Amazon Lightsail の WordPress インスタンスで Let’s Encrypt の SSL 証明書を使用する方法を、行ったときのメモを兼ねて紹介します。
ロードバランサを使うほどの環境ではないけどSSLは使いたい、という場合にぴったりの公式チュートリアルがありますので、その手順に従って行います。
手順は「チュートリアル: Amazon Lightsail の WordPress インスタンスで Let’s Encrypt の SSL 証明書を使用する」に詳細に記述されており、その通り実行するだけです。手順の中で実行したコマンドの実行結果を以下にメモしています。各見出しと手順の文章はAWSの記事からの引用です。以下にはコマンド実行結果のメモとしてステップ1~8の内のいくつかしか書いていませんが、チュートリアルも見ながらステップ1~8をすべて行います。
目次
ステップ 2: Lightsail インスタンスに Certbot をインストールする
3. Lightsail のブラウザベースの SSH セッションに接続したら、次のコマンドを入力してインスタンスのパッケージを更新します。
$ sudo apt-get update Hit:1 http://ap-northeast-1.ec2.archive.ubuntu.com/ubuntu xenial InRelease Get:2 http://ap-northeast-1.ec2.archive.ubuntu.com/ubuntu xenial-updates InRelease [109 kB] Get:3 http://ap-northeast-1.ec2.archive.ubuntu.com/ubuntu xenial-backports InRelease [107 kB] Get:4 http://ap-northeast-1.ec2.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages [1,131 kB] Get:5 http://ap-northeast-1.ec2.archive.ubuntu.com/ubuntu xenial-updates/universe amd64 Packages [796 kB] Get:6 http://security.ubuntu.com/ubuntu xenial-security InRelease [109 kB] Get:7 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages [852 kB] Get:8 http://security.ubuntu.com/ubuntu xenial-security/universe amd64 Packages [489 kB] Fetched 3,593 kB in 2s (1,228 kB/s) Reading package lists... Done
4. 次のコマンドを入力してソフトウェアプロパティパッケージをインストールします。Certbot の開発者は、Personal Package Archive (PPA) を使用して Cerbot を配信します。ソフトウェアプロパティパッケージを使用すると、PPA をより効率的に操作できます。
$ sudo apt-get install software-properties-common Reading package lists... Done Building dependency tree Reading state information... Done software-properties-common is already the newest version (0.96.20.9). 0 upgraded, 0 newly installed, 0 to remove and 6 not upgraded.
5. 次のコマンドを入力して Certbot をローカル apt リポジトリに追加します。
$ sudo apt-add-repository ppa:certbot/certbot -y gpg: keyring `/tmp/tmpqb9enl27/secring.gpg' created gpg: keyring `/tmp/tmpqb9enl27/pubring.gpg' created gpg: requesting key 75BCA694 from hkp server keyserver.ubuntu.com gpg: /tmp/tmpqb9enl27/trustdb.gpg: trustdb created gpg: key 75BCA694: public key "Launchpad PPA for certbot" imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) OK
6. 次のコマンドを入力して apt を更新し、新しいリポジトリを含めます。
$ sudo apt-get update -y Hit:1 http://ap-northeast-1.ec2.archive.ubuntu.com/ubuntu xenial InRelease Hit:2 http://ap-northeast-1.ec2.archive.ubuntu.com/ubuntu xenial-updates InRelease Hit:3 http://ap-northeast-1.ec2.archive.ubuntu.com/ubuntu xenial-backports InRelease Hit:4 http://security.ubuntu.com/ubuntu xenial-security InRelease Get:5 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial InRelease [24.3 kB] Get:6 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 Packages [18.6 kB] Get:7 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main Translation-en [10.9 kB] Fetched 53.9 kB in 1s (27.0 kB/s) Reading package lists... Done
7. 次のコマンドを入力して Cerbot をインストールします。
$ sudo apt-get install certbot -y Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: python3-acme python3-asn1crypto python3-certbot python3-configargparse python3-cryptography python3-funcsigs python3-future python3-icu python3-idna python3-josepy python3-mock python3-ndg-httpsclient python3-openssl python3-parsedatetime python3-pbr python3-requests-toolbelt python3-rfc3339 python3-tz python3-zope.component python3-zope.event python3-zope.hookable python3-zope.interface Suggested packages: python3-certbot-apache python3-certbot-nginx python-certbot-doc python-acme-doc python-cryptography-doc python3-cryptography-vectors python-funcsigs-doc python-future-doc python-mock-doc python-openssl-doc python3-openssl-dbg The following NEW packages will be installed: certbot python3-acme python3-asn1crypto python3-certbot python3-configargparse python3-funcsigs python3-future python3-icu python3-josepy python3-mock python3-ndg-httpsclient python3-openssl python3-parsedatetime python3-pbr python3-requests-toolbelt python3-rfc3339 python3-tz python3-zope.component python3-zope.event python3-zope.hookable python3-zope.interface The following packages will be upgraded: python3-cryptography python3-idna 2 upgraded, 21 newly installed, 0 to remove and 14 not upgraded. Need to get 1,562 kB of archives. After this operation, 7,213 kB of additional disk space will be used. Get:1 http://ap-northeast-1.ec2.archive.ubuntu.com/ubuntu xenial/universe amd64 python3-funcsigs all 0.4-2 [12.6 kB] Get:2 http://ap-northeast-1.ec2.archive.ubuntu.com/ubuntu xenial/main amd64 python3-pbr all 1.8.0-4ubuntu1 [33.4 kB] Get:3 http://ap-northeast-1.ec2.archive.ubuntu.com/ubuntu xenial/universe amd64 python3-mock all 1.3.0-2.1ubuntu1 [46.6 kB] Get:4 http://ap-northeast-1.ec2.archive.ubuntu.com/ubuntu xenial/main amd64 python3-tz all 2014.10~dfsg1-0ubuntu2 [24.6 kB] Get:5 http://ap-northeast-1.ec2.archive.ubuntu.com/ubuntu xenial/universe amd64 python3-zope.event all 4.2.0-1 [7,402 B] Get:6 http://ap-northeast-1.ec2.archive.ubuntu.com/ubuntu xenial/main amd64 python3-icu amd64 1.9.2-2build1 [177 kB] Get:7 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 python3-asn1crypto all 0.22.0-2+ubuntu16.04.1+certbot+1 [70.3 kB] Get:8 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 python3-idna all 2.5-1+ubuntu16.04.1+certbot+1 [31.6 kB] Get:9 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 python3-cryptography amd64 1.9-1+ubuntu16.04.1+certbot+2 [211 kB] Get:10 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 python3-openssl all 17.3.0-1~0+ubuntu16.04.1+certbot+1 [47.6 kB] Get:11 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 python3-josepy all 1.1.0-2+ubuntu16.04.1+certbot+1 [27.9 kB] Get:12 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 python3-requests-toolbelt all 0.8.0-1+ubuntu16.04.1+certbot+1 [38.3 kB] Get:13 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 python3-rfc3339 all 1.0-4+certbot~xenial+1 [6,412 B] Get:14 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 python3-acme all 0.31.0-2+ubuntu16.04.6+certbot+2 [50.6 kB] Get:15 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 python3-ndg-httpsclient all 0.4.2-1+certbot~xenial+1 [24.7 kB] Get:16 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 python3-configargparse all 0.11.0-1+certbot~xenial+1 [22.4 kB] Get:17 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 python3-future all 0.15.2-4+ubuntu16.04.1+certbot+3 [334 kB] Get:18 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 python3-parsedatetime all 2.4-3+ubuntu16.04.1+certbot+3 [32.3 kB] Get:19 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 python3-zope.hookable amd64 4.0.4-4+ubuntu16.04.1+certbot+1 [9,442 B] Get:20 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 python3-zope.interface amd64 4.3.2-1+ubuntu16.04.1+certbot+1 [90.3 kB] Get:21 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 python3-zope.component all 4.3.0-1+ubuntu16.04.1+certbot+3 [43.3 kB] Get:22 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 python3-certbot all 0.31.0-1+ubuntu16.04.1+certbot+1 [209 kB] Get:23 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 certbot all 0.31.0-1+ubuntu16.04.1+certbot+1 [11.0 kB] Fetched 1,562 kB in 15s (100.0 kB/s) Selecting previously unselected package python3-asn1crypto. (Reading database ... 98574 files and directories currently installed.) Preparing to unpack .../python3-asn1crypto_0.22.0-2+ubuntu16.04.1+certbot+1_all.deb ... Unpacking python3-asn1crypto (0.22.0-2+ubuntu16.04.1+certbot+1) ... Preparing to unpack .../python3-idna_2.5-1+ubuntu16.04.1+certbot+1_all.deb ... Unpacking python3-idna (2.5-1+ubuntu16.04.1+certbot+1) over (2.0-3) ... Preparing to unpack .../python3-cryptography_1.9-1+ubuntu16.04.1+certbot+2_amd64.deb ... Unpacking python3-cryptography (1.9-1+ubuntu16.04.1+certbot+2) over (1.2.3-1ubuntu0.2) ... Selecting previously unselected package python3-openssl. Preparing to unpack .../python3-openssl_17.3.0-1~0+ubuntu16.04.1+certbot+1_all.deb ... Unpacking python3-openssl (17.3.0-1~0+ubuntu16.04.1+certbot+1) ... Selecting previously unselected package python3-josepy. Preparing to unpack .../python3-josepy_1.1.0-2+ubuntu16.04.1+certbot+1_all.deb ... Unpacking python3-josepy (1.1.0-2+ubuntu16.04.1+certbot+1) ... Selecting previously unselected package python3-funcsigs. Preparing to unpack .../python3-funcsigs_0.4-2_all.deb ... Unpacking python3-funcsigs (0.4-2) ... Selecting previously unselected package python3-pbr. Preparing to unpack .../python3-pbr_1.8.0-4ubuntu1_all.deb ... Unpacking python3-pbr (1.8.0-4ubuntu1) ... Selecting previously unselected package python3-mock. Preparing to unpack .../python3-mock_1.3.0-2.1ubuntu1_all.deb ... Unpacking python3-mock (1.3.0-2.1ubuntu1) ... Selecting previously unselected package python3-requests-toolbelt. Preparing to unpack .../python3-requests-toolbelt_0.8.0-1+ubuntu16.04.1+certbot+1_all.deb ... Unpacking python3-requests-toolbelt (0.8.0-1+ubuntu16.04.1+certbot+1) ... Selecting previously unselected package python3-tz. Preparing to unpack .../python3-tz_2014.10~dfsg1-0ubuntu2_all.deb ... Unpacking python3-tz (2014.10~dfsg1-0ubuntu2) ... Selecting previously unselected package python3-rfc3339. Preparing to unpack .../python3-rfc3339_1.0-4+certbot~xenial+1_all.deb ... Unpacking python3-rfc3339 (1.0-4+certbot~xenial+1) ... Selecting previously unselected package python3-acme. Preparing to unpack .../python3-acme_0.31.0-2+ubuntu16.04.6+certbot+2_all.deb ... Unpacking python3-acme (0.31.0-2+ubuntu16.04.6+certbot+2) ... Selecting previously unselected package python3-ndg-httpsclient. Preparing to unpack .../python3-ndg-httpsclient_0.4.2-1+certbot~xenial+1_all.deb ... Unpacking python3-ndg-httpsclient (0.4.2-1+certbot~xenial+1) ... Selecting previously unselected package python3-configargparse. Preparing to unpack .../python3-configargparse_0.11.0-1+certbot~xenial+1_all.deb ... Unpacking python3-configargparse (0.11.0-1+certbot~xenial+1) ... Selecting previously unselected package python3-future. Preparing to unpack .../python3-future_0.15.2-4+ubuntu16.04.1+certbot+3_all.deb ... Unpacking python3-future (0.15.2-4+ubuntu16.04.1+certbot+3) ... Selecting previously unselected package python3-parsedatetime. Preparing to unpack .../python3-parsedatetime_2.4-3+ubuntu16.04.1+certbot+3_all.deb ... Unpacking python3-parsedatetime (2.4-3+ubuntu16.04.1+certbot+3) ... Selecting previously unselected package python3-zope.hookable. Preparing to unpack .../python3-zope.hookable_4.0.4-4+ubuntu16.04.1+certbot+1_amd64.deb ... Unpacking python3-zope.hookable (4.0.4-4+ubuntu16.04.1+certbot+1) ... Selecting previously unselected package python3-zope.interface. Preparing to unpack .../python3-zope.interface_4.3.2-1+ubuntu16.04.1+certbot+1_amd64.deb ... Unpacking python3-zope.interface (4.3.2-1+ubuntu16.04.1+certbot+1) ... Selecting previously unselected package python3-zope.event. Preparing to unpack .../python3-zope.event_4.2.0-1_all.deb ... Unpacking python3-zope.event (4.2.0-1) ... Selecting previously unselected package python3-zope.component. Preparing to unpack .../python3-zope.component_4.3.0-1+ubuntu16.04.1+certbot+3_all.deb ... Unpacking python3-zope.component (4.3.0-1+ubuntu16.04.1+certbot+3) ... Selecting previously unselected package python3-certbot. Preparing to unpack .../python3-certbot_0.31.0-1+ubuntu16.04.1+certbot+1_all.deb ... Unpacking python3-certbot (0.31.0-1+ubuntu16.04.1+certbot+1) ... Selecting previously unselected package certbot. Preparing to unpack .../certbot_0.31.0-1+ubuntu16.04.1+certbot+1_all.deb ... Unpacking certbot (0.31.0-1+ubuntu16.04.1+certbot+1) ... Selecting previously unselected package python3-icu. Preparing to unpack .../python3-icu_1.9.2-2build1_amd64.deb ... Unpacking python3-icu (1.9.2-2build1) ... Processing triggers for man-db (2.7.5-1) ... Setting up python3-asn1crypto (0.22.0-2+ubuntu16.04.1+certbot+1) ... Setting up python3-idna (2.5-1+ubuntu16.04.1+certbot+1) ... Setting up python3-cryptography (1.9-1+ubuntu16.04.1+certbot+2) ... Setting up python3-openssl (17.3.0-1~0+ubuntu16.04.1+certbot+1) ... Setting up python3-josepy (1.1.0-2+ubuntu16.04.1+certbot+1) ... Setting up python3-funcsigs (0.4-2) ... Setting up python3-pbr (1.8.0-4ubuntu1) ... update-alternatives: using /usr/bin/python3-pbr to provide /usr/bin/pbr (pbr) in auto mode Setting up python3-mock (1.3.0-2.1ubuntu1) ... Setting up python3-requests-toolbelt (0.8.0-1+ubuntu16.04.1+certbot+1) ... Setting up python3-tz (2014.10~dfsg1-0ubuntu2) ... Setting up python3-rfc3339 (1.0-4+certbot~xenial+1) ... Setting up python3-acme (0.31.0-2+ubuntu16.04.6+certbot+2) ... Setting up python3-ndg-httpsclient (0.4.2-1+certbot~xenial+1) ... Setting up python3-configargparse (0.11.0-1+certbot~xenial+1) ... Setting up python3-future (0.15.2-4+ubuntu16.04.1+certbot+3) ... update-alternatives: using /usr/bin/python3-futurize to provide /usr/bin/futurize (futurize) in auto mode update-alternatives: using /usr/bin/python3-pasteurize to provide /usr/bin/pasteurize (pasteurize) in auto mode Setting up python3-parsedatetime (2.4-3+ubuntu16.04.1+certbot+3) ... Setting up python3-zope.hookable (4.0.4-4+ubuntu16.04.1+certbot+1) ... Setting up python3-zope.interface (4.3.2-1+ubuntu16.04.1+certbot+1) ... Setting up python3-zope.event (4.2.0-1) ... Setting up python3-zope.component (4.3.0-1+ubuntu16.04.1+certbot+3) ... Setting up python3-certbot (0.31.0-1+ubuntu16.04.1+certbot+1) ... Setting up certbot (0.31.0-1+ubuntu16.04.1+certbot+1) ... certbot.service is a disabled or a static unit, not starting it. Setting up python3-icu (1.9.2-2build1) ...
ステップ 3: Let’s Encrypt の SSL ワイルドカード証明書をリクエストする
3. 次のコマンドを入力して Certbot をインタラクティブモードで起動します。このコマンドでは、DNS チャレンジで手動認証を使用してドメインの所有権を検証することを Certbot に指示します。また、最上位ドメインとそのサブドメイン用にワイルドカード証明書をリクエストします。
$ DOMAIN=kreyysyy.net $ WILDCARD=*.$DOMAIN $ echo $DOMAIN && echo $WILDCARD kreyysyy.net *.kreyysyy.net
$ sudo certbot -d $DOMAIN -d $WILDCARD --manual --preferred-challenges dns certonly Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator manual, Installer None Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): ********@gmail.com Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v02.api.letsencrypt.org/directory - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (A)gree/(C)ancel: A - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: N Obtaining a new certificate Performing the following challenges: dns-01 challenge for kreyysyy.net dns-01 challenge for kreyysyy.net - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - NOTE: The IP of this machine will be publicly logged as having requested this certificate. If you're running certbot in manual mode on a machine that is not your server, please ensure you're okay with that. Are you OK with your IP being logged? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please deploy a DNS TXT record under the name _acme-challenge.kreyysyy.net with the following value: ◆◆◆DNS TXTレコード用の文字列がここに表示される◆◆◆ Before continuing, verify the record is deployed. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Press Enter to Continue - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please deploy a DNS TXT record under the name _acme-challenge.kreyysyy.net with the following value: ◆◆◆DNS TXTレコード用の文字列がここに表示される◆◆◆ Before continuing, verify the record is deployed. (This must be set up in addition to the previous challenges; do not remove, replace, or undo the previous challenge tasks yet. Note that you might be asked to create multiple distinct TXT records with the same name. This is permitted by DNS standards.) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Press Enter to Continue
ここまで来たらEnterは押さずにステップ4~5へ移り、それが終わってからEnterを押します。
ステップ 6: Let’s Encrypt の SSL 証明書リクエストを完了する
1. WordPress インスタンスの Lightsail ブラウザベースの SSH セッションで、Enter キーを押し、Let’s Encrypt SSL 証明書のリクエストを続行します。成功すると、次のスクリーンショットに示すようなレスポンスが表示されます。
Waiting for verification... Resetting dropped connection: acme-v02.api.letsencrypt.org Cleaning up challenges IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/kreyysyy.net/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/kreyysyy.net/privkey.pem Your cert will expire on 2020-07-22. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
ステップ 7: Apache サーバーディレクトリで Let’s Encrypt の証明書ファイルへのリンクを作成する
1. WordPress インスタンスの Lightsail ブラウザベースの SSH セッションで、次のコマンドを入力して基盤となるサービスを停止します。
$ sudo /opt/bitnami/ctlscript.sh stop Syntax OK /opt/bitnami/apache2/scripts/ctl.sh : httpd stopped /opt/bitnami/php/scripts/ctl.sh : php-fpm stopped /opt/bitnami/mysql/scripts/ctl.sh : mysql stopped
2. 次のコマンドを入力してドメインの環境変数を設定します。コマンドをコピーして貼り付け、より効率的に証明書ファイルをリンクできます。
domainは登録済みのドメイン名に置き換えてください。3. 次のコマンドを入力し、変数が正しい値を返すことを確認します。
$ DOMAIN=kreyysyy.net $ WILDCARD=*.$DOMAIN $ echo $DOMAIN && echo $WILDCARD kreyysyy.net *.kreyysyy.net
4. 既存の証明書ファイルがある場合、バックアップとして以下のコマンドを個別に入力して名前を変更します。
$ sudo mv /opt/bitnami/apache2/conf/server.crt /opt/bitnami/apache2/conf/server.crt.old $ sudo mv /opt/bitnami/apache2/conf/server.key /opt/bitnami/apache2/conf/server.key.old $ sudo mv /opt/bitnami/apache2/conf/server.csr /opt/bitnami/apache2/conf/server.csr.old
5. 以下のコマンドを個別に入力し、Apache ディレクトリで Let’s Encrypt の証明書ファイルへのリンクを作成します。
$ sudo ln -s /etc/letsencrypt/live/$DOMAIN/privkey.pem /opt/bitnami/apache2/conf/server.key $ sudo ln -s /etc/letsencrypt/live/$DOMAIN/fullchain.pem /opt/bitnami/apache2/conf/server.crt $ ls -l /opt/bitnami/apache2/conf/server.* lrwxrwxrwx 1 root root 48 Apr 23 03:19 /opt/bitnami/apache2/conf/server.crt -> /etc/letsencrypt/live/kreyysyy.net/fullchain.pem -rw-r--r-- 1 root root 1180 Apr 17 02:50 /opt/bitnami/apache2/conf/server.crt.old -rw-r--r-- 1 root root 985 Apr 17 02:50 /opt/bitnami/apache2/conf/server.csr.old lrwxrwxrwx 1 root root 46 Apr 23 03:19 /opt/bitnami/apache2/conf/server.key -> /etc/letsencrypt/live/kreyysyy.net/privkey.pem -rw------- 1 root root 1675 Apr 17 02:50 /opt/bitnami/apache2/conf/server.key.old $ sudo ls -l /etc/letsencrypt/live/kreyysyy.net/ total 4 lrwxrwxrwx 1 root root 36 Apr 23 03:09 cert.pem -> ../../archive/kreyysyy.net/cert1.pem lrwxrwxrwx 1 root root 37 Apr 23 03:09 chain.pem -> ../../archive/kreyysyy.net/chain1.pem lrwxrwxrwx 1 root root 41 Apr 23 03:09 fullchain.pem -> ../../archive/kreyysyy.net/fullchain1.pem lrwxrwxrwx 1 root root 39 Apr 23 03:09 privkey.pem -> ../../archive/kreyysyy.net/privkey1.pem -rw-r--r-- 1 root root 692 Apr 23 03:09 README
6. 次のコマンドを入力して、以前に停止した基盤となるサービスを開始します。
$ sudo /opt/bitnami/ctlscript.sh start /opt/bitnami/mysql/scripts/ctl.sh : mysql started at port 3306 /opt/bitnami/php/scripts/ctl.sh : php-fpm started Syntax OK /opt/bitnami/apache2/scripts/ctl.sh : httpd started at port 80
ステップ 8: Really Simple SSL プラグインを使用して SSL 証明書を WordPress サイトに統合する
1. WordPress インスタンスの Lightsail ブラウザベースの SSH セッションで、次のコマンドを入力して wp-config.php ファイルを書き込み可能に設定します。Really Simple SSL プラグインは、wp-config.php ファイルに書き込むことで証明書を設定します。
$ sudo ls -l /opt/bitnami/apps/wordpress/htdocs/wp-config.php -rw-r----- 1 bitnami daemon 4253 Apr 17 02:50 /opt/bitnami/apps/wordpress/htdocs/wp-config.php $ sudo chmod 666 /opt/bitnami/apps/wordpress/htdocs/wp-config.php