Lightsail の WordPress を SSL 化する

Amazon Lightsail の WordPress インスタンスで Let’s Encrypt の SSL 証明書を使用する方法を、行ったときのメモを兼ねて紹介します。
ロードバランサを使うほどの環境ではないけどSSLは使いたい、という場合にぴったりの公式チュートリアルがありますので、その手順に従って行います。

手順は「チュートリアル: Amazon Lightsail の WordPress インスタンスで Let’s Encrypt の SSL 証明書を使用する」に詳細に記述されており、その通り実行するだけです。手順の中で実行したコマンドの実行結果を以下にメモしています。各見出しと手順の文章はAWSの記事からの引用です。以下にはコマンド実行結果のメモとしてステップ1~8の内のいくつかしか書いていませんが、チュートリアルも見ながらステップ1~8をすべて行います。

ステップ 2: Lightsail インスタンスに Certbot をインストールする

3. Lightsail のブラウザベースの SSH セッションに接続したら、次のコマンドを入力してインスタンスのパッケージを更新します。

$ sudo apt-get update
Hit:1 http://ap-northeast-1.ec2.archive.ubuntu.com/ubuntu xenial InRelease
Get:2 http://ap-northeast-1.ec2.archive.ubuntu.com/ubuntu xenial-updates InRelease [109 kB]
Get:3 http://ap-northeast-1.ec2.archive.ubuntu.com/ubuntu xenial-backports InRelease [107 kB]
Get:4 http://ap-northeast-1.ec2.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages [1,131 kB]
Get:5 http://ap-northeast-1.ec2.archive.ubuntu.com/ubuntu xenial-updates/universe amd64 Packages [796 kB]                    
Get:6 http://security.ubuntu.com/ubuntu xenial-security InRelease [109 kB]                                                             
Get:7 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages [852 kB]
Get:8 http://security.ubuntu.com/ubuntu xenial-security/universe amd64 Packages [489 kB]
Fetched 3,593 kB in 2s (1,228 kB/s)
Reading package lists... Done

4. 次のコマンドを入力してソフトウェアプロパティパッケージをインストールします。Certbot の開発者は、Personal Package Archive (PPA) を使用して Cerbot を配信します。ソフトウェアプロパティパッケージを使用すると、PPA をより効率的に操作できます。

$ sudo apt-get install software-properties-common
Reading package lists... Done
Building dependency tree       
Reading state information... Done
software-properties-common is already the newest version (0.96.20.9).
0 upgraded, 0 newly installed, 0 to remove and 6 not upgraded.

5. 次のコマンドを入力して Certbot をローカル apt リポジトリに追加します。

$ sudo apt-add-repository ppa:certbot/certbot -y
gpg: keyring `/tmp/tmpqb9enl27/secring.gpg' created
gpg: keyring `/tmp/tmpqb9enl27/pubring.gpg' created
gpg: requesting key 75BCA694 from hkp server keyserver.ubuntu.com
gpg: /tmp/tmpqb9enl27/trustdb.gpg: trustdb created
gpg: key 75BCA694: public key "Launchpad PPA for certbot" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
OK

6. 次のコマンドを入力して apt を更新し、新しいリポジトリを含めます。

$ sudo apt-get update -y
Hit:1 http://ap-northeast-1.ec2.archive.ubuntu.com/ubuntu xenial InRelease
Hit:2 http://ap-northeast-1.ec2.archive.ubuntu.com/ubuntu xenial-updates InRelease                    
Hit:3 http://ap-northeast-1.ec2.archive.ubuntu.com/ubuntu xenial-backports InRelease                  
Hit:4 http://security.ubuntu.com/ubuntu xenial-security InRelease                                                               
Get:5 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial InRelease [24.3 kB]
Get:6 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 Packages [18.6 kB]
Get:7 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main Translation-en [10.9 kB]
Fetched 53.9 kB in 1s (27.0 kB/s)                   
Reading package lists... Done

7. 次のコマンドを入力して Cerbot をインストールします。

$ sudo apt-get install certbot -y
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following additional packages will be installed:
  python3-acme python3-asn1crypto python3-certbot python3-configargparse python3-cryptography python3-funcsigs python3-future python3-icu python3-idna python3-josepy python3-mock
  python3-ndg-httpsclient python3-openssl python3-parsedatetime python3-pbr python3-requests-toolbelt python3-rfc3339 python3-tz python3-zope.component python3-zope.event
  python3-zope.hookable python3-zope.interface
Suggested packages:
  python3-certbot-apache python3-certbot-nginx python-certbot-doc python-acme-doc python-cryptography-doc python3-cryptography-vectors python-funcsigs-doc python-future-doc
  python-mock-doc python-openssl-doc python3-openssl-dbg
The following NEW packages will be installed:
  certbot python3-acme python3-asn1crypto python3-certbot python3-configargparse python3-funcsigs python3-future python3-icu python3-josepy python3-mock python3-ndg-httpsclient
  python3-openssl python3-parsedatetime python3-pbr python3-requests-toolbelt python3-rfc3339 python3-tz python3-zope.component python3-zope.event python3-zope.hookable
  python3-zope.interface
The following packages will be upgraded:
  python3-cryptography python3-idna
2 upgraded, 21 newly installed, 0 to remove and 14 not upgraded.
Need to get 1,562 kB of archives.
After this operation, 7,213 kB of additional disk space will be used.
Get:1 http://ap-northeast-1.ec2.archive.ubuntu.com/ubuntu xenial/universe amd64 python3-funcsigs all 0.4-2 [12.6 kB]
Get:2 http://ap-northeast-1.ec2.archive.ubuntu.com/ubuntu xenial/main amd64 python3-pbr all 1.8.0-4ubuntu1 [33.4 kB]
Get:3 http://ap-northeast-1.ec2.archive.ubuntu.com/ubuntu xenial/universe amd64 python3-mock all 1.3.0-2.1ubuntu1 [46.6 kB]
Get:4 http://ap-northeast-1.ec2.archive.ubuntu.com/ubuntu xenial/main amd64 python3-tz all 2014.10~dfsg1-0ubuntu2 [24.6 kB]
Get:5 http://ap-northeast-1.ec2.archive.ubuntu.com/ubuntu xenial/universe amd64 python3-zope.event all 4.2.0-1 [7,402 B]
Get:6 http://ap-northeast-1.ec2.archive.ubuntu.com/ubuntu xenial/main amd64 python3-icu amd64 1.9.2-2build1 [177 kB]
Get:7 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 python3-asn1crypto all 0.22.0-2+ubuntu16.04.1+certbot+1 [70.3 kB]
Get:8 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 python3-idna all 2.5-1+ubuntu16.04.1+certbot+1 [31.6 kB]
Get:9 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 python3-cryptography amd64 1.9-1+ubuntu16.04.1+certbot+2 [211 kB]
Get:10 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 python3-openssl all 17.3.0-1~0+ubuntu16.04.1+certbot+1 [47.6 kB]
Get:11 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 python3-josepy all 1.1.0-2+ubuntu16.04.1+certbot+1 [27.9 kB]
Get:12 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 python3-requests-toolbelt all 0.8.0-1+ubuntu16.04.1+certbot+1 [38.3 kB]
Get:13 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 python3-rfc3339 all 1.0-4+certbot~xenial+1 [6,412 B]
Get:14 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 python3-acme all 0.31.0-2+ubuntu16.04.6+certbot+2 [50.6 kB]                                                       
Get:15 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 python3-ndg-httpsclient all 0.4.2-1+certbot~xenial+1 [24.7 kB]                                                    
Get:16 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 python3-configargparse all 0.11.0-1+certbot~xenial+1 [22.4 kB]                                                    
Get:17 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 python3-future all 0.15.2-4+ubuntu16.04.1+certbot+3 [334 kB]                                                      
Get:18 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 python3-parsedatetime all 2.4-3+ubuntu16.04.1+certbot+3 [32.3 kB]                                                 
Get:19 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 python3-zope.hookable amd64 4.0.4-4+ubuntu16.04.1+certbot+1 [9,442 B]                                             
Get:20 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 python3-zope.interface amd64 4.3.2-1+ubuntu16.04.1+certbot+1 [90.3 kB]                                            
Get:21 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 python3-zope.component all 4.3.0-1+ubuntu16.04.1+certbot+3 [43.3 kB]                                              
Get:22 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 python3-certbot all 0.31.0-1+ubuntu16.04.1+certbot+1 [209 kB]                                                     
Get:23 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 certbot all 0.31.0-1+ubuntu16.04.1+certbot+1 [11.0 kB]                                                            
Fetched 1,562 kB in 15s (100.0 kB/s)                                                                                                                                                       
Selecting previously unselected package python3-asn1crypto.
(Reading database ... 98574 files and directories currently installed.)
Preparing to unpack .../python3-asn1crypto_0.22.0-2+ubuntu16.04.1+certbot+1_all.deb ...
Unpacking python3-asn1crypto (0.22.0-2+ubuntu16.04.1+certbot+1) ...
Preparing to unpack .../python3-idna_2.5-1+ubuntu16.04.1+certbot+1_all.deb ...
Unpacking python3-idna (2.5-1+ubuntu16.04.1+certbot+1) over (2.0-3) ...
Preparing to unpack .../python3-cryptography_1.9-1+ubuntu16.04.1+certbot+2_amd64.deb ...
Unpacking python3-cryptography (1.9-1+ubuntu16.04.1+certbot+2) over (1.2.3-1ubuntu0.2) ...
Selecting previously unselected package python3-openssl.
Preparing to unpack .../python3-openssl_17.3.0-1~0+ubuntu16.04.1+certbot+1_all.deb ...
Unpacking python3-openssl (17.3.0-1~0+ubuntu16.04.1+certbot+1) ...
Selecting previously unselected package python3-josepy.
Preparing to unpack .../python3-josepy_1.1.0-2+ubuntu16.04.1+certbot+1_all.deb ...
Unpacking python3-josepy (1.1.0-2+ubuntu16.04.1+certbot+1) ...
Selecting previously unselected package python3-funcsigs.
Preparing to unpack .../python3-funcsigs_0.4-2_all.deb ...
Unpacking python3-funcsigs (0.4-2) ...
Selecting previously unselected package python3-pbr.
Preparing to unpack .../python3-pbr_1.8.0-4ubuntu1_all.deb ...
Unpacking python3-pbr (1.8.0-4ubuntu1) ...
Selecting previously unselected package python3-mock.
Preparing to unpack .../python3-mock_1.3.0-2.1ubuntu1_all.deb ...
Unpacking python3-mock (1.3.0-2.1ubuntu1) ...
Selecting previously unselected package python3-requests-toolbelt.
Preparing to unpack .../python3-requests-toolbelt_0.8.0-1+ubuntu16.04.1+certbot+1_all.deb ...
Unpacking python3-requests-toolbelt (0.8.0-1+ubuntu16.04.1+certbot+1) ...
Selecting previously unselected package python3-tz.
Preparing to unpack .../python3-tz_2014.10~dfsg1-0ubuntu2_all.deb ...
Unpacking python3-tz (2014.10~dfsg1-0ubuntu2) ...
Selecting previously unselected package python3-rfc3339.
Preparing to unpack .../python3-rfc3339_1.0-4+certbot~xenial+1_all.deb ...
Unpacking python3-rfc3339 (1.0-4+certbot~xenial+1) ...
Selecting previously unselected package python3-acme.
Preparing to unpack .../python3-acme_0.31.0-2+ubuntu16.04.6+certbot+2_all.deb ...
Unpacking python3-acme (0.31.0-2+ubuntu16.04.6+certbot+2) ...
Selecting previously unselected package python3-ndg-httpsclient.
Preparing to unpack .../python3-ndg-httpsclient_0.4.2-1+certbot~xenial+1_all.deb ...
Unpacking python3-ndg-httpsclient (0.4.2-1+certbot~xenial+1) ...
Selecting previously unselected package python3-configargparse.
Preparing to unpack .../python3-configargparse_0.11.0-1+certbot~xenial+1_all.deb ...
Unpacking python3-configargparse (0.11.0-1+certbot~xenial+1) ...
Selecting previously unselected package python3-future.
Preparing to unpack .../python3-future_0.15.2-4+ubuntu16.04.1+certbot+3_all.deb ...
Unpacking python3-future (0.15.2-4+ubuntu16.04.1+certbot+3) ...
Selecting previously unselected package python3-parsedatetime.
Preparing to unpack .../python3-parsedatetime_2.4-3+ubuntu16.04.1+certbot+3_all.deb ...
Unpacking python3-parsedatetime (2.4-3+ubuntu16.04.1+certbot+3) ...
Selecting previously unselected package python3-zope.hookable.
Preparing to unpack .../python3-zope.hookable_4.0.4-4+ubuntu16.04.1+certbot+1_amd64.deb ...
Unpacking python3-zope.hookable (4.0.4-4+ubuntu16.04.1+certbot+1) ...
Selecting previously unselected package python3-zope.interface.
Preparing to unpack .../python3-zope.interface_4.3.2-1+ubuntu16.04.1+certbot+1_amd64.deb ...
Unpacking python3-zope.interface (4.3.2-1+ubuntu16.04.1+certbot+1) ...
Selecting previously unselected package python3-zope.event.
Preparing to unpack .../python3-zope.event_4.2.0-1_all.deb ...
Unpacking python3-zope.event (4.2.0-1) ...
Selecting previously unselected package python3-zope.component.
Preparing to unpack .../python3-zope.component_4.3.0-1+ubuntu16.04.1+certbot+3_all.deb ...
Unpacking python3-zope.component (4.3.0-1+ubuntu16.04.1+certbot+3) ...
Selecting previously unselected package python3-certbot.
Preparing to unpack .../python3-certbot_0.31.0-1+ubuntu16.04.1+certbot+1_all.deb ...
Unpacking python3-certbot (0.31.0-1+ubuntu16.04.1+certbot+1) ...
Selecting previously unselected package certbot.
Preparing to unpack .../certbot_0.31.0-1+ubuntu16.04.1+certbot+1_all.deb ...
Unpacking certbot (0.31.0-1+ubuntu16.04.1+certbot+1) ...
Selecting previously unselected package python3-icu.
Preparing to unpack .../python3-icu_1.9.2-2build1_amd64.deb ...
Unpacking python3-icu (1.9.2-2build1) ...
Processing triggers for man-db (2.7.5-1) ...
Setting up python3-asn1crypto (0.22.0-2+ubuntu16.04.1+certbot+1) ...
Setting up python3-idna (2.5-1+ubuntu16.04.1+certbot+1) ...
Setting up python3-cryptography (1.9-1+ubuntu16.04.1+certbot+2) ...
Setting up python3-openssl (17.3.0-1~0+ubuntu16.04.1+certbot+1) ...
Setting up python3-josepy (1.1.0-2+ubuntu16.04.1+certbot+1) ...
Setting up python3-funcsigs (0.4-2) ...
Setting up python3-pbr (1.8.0-4ubuntu1) ...
update-alternatives: using /usr/bin/python3-pbr to provide /usr/bin/pbr (pbr) in auto mode
Setting up python3-mock (1.3.0-2.1ubuntu1) ...
Setting up python3-requests-toolbelt (0.8.0-1+ubuntu16.04.1+certbot+1) ...
Setting up python3-tz (2014.10~dfsg1-0ubuntu2) ...
Setting up python3-rfc3339 (1.0-4+certbot~xenial+1) ...
Setting up python3-acme (0.31.0-2+ubuntu16.04.6+certbot+2) ...
Setting up python3-ndg-httpsclient (0.4.2-1+certbot~xenial+1) ...
Setting up python3-configargparse (0.11.0-1+certbot~xenial+1) ...
Setting up python3-future (0.15.2-4+ubuntu16.04.1+certbot+3) ...
update-alternatives: using /usr/bin/python3-futurize to provide /usr/bin/futurize (futurize) in auto mode
update-alternatives: using /usr/bin/python3-pasteurize to provide /usr/bin/pasteurize (pasteurize) in auto mode
Setting up python3-parsedatetime (2.4-3+ubuntu16.04.1+certbot+3) ...
Setting up python3-zope.hookable (4.0.4-4+ubuntu16.04.1+certbot+1) ...
Setting up python3-zope.interface (4.3.2-1+ubuntu16.04.1+certbot+1) ...
Setting up python3-zope.event (4.2.0-1) ...
Setting up python3-zope.component (4.3.0-1+ubuntu16.04.1+certbot+3) ...
Setting up python3-certbot (0.31.0-1+ubuntu16.04.1+certbot+1) ...
Setting up certbot (0.31.0-1+ubuntu16.04.1+certbot+1) ...
certbot.service is a disabled or a static unit, not starting it.
Setting up python3-icu (1.9.2-2build1) ...

ステップ 3: Let’s Encrypt の SSL ワイルドカード証明書をリクエストする

3. 次のコマンドを入力して Certbot をインタラクティブモードで起動します。このコマンドでは、DNS チャレンジで手動認証を使用してドメインの所有権を検証することを Certbot に指示します。また、最上位ドメインとそのサブドメイン用にワイルドカード証明書をリクエストします。

$ DOMAIN=kreyysyy.net
$ WILDCARD=*.$DOMAIN
$ echo $DOMAIN && echo $WILDCARD
kreyysyy.net
*.kreyysyy.net
$ sudo certbot -d $DOMAIN -d $WILDCARD --manual --preferred-challenges dns certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): ********@gmail.com
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for kreyysyy.net
dns-01 challenge for kreyysyy.net

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.

Are you OK with your IP being logged?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name
_acme-challenge.kreyysyy.net with the following value:

◆◆◆DNS TXTレコード用の文字列がここに表示される◆◆◆

Before continuing, verify the record is deployed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name
_acme-challenge.kreyysyy.net with the following value:

◆◆◆DNS TXTレコード用の文字列がここに表示される◆◆◆

Before continuing, verify the record is deployed.
(This must be set up in addition to the previous challenges; do not remove,
replace, or undo the previous challenge tasks yet. Note that you might be
asked to create multiple distinct TXT records with the same name. This is
permitted by DNS standards.)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue

ここまで来たらEnterは押さずにステップ4~5へ移り、それが終わってからEnterを押します。

ステップ 6: Let’s Encrypt の SSL 証明書リクエストを完了する

1. WordPress インスタンスの Lightsail ブラウザベースの SSH セッションで、Enter キーを押し、Let’s Encrypt SSL 証明書のリクエストを続行します。成功すると、次のスクリーンショットに示すようなレスポンスが表示されます。

Waiting for verification...
Resetting dropped connection: acme-v02.api.letsencrypt.org
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/kreyysyy.net/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/kreyysyy.net/privkey.pem
   Your cert will expire on 2020-07-22. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

ステップ 7: Apache サーバーディレクトリで Let’s Encrypt の証明書ファイルへのリンクを作成する

1. WordPress インスタンスの Lightsail ブラウザベースの SSH セッションで、次のコマンドを入力して基盤となるサービスを停止します。

$ sudo /opt/bitnami/ctlscript.sh stop
Syntax OK
/opt/bitnami/apache2/scripts/ctl.sh : httpd stopped
/opt/bitnami/php/scripts/ctl.sh : php-fpm stopped
/opt/bitnami/mysql/scripts/ctl.sh : mysql stopped

2. 次のコマンドを入力してドメインの環境変数を設定します。コマンドをコピーして貼り付け、より効率的に証明書ファイルをリンクできます。domain は登録済みのドメイン名に置き換えてください。

3. 次のコマンドを入力し、変数が正しい値を返すことを確認します。

$ DOMAIN=kreyysyy.net
$ WILDCARD=*.$DOMAIN
$ echo $DOMAIN && echo $WILDCARD
kreyysyy.net
*.kreyysyy.net

4. 既存の証明書ファイルがある場合、バックアップとして以下のコマンドを個別に入力して名前を変更します。

$ sudo mv /opt/bitnami/apache2/conf/server.crt /opt/bitnami/apache2/conf/server.crt.old
$ sudo mv /opt/bitnami/apache2/conf/server.key /opt/bitnami/apache2/conf/server.key.old
$ sudo mv /opt/bitnami/apache2/conf/server.csr /opt/bitnami/apache2/conf/server.csr.old

5. 以下のコマンドを個別に入力し、Apache ディレクトリで Let’s Encrypt の証明書ファイルへのリンクを作成します。

$ sudo ln -s /etc/letsencrypt/live/$DOMAIN/privkey.pem /opt/bitnami/apache2/conf/server.key
$ sudo ln -s /etc/letsencrypt/live/$DOMAIN/fullchain.pem /opt/bitnami/apache2/conf/server.crt
$ ls -l /opt/bitnami/apache2/conf/server.*
lrwxrwxrwx 1 root root   48 Apr 23 03:19 /opt/bitnami/apache2/conf/server.crt -> /etc/letsencrypt/live/kreyysyy.net/fullchain.pem
-rw-r--r-- 1 root root 1180 Apr 17 02:50 /opt/bitnami/apache2/conf/server.crt.old
-rw-r--r-- 1 root root  985 Apr 17 02:50 /opt/bitnami/apache2/conf/server.csr.old
lrwxrwxrwx 1 root root   46 Apr 23 03:19 /opt/bitnami/apache2/conf/server.key -> /etc/letsencrypt/live/kreyysyy.net/privkey.pem
-rw------- 1 root root 1675 Apr 17 02:50 /opt/bitnami/apache2/conf/server.key.old
$ sudo ls -l /etc/letsencrypt/live/kreyysyy.net/
total 4
lrwxrwxrwx 1 root root  36 Apr 23 03:09 cert.pem -> ../../archive/kreyysyy.net/cert1.pem
lrwxrwxrwx 1 root root  37 Apr 23 03:09 chain.pem -> ../../archive/kreyysyy.net/chain1.pem
lrwxrwxrwx 1 root root  41 Apr 23 03:09 fullchain.pem -> ../../archive/kreyysyy.net/fullchain1.pem
lrwxrwxrwx 1 root root  39 Apr 23 03:09 privkey.pem -> ../../archive/kreyysyy.net/privkey1.pem
-rw-r--r-- 1 root root 692 Apr 23 03:09 README

6. 次のコマンドを入力して、以前に停止した基盤となるサービスを開始します。

$ sudo /opt/bitnami/ctlscript.sh start
/opt/bitnami/mysql/scripts/ctl.sh : mysql  started at port 3306
/opt/bitnami/php/scripts/ctl.sh : php-fpm started
Syntax OK
/opt/bitnami/apache2/scripts/ctl.sh : httpd started at port 80

ステップ 8: Really Simple SSL プラグインを使用して SSL 証明書を WordPress サイトに統合する

1. WordPress インスタンスの Lightsail ブラウザベースの SSH セッションで、次のコマンドを入力して wp-config.php ファイルを書き込み可能に設定します。Really Simple SSL プラグインは、wp-config.php ファイルに書き込むことで証明書を設定します。

$ sudo ls -l /opt/bitnami/apps/wordpress/htdocs/wp-config.php
-rw-r----- 1 bitnami daemon 4253 Apr 17 02:50 /opt/bitnami/apps/wordpress/htdocs/wp-config.php
$ sudo chmod 666 /opt/bitnami/apps/wordpress/htdocs/wp-config.php

コメントを残す