなくても大丈夫

# ufw allow 'Apache Full'
Rules updated
Rules updated (v6)

ufwの有効化

# ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y ← SSH接続が中断するかもと言ってくるがポート22を開けているので大丈夫。
Firewall is active and enabled on system startup

SSLの有効化

# a2enmod ssl
Considering dependency mime for ssl:
Module mime already enabled
Considering dependency socache_shmcb for ssl:
Enabling module socache_shmcb.
Enabling module ssl.
See /usr/share/doc/apache2/README.Debian.gz on how to configure SSL and create self-signed certificates.
To activate the new configuration, you need to run:
  systemctl restart apache2

RequestHeaderディレクトリを使うためのmod_headersモジュールの有効化

# a2enmod headers
Enabling module headers.
To activate the new configuration, you need to run:
  systemctl restart apache2

HTTPSでアクセスするための設定の組み込み

# a2ensite default-ssl
Enabling site default-ssl.
To activate the new configuration, you need to run:
  systemctl reload apache2

Apache2を再起動するように指示してくるので、再起動します。

# systemctl restart apache2

接続テスト

ブラウザから
https://ドメイン
の形で接続してみます。
ただし、接続はできますが証明書が無いので警告がでます。

証明書の発行

python3を使って、証明書を取得していきます。
念のため、python3がインストールされているか確認します。

# python3 --version
Python 3.12.3

インストールされていない場合は、

# apt install python3.12

のようにバージョンを指定してインストールしてください。

CertbotとCertbotをApacheと統合するプラグインのインストール

Certbotは無料でSSL証明書を発行するツールです。

# apt install -y certbot python3-certbot-apache
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
  augeas-lenses libaugeas0 python3-acme python3-augeas python3-certbot
  python3-configargparse python3-icu python3-josepy python3-parsedatetime
  python3-rfc3339
Suggested packages:
  augeas-doc python-certbot-doc python3-certbot-nginx augeas-tools
  python-acme-doc python-certbot-apache-doc
The following NEW packages will be installed:
  augeas-lenses certbot libaugeas0 python3-acme python3-augeas python3-certbot
  python3-certbot-apache python3-configargparse python3-icu python3-josepy
  python3-parsedatetime python3-rfc3339
0 upgraded, 12 newly installed, 0 to remove and 70 not upgraded.
Need to get 1657 kB of archives.
After this operation, 8599 kB of additional disk space will be used.
Get:1 http://nova.clouds.archive.ubuntu.com/ubuntu noble/universe amd64 augeas-lenses all 1.14.1-1build2 [323 kB]
Get:2 http://nova.clouds.archive.ubuntu.com/ubuntu noble/universe amd64 libaugeas0 amd64 1.14.1-1build2 [166 kB]
Get:3 http://nova.clouds.archive.ubuntu.com/ubuntu noble/universe amd64 python3-josepy all 1.14.0-1 [22.1 kB]
Get:4 http://nova.clouds.archive.ubuntu.com/ubuntu noble/universe amd64 python3-rfc3339 all 1.1-4 [6744 B]
Get:5 http://nova.clouds.archive.ubuntu.com/ubuntu noble/universe amd64 python3-acme all 2.9.0-1 [48.5 kB]
Get:6 http://nova.clouds.archive.ubuntu.com/ubuntu noble/universe amd64 python3-augeas all 0.5.0-1.1 [9124 B]
Get:7 http://nova.clouds.archive.ubuntu.com/ubuntu noble/universe amd64 python3-configargparse all 1.7-1 [31.7 kB]
Get:8 http://nova.clouds.archive.ubuntu.com/ubuntu noble/universe amd64 python3-parsedatetime all 2.6-3 [32.8 kB]
Get:9 http://nova.clouds.archive.ubuntu.com/ubuntu noble/universe amd64 python3-certbot all 2.9.0-1 [267 kB]
Get:10 http://nova.clouds.archive.ubuntu.com/ubuntu noble/universe amd64 certbot all 2.9.0-1 [89.2 kB]
Get:11 http://nova.clouds.archive.ubuntu.com/ubuntu noble/universe amd64 python3-certbot-apache all 2.9.0-1 [128 kB]
Get:12 http://nova.clouds.archive.ubuntu.com/ubuntu noble/main amd64 python3-icu amd64 2.12-1build2 [534 kB]
Fetched 1657 kB in 3s (489 kB/s)
Preconfiguring packages ...
Selecting previously unselected package augeas-lenses.
(Reading database ... 68833 files and directories currently installed.)
Preparing to unpack .../00-augeas-lenses_1.14.1-1build2_all.deb ...
Unpacking augeas-lenses (1.14.1-1build2) ...
Selecting previously unselected package libaugeas0:amd64.
Preparing to unpack .../01-libaugeas0_1.14.1-1build2_amd64.deb ...
Unpacking libaugeas0:amd64 (1.14.1-1build2) ...
Selecting previously unselected package python3-josepy.
Preparing to unpack .../02-python3-josepy_1.14.0-1_all.deb ...
Unpacking python3-josepy (1.14.0-1) ...
Selecting previously unselected package python3-rfc3339.
Preparing to unpack .../03-python3-rfc3339_1.1-4_all.deb ...
Unpacking python3-rfc3339 (1.1-4) ...
Selecting previously unselected package python3-acme.
Preparing to unpack .../04-python3-acme_2.9.0-1_all.deb ...
Unpacking python3-acme (2.9.0-1) ...
Selecting previously unselected package python3-augeas.
Preparing to unpack .../05-python3-augeas_0.5.0-1.1_all.deb ...
Unpacking python3-augeas (0.5.0-1.1) ...
Selecting previously unselected package python3-configargparse.
Preparing to unpack .../06-python3-configargparse_1.7-1_all.deb ...
Unpacking python3-configargparse (1.7-1) ...
Selecting previously unselected package python3-parsedatetime.
Preparing to unpack .../07-python3-parsedatetime_2.6-3_all.deb ...
Unpacking python3-parsedatetime (2.6-3) ...
Selecting previously unselected package python3-certbot.
Preparing to unpack .../08-python3-certbot_2.9.0-1_all.deb ...
Unpacking python3-certbot (2.9.0-1) ...
Selecting previously unselected package certbot.
Preparing to unpack .../09-certbot_2.9.0-1_all.deb ...
Unpacking certbot (2.9.0-1) ...
Selecting previously unselected package python3-certbot-apache.
Preparing to unpack .../10-python3-certbot-apache_2.9.0-1_all.deb ...
Unpacking python3-certbot-apache (2.9.0-1) ...
Selecting previously unselected package python3-icu.
Preparing to unpack .../11-python3-icu_2.12-1build2_amd64.deb ...
Unpacking python3-icu (2.12-1build2) ...
Setting up python3-configargparse (1.7-1) ...
Setting up python3-parsedatetime (2.6-3) ...
Setting up python3-icu (2.12-1build2) ...
Setting up augeas-lenses (1.14.1-1build2) ...
Setting up libaugeas0:amd64 (1.14.1-1build2) ...
Setting up python3-josepy (1.14.0-1) ...
Setting up python3-augeas (0.5.0-1.1) ...
Setting up python3-rfc3339 (1.1-4) ...
Setting up python3-acme (2.9.0-1) ...
Setting up python3-certbot (2.9.0-1) ...
Setting up certbot (2.9.0-1) ...
Created symlink /etc/systemd/system/timers.target.wants/certbot.timer → /usr/lib/systemd/system/certbot.timer.
Setting up python3-certbot-apache (2.9.0-1) ...
Processing triggers for man-db (2.12.0-4build2) ...
Processing triggers for libc-bin (2.39-0ubuntu8) ...
Scanning processes...
Scanning linux images...
 
Running kernel seems to be up-to-date.
 
No services need to be restarted.
 
No containers need to be restarted.
 
No user sessions are running outdated binaries.
 
No VM guests are running outdated hypervisor (qemu) binaries on this host.

certbotの設定

対話形式で設定することになりますので、赤字を参考にしながら進めてください。

# certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel): ←メールアドレスを入力

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at

https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf.
letsencrypt.org You must agree in
order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y ←Yで同意

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: ←YでもNでもどちらでもOK。（Yだと開発情報が届くようです）
Account registered.
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): rm-engineering.info←自分のドメインを入力
Requesting a certificate for rm-engineering.info
 
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/rm-engineering.info/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/rm-engineering.info/privkey.pem
This certificate expires on 2024-09-17.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
 
Deploying certificate
 
We were unable to find a vhost with a ServerName or Address of rm-engineering.info.
Which virtual host would you like to choose?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: default-ssl.conf               |                       | HTTPS | Enabled
2: 000-default.conf               |                       |       | Enabled
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1 ←1を選ぶ
Successfully deployed certificate for rm-engineering.info to /etc/apache2/sites-enabled/default-ssl.conf
Congratulations! You have successfully enabled HTTPS on https://rm-engineering.info
 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Apache2の再起動

設定を反映させるためにApache2を再起動します。

# systemctl restart apache2

再度ブラウザから自分のドメインをアクセスしてみます。
警告無しにApache2のDefault Pageが表示されました。

ご覧いただき有難うございました。良かったら いいね(thumb up)ボタンをお願いします。

PR