LightsailのRedmine(Bitnami)でLet's Encryptを手動更新するときのメモ
LightsailのRedmineで、Let’s Encryptを使っていて、手動更新するときのメモです。
sshの設定もメモっとく。
Lightsailのsshキーをダウンロードする
Lightsailのsshキーをダウンロードして~/.sshに移動しておく。
vimで~/.ssh/configを開きます。
1~ $ vim .ssh/config
~/.ssh/configを設定する
以下のように設定すると、接続が楽になります。
1Host redmine.yourhost.com
2 Hostname redmine.yourhost.com
3 IdentityFile ~/.ssh/LightsailDefaultPrivateKey-us-east-1.pem
4 User bitnami
5 Port 22
なにはともあれ接続する
1🍙 ~ $ ssh redmine.yourhost.com
2Welcome to Ubuntu 16.04.4 LTS (GNU/Linux 4.4.0-1066-aws x86_64)
3 ___ _ _ _
4 | _ |_) |_ _ _ __ _ _ __ (_)
5 | _ \ | _| ' \/ _` | ' \| |
6 |___/_|\__|_|_|\__,_|_|_|_|_|
7
8 *** Welcome to the Bitnami Redmine 3.4.4-2 ***
9 *** Documentation: https://docs.bitnami.com/aws/apps/redmine/ ***
10 *** https://docs.bitnami.com/aws/ ***
11 *** Bitnami Forums: https://community.bitnami.com/ ***
12Last login: Sun Sep 30 16:11:41 2018 from xxx.xxx.xx.xxx
移動する
1bitnami@ip-xxx-xx-x-xxx:~$ cd /opt/bitnami/
2bitnami@ip-xxx-xx-x-xxx:/opt/bitnami$ ls -la
3total 3504
4drwxr-xr-x 20 root root 4096 Mar 6 2018 .
5drwxr-xr-x 4 root root 4096 May 10 23:57 ..
6drwxr-xr-x 14 root root 4096 Mar 6 2018 apache2
7drwxr-xr-x 5 root root 4096 Mar 6 2018 apps
8-rw-r--r-- 1 root root 27 Mar 6 2018 .bashrc
9-rw-r--r-- 1 root root 466 Mar 6 2018 .bitnamirc
10drwxr-xr-x 2 root root 4096 Mar 6 2018 bnsupport
11lrwxrwxrwx 1 root root 52 Mar 6 2018 bnsupport-tool -> /opt/bitnami/bnsupport/bnsupport-0.6.0-linux-x64.run
12-rw-r--r-- 1 root root 26887 Mar 6 2018 changelog.txt
13drwxr-xr-x 11 root root 4096 Mar 6 2018 common
14drwxr-xr-x 4 root root 4096 Mar 6 2018 config
15-rwxr-xr-x 1 root root 51890 Mar 6 2018 ctlscript.sh
16drwxr-xr-x 7 root root 4096 Mar 6 2018 git
17drwxr-xr-x 2 root root 4096 Mar 6 2018 img
18drwxr-xr-x 2 root root 4096 Mar 6 2018 licenses
19-rwx------ 1 root root 3390885 Feb 27 2017 manager-linux-x64.run
20drwxr-xr-x 11 root root 4096 May 10 21:52 mysql
21drwxr-xr-x 4 root root 4096 Mar 6 2018 perl
22drwxr-xr-x 11 root root 4096 Mar 6 2018 php
23drwxr-xr-x 5 root root 4096 Mar 6 2018 postgresql
24-rwxrwx--- 1 bitnami root 2033 May 18 07:33 properties.ini
25-rw-r--r-- 1 root root 14439 Mar 6 2018 README.txt
26drwxr-xr-x 7 root root 4096 Mar 6 2018 ruby
27drwxr-xr-x 3 root root 4096 Mar 6 2018 scripts
28drwxr-xr-x 5 root root 4096 Mar 6 2018 sqlite
29drwxr-xr-x 2 bitnami bitnami 4096 Sep 30 15:53 stats
30drwxr-xr-x 9 root root 4096 Mar 6 2018 subversion
31-rwxr--r-- 1 root root 60 Mar 6 2018 use_redmine
32drwxr-xr-x 7 root root 4096 May 10 21:52 var
ctlscript.shを確認する
1bitnami@ip-xxx-xx-x-xxx:/opt/bitnami$ sudo ./ctlscript.sh
2usage: ./ctlscript.sh help
3 ./ctlscript.sh (start|stop|restart|status)
4 ./ctlscript.sh (start|stop|restart|status) mysql
5 ./ctlscript.sh (start|stop|restart|status) php-fpm
6 ./ctlscript.sh (start|stop|restart|status) apache
7 ./ctlscript.sh (start|stop|restart|status) subversion
8
9help - this screen
10start - start the service(s)
11stop - stop the service(s)
12restart - restart or start the service(s)
13status - show the status of the service(s)
stopする
1bitnami@ip-xxx-xx-x-xxx:/opt/bitnami$ sudo ./ctlscript.sh stop
2
3/opt/bitnami/subversion/scripts/ctl.sh : subversion stopped
4Syntax OK
5/opt/bitnami/apache2/scripts/ctl.sh : httpd stopped
6/opt/bitnami/php/scripts/ctl.sh : php-fpm stopped
7/opt/bitnami/mysql/scripts/ctl.sh : mysql stopped
renewする
1bitnami@ip-xxx-xx-x-xxx:~$ certbot-auto renew
2Requesting to rerun /bin/certbot-auto with root privileges...
3Saving debug log to /var/log/letsencrypt/letsencrypt.log
4
5- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6Processing /etc/letsencrypt/renewal/redmine.yourhost.com.conf
7- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
8Cert is due for renewal, auto-renewing...
9Plugins selected: Authenticator standalone, Installer None
10Renewing an existing certificate
11Performing the following challenges:
12tls-sni-01 challenge for redmine.yourhost.com
13Waiting for verification...
14Cleaning up challenges
15
16- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
17new certificate deployed without reload, fullchain is
18/etc/letsencrypt/live/redmine.yourhost.com/fullchain.pem
19- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
20
21- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
22
23Congratulations, all renewals succeeded. The following certs have been renewed:
24 /etc/letsencrypt/live/redmine.yourhost.com/fullchain.pem (success)
25- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
startする
1bitnami@ip-xxx-xx-x-xxx:/opt/bitnami$ sudo ./ctlscript.sh start
2/opt/bitnami/mysql/scripts/ctl.sh : mysql started at port 3306
3/opt/bitnami/php/scripts/ctl.sh : php-fpm started
4Syntax OK
5/opt/bitnami/apache2/scripts/ctl.sh : httpd started at port 80
6/opt/bitnami/subversion/scripts/ctl.sh : subversion started at port 3690
ssl設定のメモ
sslを設定するために、confを修正する
移動する
1bitnami@ip-xxx-xx-x-xxx:~$ cd /opt/bitnami/apache2/conf/bitnami/
2bitnami@ip-xxx-xx-x-xxx:/opt/bitnami/apache2/conf/bitnami$ ls -la
3total 48
4drwxr-xr-x 2 bitnami root 4096 Sep 30 15:55 .
5drwxr-xr-x 5 bitnami root 4096 May 10 21:52 ..
6-rw-r--r-- 1 bitnami root 210 Mar 6 2018 bitnami-apps-prefix.conf
7-rw-r--r-- 1 bitnami root 51 Mar 6 2018 bitnami-apps-vhosts.conf
8-rw-r--r-- 1 bitnami root 2429 Sep 30 15:54 bitnami.conf
9-rw-rw-r-- 1 bitnami bitnami 852 Mar 6 2018 httpd-2xlarge.conf
10lrwxrwxrwx 1 root root 50 May 10 21:52 httpd.conf -> /opt/bitnami/apache2/conf/bitnami/httpd-micro.conf
11-rw-rw-r-- 1 bitnami bitnami 851 Mar 6 2018 httpd-large.conf
12-rw-r--r-- 1 bitnami bitnami 847 Mar 6 2018 httpd-medium.conf
13-rw-r--r-- 1 bitnami bitnami 888 Mar 6 2018 httpd-micro.conf
14-rw-r--r-- 1 bitnami bitnami 860 Mar 6 2018 httpd-small.conf
15-rw-rw-r-- 1 bitnami bitnami 852 Mar 6 2018 httpd-xlarge.conf
16-rw-r--r-- 1 bitnami root 331 Mar 6 2018 passenger.conf
vimで開く
1bitnami@ip-xxx-xx-x-xxx:/opt/bitnami/apache2/conf/bitnami$ vim bitnami.conf
修正する
SSLCertificateFile "/opt/bitnami/apache3/conf/server.crt"をコメントアウトする。
SSLCertificateFile "/etc/letsencrypt/live/redmine.yourhost.com/fullchain.pem"を追加する。
1# Default Virtual Host configuration.
2
3<IfVersion < 2.3 >
4 NameVirtualHost *:80
5 NameVirtualHost *:443
6</IfVersion>
7
8#<VirtualHost _default_:80>
9# DocumentRoot "/opt/bitnami/apache2/htdocs"
10# <Directory "/opt/bitnami/apache2/htdocs">
11# Options Indexes FollowSymLinks
12# AllowOverride All
13# <IfVersion < 2.3 >
14# Order allow,deny
15# Allow from all
16# </IfVersion>
17# <IfVersion >= 2.3 >
18# Require all granted
19# </IfVersion>
20# </Directory>
21
22 # Error Documents
23# ErrorDocument 503 /503.html
24
25 # Bitnami applications installed with a prefix URL (default)
26# Include "/opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf"
27#</VirtualHost>
28
29<VirtualHost _default_:80>
30 ServerName redmine.yourhost.com:80
31 RewriteEngine on
32 RewriteCond %{HTTP_HOST} ^redmine.yourhost\.com
33 RewriteRule ^/(.*)$ https://redmine.yourhost.com/$1 [R=301,L]
34</VirtualHost>
35
36# Default SSL Virtual Host configuration.
37
38<IfModule !ssl_module>
39 LoadModule ssl_module modules/mod_ssl.so
40</IfModule>
41
42Listen 443
43SSLProtocol all -SSLv2 -SSLv3
44SSLHonorCipherOrder on
45SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !EDH !RC4"
46SSLPassPhraseDialog builtin
47SSLSessionCache "shmcb:/opt/bitnami/apache2/logs/ssl_scache(512000)"
48SSLSessionCacheTimeout 300
49
50<VirtualHost _default_:443>
51 DocumentRoot "/opt/bitnami/apache2/htdocs"
52 SSLEngine on
53#SSLCertificateFile "/opt/bitnami/apache3/conf/server.crt"
54SSLCertificateFile "/etc/letsencrypt/live/redmine.yourhost.com/fullchain.pem"
55#SSLCertificateKeyFile "/opt/bitnami/apache2/conf/server.key"
56SSLCertificateKeyFile "/etc/letsencrypt/live/redmine.yourhost.com/privkey.pem"
57
58 <Directory "/opt/bitnami/apache2/htdocs">
59 Options Indexes FollowSymLinks
60 AllowOverride All
61 <IfVersion < 2.3 >
62 Order allow,deny
63 Allow from all
64 </IfVersion>
65 <IfVersion >= 2.3 >
66 Require all granted
67 </IfVersion>
68 </Directory>
69
70 # Error Documents
71 ErrorDocument 503 /503.html
72
73 # Bitnami applications installed with a prefix URL (default)
74 Include "/opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf"
75</VirtualHost>
76
77# Bitnami applications that uses virtual host configuration
78Include "/opt/bitnami/apache2/conf/bitnami/bitnami-apps-vhosts.conf"
あとがき
自分のためにメモっときます。
誤りがあれば、つっこんで頂ければありがたいです!
Tags: