trhrkmk.com

moon indicating dark mode
sun indicating light mode

LightsailのRedmine(Bitnami)でLet's Encryptを手動更新するときのメモ

2018-09-30

LightsailのRedmineで、Let’s Encryptを使っていて、手動更新するときのメモです。

sshの設定もメモっとく。

Lightsailのsshキーをダウンロードする

Lightsailのsshキーをダウンロードして~/.sshに移動しておく。

vimで~/.ssh/configを開きます。

~ $ vim .ssh/config

~/.ssh/configを設定する

以下のように設定すると、接続が楽になります。

Host redmine.yourhost.com
Hostname redmine.yourhost.com
IdentityFile ~/.ssh/LightsailDefaultPrivateKey-us-east-1.pem
User bitnami
Port 22

なにはともあれ接続する

🍙 ~ $ ssh redmine.yourhost.com
Welcome to Ubuntu 16.04.4 LTS (GNU/Linux 4.4.0-1066-aws x86_64)
___ _ _ _
| _ |_) |_ _ _ __ _ _ __ (_)
| _ \ | _| ' \/ _` | ' \| |
|___/_|\__|_|_|\__,_|_|_|_|_|
*** Welcome to the Bitnami Redmine 3.4.4-2 ***
*** Documentation: https://docs.bitnami.com/aws/apps/redmine/ ***
*** https://docs.bitnami.com/aws/ ***
*** Bitnami Forums: https://community.bitnami.com/ ***
Last login: Sun Sep 30 16:11:41 2018 from xxx.xxx.xx.xxx

移動する

bitnami@ip-xxx-xx-x-xxx:~$ cd /opt/bitnami/
bitnami@ip-xxx-xx-x-xxx:/opt/bitnami$ ls -la
total 3504
drwxr-xr-x 20 root root 4096 Mar 6 2018 .
drwxr-xr-x 4 root root 4096 May 10 23:57 ..
drwxr-xr-x 14 root root 4096 Mar 6 2018 apache2
drwxr-xr-x 5 root root 4096 Mar 6 2018 apps
-rw-r--r-- 1 root root 27 Mar 6 2018 .bashrc
-rw-r--r-- 1 root root 466 Mar 6 2018 .bitnamirc
drwxr-xr-x 2 root root 4096 Mar 6 2018 bnsupport
lrwxrwxrwx 1 root root 52 Mar 6 2018 bnsupport-tool -> /opt/bitnami/bnsupport/bnsupport-0.6.0-linux-x64.run
-rw-r--r-- 1 root root 26887 Mar 6 2018 changelog.txt
drwxr-xr-x 11 root root 4096 Mar 6 2018 common
drwxr-xr-x 4 root root 4096 Mar 6 2018 config
-rwxr-xr-x 1 root root 51890 Mar 6 2018 ctlscript.sh
drwxr-xr-x 7 root root 4096 Mar 6 2018 git
drwxr-xr-x 2 root root 4096 Mar 6 2018 img
drwxr-xr-x 2 root root 4096 Mar 6 2018 licenses
-rwx------ 1 root root 3390885 Feb 27 2017 manager-linux-x64.run
drwxr-xr-x 11 root root 4096 May 10 21:52 mysql
drwxr-xr-x 4 root root 4096 Mar 6 2018 perl
drwxr-xr-x 11 root root 4096 Mar 6 2018 php
drwxr-xr-x 5 root root 4096 Mar 6 2018 postgresql
-rwxrwx--- 1 bitnami root 2033 May 18 07:33 properties.ini
-rw-r--r-- 1 root root 14439 Mar 6 2018 README.txt
drwxr-xr-x 7 root root 4096 Mar 6 2018 ruby
drwxr-xr-x 3 root root 4096 Mar 6 2018 scripts
drwxr-xr-x 5 root root 4096 Mar 6 2018 sqlite
drwxr-xr-x 2 bitnami bitnami 4096 Sep 30 15:53 stats
drwxr-xr-x 9 root root 4096 Mar 6 2018 subversion
-rwxr--r-- 1 root root 60 Mar 6 2018 use_redmine
drwxr-xr-x 7 root root 4096 May 10 21:52 var

ctlscript.shを確認する

bitnami@ip-xxx-xx-x-xxx:/opt/bitnami$ sudo ./ctlscript.sh
usage: ./ctlscript.sh help
./ctlscript.sh (start|stop|restart|status)
./ctlscript.sh (start|stop|restart|status) mysql
./ctlscript.sh (start|stop|restart|status) php-fpm
./ctlscript.sh (start|stop|restart|status) apache
./ctlscript.sh (start|stop|restart|status) subversion
help - this screen
start - start the service(s)
stop - stop the service(s)
restart - restart or start the service(s)
status - show the status of the service(s)

stopする

bitnami@ip-xxx-xx-x-xxx:/opt/bitnami$ sudo ./ctlscript.sh stop
/opt/bitnami/subversion/scripts/ctl.sh : subversion stopped
Syntax OK
/opt/bitnami/apache2/scripts/ctl.sh : httpd stopped
/opt/bitnami/php/scripts/ctl.sh : php-fpm stopped
/opt/bitnami/mysql/scripts/ctl.sh : mysql stopped

renewする

bitnami@ip-xxx-xx-x-xxx:~$ certbot-auto renew
Requesting to rerun /bin/certbot-auto with root privileges...
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/redmine.yourhost.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator standalone, Installer None
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for redmine.yourhost.com
Waiting for verification...
Cleaning up challenges
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/redmine.yourhost.com/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/redmine.yourhost.com/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

startする

bitnami@ip-xxx-xx-x-xxx:/opt/bitnami$ sudo ./ctlscript.sh start
/opt/bitnami/mysql/scripts/ctl.sh : mysql started at port 3306
/opt/bitnami/php/scripts/ctl.sh : php-fpm started
Syntax OK
/opt/bitnami/apache2/scripts/ctl.sh : httpd started at port 80
/opt/bitnami/subversion/scripts/ctl.sh : subversion started at port 3690

ssl設定のメモ

sslを設定するために、confを修正する

移動する

bitnami@ip-xxx-xx-x-xxx:~$ cd /opt/bitnami/apache2/conf/bitnami/
bitnami@ip-xxx-xx-x-xxx:/opt/bitnami/apache2/conf/bitnami$ ls -la
total 48
drwxr-xr-x 2 bitnami root 4096 Sep 30 15:55 .
drwxr-xr-x 5 bitnami root 4096 May 10 21:52 ..
-rw-r--r-- 1 bitnami root 210 Mar 6 2018 bitnami-apps-prefix.conf
-rw-r--r-- 1 bitnami root 51 Mar 6 2018 bitnami-apps-vhosts.conf
-rw-r--r-- 1 bitnami root 2429 Sep 30 15:54 bitnami.conf
-rw-rw-r-- 1 bitnami bitnami 852 Mar 6 2018 httpd-2xlarge.conf
lrwxrwxrwx 1 root root 50 May 10 21:52 httpd.conf -> /opt/bitnami/apache2/conf/bitnami/httpd-micro.conf
-rw-rw-r-- 1 bitnami bitnami 851 Mar 6 2018 httpd-large.conf
-rw-r--r-- 1 bitnami bitnami 847 Mar 6 2018 httpd-medium.conf
-rw-r--r-- 1 bitnami bitnami 888 Mar 6 2018 httpd-micro.conf
-rw-r--r-- 1 bitnami bitnami 860 Mar 6 2018 httpd-small.conf
-rw-rw-r-- 1 bitnami bitnami 852 Mar 6 2018 httpd-xlarge.conf
-rw-r--r-- 1 bitnami root 331 Mar 6 2018 passenger.conf

vimで開く

bitnami@ip-xxx-xx-x-xxx:/opt/bitnami/apache2/conf/bitnami$ vim bitnami.conf

修正する

SSLCertificateFile "/opt/bitnami/apache3/conf/server.crt"をコメントアウトする。

SSLCertificateFile "/etc/letsencrypt/live/redmine.yourhost.com/fullchain.pem"を追加する。

# Default Virtual Host configuration.
<IfVersion < 2.3 >
NameVirtualHost *:80
NameVirtualHost *:443
</IfVersion>
#<VirtualHost _default_:80>
# DocumentRoot "/opt/bitnami/apache2/htdocs"
# <Directory "/opt/bitnami/apache2/htdocs">
# Options Indexes FollowSymLinks
# AllowOverride All
# <IfVersion < 2.3 >
# Order allow,deny
# Allow from all
# </IfVersion>
# <IfVersion >= 2.3 >
# Require all granted
# </IfVersion>
# </Directory>
# Error Documents
# ErrorDocument 503 /503.html
# Bitnami applications installed with a prefix URL (default)
# Include "/opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf"
#</VirtualHost>
<VirtualHost _default_:80>
ServerName redmine.yourhost.com:80
RewriteEngine on
RewriteCond %{HTTP_HOST} ^redmine.yourhost\.com
RewriteRule ^/(.*)$ https://redmine.yourhost.com/$1 [R=301,L]
</VirtualHost>
# Default SSL Virtual Host configuration.
<IfModule !ssl_module>
LoadModule ssl_module modules/mod_ssl.so
</IfModule>
Listen 443
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !EDH !RC4"
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/opt/bitnami/apache2/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
<VirtualHost _default_:443>
DocumentRoot "/opt/bitnami/apache2/htdocs"
SSLEngine on
#SSLCertificateFile "/opt/bitnami/apache3/conf/server.crt"
SSLCertificateFile "/etc/letsencrypt/live/redmine.yourhost.com/fullchain.pem"
#SSLCertificateKeyFile "/opt/bitnami/apache2/conf/server.key"
SSLCertificateKeyFile "/etc/letsencrypt/live/redmine.yourhost.com/privkey.pem"
<Directory "/opt/bitnami/apache2/htdocs">
Options Indexes FollowSymLinks
AllowOverride All
<IfVersion < 2.3 >
Order allow,deny
Allow from all
</IfVersion>
<IfVersion >= 2.3 >
Require all granted
</IfVersion>
</Directory>
# Error Documents
ErrorDocument 503 /503.html
# Bitnami applications installed with a prefix URL (default)
Include "/opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf"
</VirtualHost>
# Bitnami applications that uses virtual host configuration
Include "/opt/bitnami/apache2/conf/bitnami/bitnami-apps-vhosts.conf"

あとがき

自分のためにメモっときます。

誤りがあれば、つっこんで頂ければありがたいです!


@trhrkmk
studying: JavaScript, React, Vim, Linux, Debian, FileMaker, English.