質問編集履歴

httpのリダイレクトの設定が間違っていたので修正しました

2019/06/07 06:36

投稿

sumagimo

スコア16

title CHANGED Viewed

File without changes

body CHANGED Viewed

@@ -162,15 +162,15 @@
 aaa.example.conf
    RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/$
-   RewriteRule ^(.*)$ https://ccc.example$1 [R=301,L]
+   RewriteRule ^(.*)$ https://aaa.example$1 [R=301,L]
 www.aaa.example.conf
    RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/$
-   RewriteRule ^(.*)$ https://ccc.example$1 [R=301,L]
+   RewriteRule ^(.*)$ https://www.aaa.example$1 [R=301,L]
 www.bbb.example.conf
    RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/$
-   RewriteRule ^(.*)$ https://ccc.example$1 [R=301,L]
+   RewriteRule ^(.*)$ https://www.bbb.example$1 [R=301,L]
 aaa.example-ssl.conf
    RewriteCond %{REQUEST_URI} !^/check/$  ※証明書確認のための除外

ドメインを例示用に修正、リダイレクト、apacheの設定を追記

2019/06/07 06:36

投稿

sumagimo

スコア16

title CHANGED Viewed

File without changes

body CHANGED Viewed

@@ -7,28 +7,28 @@
 ### やりたいこと
-aaa.jp
+aaa.example
-www.aaa.jp
+www.aaa.example
-www.bbb.jp
+www.bbb.example
 上記3ドメインにLet's Encryptの自動更新のクーロンをセットしたい
-※aaa.jp、www.aaa.jp、www.bbb.jpともに最終的にはccc.jpにリダイレクトさせる
+※aaa.example、www.aaa.example、www.bbb.exampleともに最終的にはccc.exampleにリダイレクトさせる
 ### 実行した手順
 1. httpからhttpsへのリダイレクトを停止し、httpでレスポンスさせておく
 2. 証明書の取得
-$ sudo certbot certonly --webroot -w /var/www/html/ -d aaa.jp
+$ sudo certbot certonly --webroot -w /var/www/html/ -d aaa.example
-$ sudo certbot certonly --webroot -w /var/www/html/ -d www.aaa.jp
+$ sudo certbot certonly --webroot -w /var/www/html/ -d www.aaa.example
-$ sudo certbot certonly --webroot -w /var/www/html/ -d www.bbb.jp
+$ sudo certbot certonly --webroot -w /var/www/html/ -d www.bbb.example
 ※下記コマンドがエラーになったため取得と設定を別々に作業することにした
-※$ sudo certbot --apache -d aaa.jp -d www.aaa.jp -d www.bbb.jp
+※$ sudo certbot --apache -d aaa.example -d www.aaa.example -d www.bbb.example
 3. 証明書の反映
-$ sudo vi aaa.jp-ssl.conf
+$ sudo vi aaa.example-ssl.conf
-$ sudo vi www.aaa.jp-ssl.conf
+$ sudo vi www.aaa.example-ssl.conf
-$ sudo vi www.bbb.jp-ssl.conf
+$ sudo vi www.bbb.example-ssl.conf
 それぞれのファイルの証明書の部分を変更
      SSLCertificateFile /etc/letsencrypt/live/[サーバーのドメイン]/cert.pem
      SSLCertificateKeyFile /etc/letsencrypt/live/[サーバーのドメイン]/privkey.pem
@@ -37,9 +37,9 @@
 4. httpからhttpsへのリダイレクトを有効にする
 5. それぞれのドメインのhttpsを有効にする
-$ sudo a2ensite aaa.jp-ssl.conf
+$ sudo a2ensite aaa.example-ssl.conf
-$ sudo a2ensite www.aaa.jp-ssl.conf
+$ sudo a2ensite www.aaa.example-ssl.conf
-$ sudo a2ensite www.bbb.jp-ssl.conf
+$ sudo a2ensite www.bbb.example-ssl.conf
 ・設定反映
 $ sudo apachectl configtest
 $ sudo /etc/init.d/apache2 reload
@@ -47,10 +47,10 @@
 6. httpからhttpsへリダイレクトしていることを確認
 7. 証明書が正しく反映されていることを確認
-aaa.jp-ssl.conf
+aaa.example-ssl.conf
-www.aaa.jp-ssl.conf
+www.aaa.example-ssl.conf
-www.bbb.jp-ssl.conf
+www.bbb.example-ssl.conf
-ともに特定のURLはccc.jpにリダイレクトしない除外設定を仕込んで確認
+ともに特定のURLはccc.exampleにリダイレクトしない除外設定を仕込んで確認
 8. 証明書自動更新のシミュレーション
 $ sudo certbot renew --dry-run
@@ -63,53 +63,53 @@
 Saving debug log to /var/log/letsencrypt/letsencrypt.log
 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Processing /etc/letsencrypt/renewal/aaa.jp.conf
+Processing /etc/letsencrypt/renewal/aaa.example.conf
 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 Cert not due for renewal, but simulating renewal for dry run
 Plugins selected: Authenticator webroot, Installer None
 Renewing an existing certificate
 Performing the following challenges:
-http-01 challenge for aaa.jp
+http-01 challenge for aaa.example
 Waiting for verification...
 Cleaning up challenges
-Attempting to renew cert (aaa.jp) from /etc/letsencrypt/renewal/aaa.jp.conf produced an unexpected error: Failed authorization procedure. aaa.jp (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://ccc.jp/ [xxx.xxx.xx.xxx]: "[ccc.jpのindex.htmlの応答]". Skipping.
+Attempting to renew cert (aaa.example) from /etc/letsencrypt/renewal/aaa.example.conf produced an unexpected error: Failed authorization procedure. aaa.example (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://ccc.example/ [xxx.xxx.xx.xxx]: "[ccc.exampleのindex.htmlの応答]". Skipping.
 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Processing /etc/letsencrypt/renewal/www.bbb.jp.conf
+Processing /etc/letsencrypt/renewal/www.bbb.example.conf
 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 Cert not due for renewal, but simulating renewal for dry run
 Plugins selected: Authenticator webroot, Installer None
 Renewing an existing certificate
 Performing the following challenges:
-http-01 challenge for www.bbb.jp
+http-01 challenge for www.bbb.example
 Cleaning up challenges
-Attempting to renew cert (www.bbb.jp) from /etc/letsencrypt/renewal/www.bbb.jp.conf produced an unexpected error: Missing command line flag or config entry for this setting:
+Attempting to renew cert (www.bbb.example) from /etc/letsencrypt/renewal/www.bbb.example.conf produced an unexpected error: Missing command line flag or config entry for this setting:
-Input the webroot for www.bbb.jp:. Skipping.
+Input the webroot for www.bbb.example:. Skipping.
 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Processing /etc/letsencrypt/renewal/www.aaa.jp.conf
+Processing /etc/letsencrypt/renewal/www.aaa.example.conf
 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 Cert not due for renewal, but simulating renewal for dry run
 Plugins selected: Authenticator webroot, Installer None
 Renewing an existing certificate
 Performing the following challenges:
-http-01 challenge for www.aaa.jp
+http-01 challenge for www.aaa.example
 Waiting for verification...
 Cleaning up challenges
-Attempting to renew cert (www.aaa.co.jp) from /etc/letsencrypt/renewal/www.aaa.jp.conf produced an unexpected error: Failed authorization procedure. www.aaa.jp (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://ccc.jp/ [xx.xxx.xxx.xxx]: "[ccc.jpのindex.htmlの応答]". Skipping.
+Attempting to renew cert (www.aaa.co.example) from /etc/letsencrypt/renewal/www.aaa.example.conf produced an unexpected error: Failed authorization procedure. www.aaa.example (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://ccc.example/ [xx.xxx.xxx.xxx]: "[ccc.exampleのindex.htmlの応答]". Skipping.
 All renewal attempts failed. The following certs could not be renewed:
-  /etc/letsencrypt/live/aaa.jp/fullchain.pem (failure)
+  /etc/letsencrypt/live/aaa.example/fullchain.pem (failure)
-  /etc/letsencrypt/live/www.bbb.jp/fullchain.pem (failure)
+  /etc/letsencrypt/live/www.bbb.example/fullchain.pem (failure)
-  /etc/letsencrypt/live/www.aaa.jp/fullchain.pem (failure)
+  /etc/letsencrypt/live/www.aaa.example/fullchain.pem (failure)
 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 ** DRY RUN: simulating 'certbot renew' close to cert expiry
 **          (The test certificates below have not been saved.)
 All renewal attempts failed. The following certs could not be renewed:
-  /etc/letsencrypt/live/aaa.jp/fullchain.pem (failure)
+  /etc/letsencrypt/live/aaa.example/fullchain.pem (failure)
-  /etc/letsencrypt/live/www.bbb.jp/fullchain.pem (failure)
+  /etc/letsencrypt/live/www.bbb.example/fullchain.pem (failure)
-  /etc/letsencrypt/live/www.aaa.jp/fullchain.pem (failure)
+  /etc/letsencrypt/live/www.aaa.example/fullchain.pem (failure)
 ** DRY RUN: simulating 'certbot renew' close to cert expiry
 **          (The test certificates above have not been saved.)
 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
@@ -118,20 +118,20 @@
 IMPORTANT NOTES:
  - The following errors were reported by the server:
-   Domain: aaa.jp
+   Domain: aaa.example
    Type:   unauthorized
-   Detail: Invalid response from https://ccc.jp/
+   Detail: Invalid response from https://ccc.example/
-   [xxx.xxx.xxx.xxx]: "[ccc.jpのindex.htmlの応答]"
+   [xxx.xxx.xxx.xxx]: "[ccc.exampleのindex.htmlの応答]"
    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.
  - The following errors were reported by the server:
-   Domain: www.aaa.jp
+   Domain: www.aaa.example
    Type:   unauthorized
-   Detail: Invalid response from https://ccc.jp/
+   Detail: Invalid response from https://ccc.example/
-   [xxx.xxx.xxx.xxx]: "[ccc.jpのindex.htmlの応答]"
+   [xxx.xxx.xxx.xxx]: "[ccc.exampleのindex.htmlの応答]"
    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
@@ -145,9 +145,9 @@
 ### 対策したこと
-aaa.jp.conf
+aaa.example.conf
-www.aaa.jp.conf
+www.aaa.example.conf
-www.bbb.jp.conf
+www.bbb.example.conf
 上記に対してサーバの認証で使用する（と思われる）pathをドキュメントルートに作成し、リダイレクトから除外してhttpで反応するようにした
 除外PATH  /var/www/html/.well-known/acme-challenge/
@@ -156,4 +156,76 @@
 ### 原因と思われること
-証明書の取得でサーバ認証PATHに /var/www/html/ を指定したこと
+証明書の取得でサーバ認証PATHに /var/www/html/ を指定したこと
+### リダイレクトの設定
+aaa.example.conf
+   RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/$
+   RewriteRule ^(.*)$ https://ccc.example$1 [R=301,L]
+www.aaa.example.conf
+   RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/$
+   RewriteRule ^(.*)$ https://ccc.example$1 [R=301,L]
+www.bbb.example.conf
+   RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/$
+   RewriteRule ^(.*)$ https://ccc.example$1 [R=301,L]
+aaa.example-ssl.conf
+   RewriteCond %{REQUEST_URI} !^/check/$  ※証明書確認のための除外
+   RewriteRule ^(.*)$ https://ccc.example$1 [R=301,L]
+www.aaa.example-ssl.conf
+   RewriteCond %{REQUEST_URI} !^/check/$  ※証明書確認のための除外
+   RewriteRule ^(.*)$ https://ccc.example$1 [R=301,L]
+www.bbb.example-ssl.conf
+   RewriteCond %{REQUEST_URI} !^/check/$  ※証明書確認のための除外
+   RewriteRule ^(.*)$ https://ccc.example$1 [R=301,L]
+### apacheの設定
+apache2.conf
+DefaultRuntimeDir ${APACHE_RUN_DIR}
+PidFile ${APACHE_PID_FILE}
+Timeout 300
+KeepAlive On
+MaxKeepAliveRequests 100
+KeepAliveTimeout 5
+User ${APACHE_RUN_USER}
+Group ${APACHE_RUN_GROUP}
+HostnameLookups Off
+ErrorLog ${APACHE_LOG_DIR}/error.log
+LogLevel warn
+IncludeOptional mods-enabled/*.load
+IncludeOptional mods-enabled/*.conf
+Include ports.conf
+<Directory />
+        Options FollowSymLinks
+        AllowOverride None
+        Require all denied
+</Directory>
+<Directory /usr/share>
+        AllowOverride None
+        Require all granted
+</Directory>
+<Directory /var/www/>
+        Options Indexes FollowSymLinks
+        AllowOverride None
+        Require all granted
+</Directory>
+AccessFileName .htaccess
+<FilesMatch "^.ht">
+        Require all denied
+</FilesMatch>
+LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
+LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
+LogFormat "%h %l %u %t \"%r\" %>s %O" common
+LogFormat "%{Referer}i -> %U" referer
+LogFormat "%{User-agent}i" agent
+IncludeOptional conf-enabled/*.conf
+IncludeOptional sites-enabled/*.conf