LightsailのRedmineで、Let’s Encryptを使っていて、手動更新するときのメモです。

sshの設定もメモっとく。

Lightsailのsshキーをダウンロードする

Lightsailのsshキーをダウンロードして~/.sshに移動しておく。

vimで~/.ssh/configを開きます。

~ $ vim .ssh/config

~/.ssh/configを設定する

以下のように設定すると、接続が楽になります。

Host redmine.yourhost.com
  Hostname redmine.yourhost.com
  IdentityFile ~/.ssh/LightsailDefaultPrivateKey-us-east-1.pem
  User bitnami
  Port 22

なにはともあれ接続する

🍙 ~ $ ssh redmine.yourhost.com
Welcome to Ubuntu 16.04.4 LTS (GNU/Linux 4.4.0-1066-aws x86_64)
       ___ _ _                   _
      | _ |_) |_ _ _  __ _ _ __ (_)
      | _ \ |  _| ' \/ _` | '  \| |
      |___/_|\__|_|_|\__,_|_|_|_|_|

  *** Welcome to the Bitnami Redmine 3.4.4-2 ***
  *** Documentation:  https://docs.bitnami.com/aws/apps/redmine/ ***
  ***                 https://docs.bitnami.com/aws/ ***
  *** Bitnami Forums: https://community.bitnami.com/ ***
Last login: Sun Sep 30 16:11:41 2018 from xxx.xxx.xx.xxx

移動する

bitnami@ip-xxx-xx-x-xxx:~$ cd /opt/bitnami/
bitnami@ip-xxx-xx-x-xxx:/opt/bitnami$ ls -la
total 3504
drwxr-xr-x 20 root    root       4096 Mar  6  2018 .
drwxr-xr-x  4 root    root       4096 May 10 23:57 ..
drwxr-xr-x 14 root    root       4096 Mar  6  2018 apache2
drwxr-xr-x  5 root    root       4096 Mar  6  2018 apps
-rw-r--r--  1 root    root         27 Mar  6  2018 .bashrc
-rw-r--r--  1 root    root        466 Mar  6  2018 .bitnamirc
drwxr-xr-x  2 root    root       4096 Mar  6  2018 bnsupport
lrwxrwxrwx  1 root    root         52 Mar  6  2018 bnsupport-tool -> /opt/bitnami/bnsupport/bnsupport-0.6.0-linux-x64.run
-rw-r--r--  1 root    root      26887 Mar  6  2018 changelog.txt
drwxr-xr-x 11 root    root       4096 Mar  6  2018 common
drwxr-xr-x  4 root    root       4096 Mar  6  2018 config
-rwxr-xr-x  1 root    root      51890 Mar  6  2018 ctlscript.sh
drwxr-xr-x  7 root    root       4096 Mar  6  2018 git
drwxr-xr-x  2 root    root       4096 Mar  6  2018 img
drwxr-xr-x  2 root    root       4096 Mar  6  2018 licenses
-rwx------  1 root    root    3390885 Feb 27  2017 manager-linux-x64.run
drwxr-xr-x 11 root    root       4096 May 10 21:52 mysql
drwxr-xr-x  4 root    root       4096 Mar  6  2018 perl
drwxr-xr-x 11 root    root       4096 Mar  6  2018 php
drwxr-xr-x  5 root    root       4096 Mar  6  2018 postgresql
-rwxrwx---  1 bitnami root       2033 May 18 07:33 properties.ini
-rw-r--r--  1 root    root      14439 Mar  6  2018 README.txt
drwxr-xr-x  7 root    root       4096 Mar  6  2018 ruby
drwxr-xr-x  3 root    root       4096 Mar  6  2018 scripts
drwxr-xr-x  5 root    root       4096 Mar  6  2018 sqlite
drwxr-xr-x  2 bitnami bitnami    4096 Sep 30 15:53 stats
drwxr-xr-x  9 root    root       4096 Mar  6  2018 subversion
-rwxr--r--  1 root    root         60 Mar  6  2018 use_redmine
drwxr-xr-x  7 root    root       4096 May 10 21:52 var

ctlscript.shを確認する

bitnami@ip-xxx-xx-x-xxx:/opt/bitnami$ sudo ./ctlscript.sh
usage: ./ctlscript.sh help
       ./ctlscript.sh (start|stop|restart|status)
       ./ctlscript.sh (start|stop|restart|status) mysql
       ./ctlscript.sh (start|stop|restart|status) php-fpm
       ./ctlscript.sh (start|stop|restart|status) apache
       ./ctlscript.sh (start|stop|restart|status) subversion

help       - this screen
start      - start the service(s)
stop       - stop  the service(s)
restart    - restart or start the service(s)
status     - show the status of the service(s)

stopする

bitnami@ip-xxx-xx-x-xxx:/opt/bitnami$ sudo ./ctlscript.sh stop

/opt/bitnami/subversion/scripts/ctl.sh : subversion stopped
Syntax OK
/opt/bitnami/apache2/scripts/ctl.sh : httpd stopped
/opt/bitnami/php/scripts/ctl.sh : php-fpm stopped
/opt/bitnami/mysql/scripts/ctl.sh : mysql stopped

renewする

bitnami@ip-xxx-xx-x-xxx:~$ certbot-auto renew
Requesting to rerun /bin/certbot-auto with root privileges...
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/redmine.yourhost.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator standalone, Installer None
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for redmine.yourhost.com
Waiting for verification...
Cleaning up challenges

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/redmine.yourhost.com/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Congratulations, all renewals succeeded. The following certs have been renewed:
  /etc/letsencrypt/live/redmine.yourhost.com/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

startする

bitnami@ip-xxx-xx-x-xxx:/opt/bitnami$ sudo ./ctlscript.sh start
/opt/bitnami/mysql/scripts/ctl.sh : mysql  started at port 3306
/opt/bitnami/php/scripts/ctl.sh : php-fpm started
Syntax OK
/opt/bitnami/apache2/scripts/ctl.sh : httpd started at port 80
/opt/bitnami/subversion/scripts/ctl.sh : subversion started at port 3690

ssl設定のメモ

sslを設定するために、confを修正する

移動する

bitnami@ip-xxx-xx-x-xxx:~$ cd /opt/bitnami/apache2/conf/bitnami/
bitnami@ip-xxx-xx-x-xxx:/opt/bitnami/apache2/conf/bitnami$ ls -la
total 48
drwxr-xr-x 2 bitnami root    4096 Sep 30 15:55 .
drwxr-xr-x 5 bitnami root    4096 May 10 21:52 ..
-rw-r--r-- 1 bitnami root     210 Mar  6  2018 bitnami-apps-prefix.conf
-rw-r--r-- 1 bitnami root      51 Mar  6  2018 bitnami-apps-vhosts.conf
-rw-r--r-- 1 bitnami root    2429 Sep 30 15:54 bitnami.conf
-rw-rw-r-- 1 bitnami bitnami  852 Mar  6  2018 httpd-2xlarge.conf
lrwxrwxrwx 1 root    root      50 May 10 21:52 httpd.conf -> /opt/bitnami/apache2/conf/bitnami/httpd-micro.conf
-rw-rw-r-- 1 bitnami bitnami  851 Mar  6  2018 httpd-large.conf
-rw-r--r-- 1 bitnami bitnami  847 Mar  6  2018 httpd-medium.conf
-rw-r--r-- 1 bitnami bitnami  888 Mar  6  2018 httpd-micro.conf
-rw-r--r-- 1 bitnami bitnami  860 Mar  6  2018 httpd-small.conf
-rw-rw-r-- 1 bitnami bitnami  852 Mar  6  2018 httpd-xlarge.conf
-rw-r--r-- 1 bitnami root     331 Mar  6  2018 passenger.conf

vimで開く

bitnami@ip-xxx-xx-x-xxx:/opt/bitnami/apache2/conf/bitnami$ vim bitnami.conf

修正する

SSLCertificateFile "/opt/bitnami/apache3/conf/server.crt"をコメントアウトする。

SSLCertificateFile "/etc/letsencrypt/live/redmine.yourhost.com/fullchain.pem"を追加する。

# Default Virtual Host configuration.

<IfVersion < 2.3 >
  NameVirtualHost *:80
  NameVirtualHost *:443
</IfVersion>

#<VirtualHost _default_:80>
#  DocumentRoot "/opt/bitnami/apache2/htdocs"
#  <Directory "/opt/bitnami/apache2/htdocs">
#    Options Indexes FollowSymLinks
#    AllowOverride All
#    <IfVersion < 2.3 >
#      Order allow,deny
#      Allow from all
#    </IfVersion>
#    <IfVersion >= 2.3 >
#      Require all granted
#    </IfVersion>
#  </Directory>

  # Error Documents
#  ErrorDocument 503 /503.html

  # Bitnami applications installed with a prefix URL (default)
#  Include "/opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf"
#</VirtualHost>

<VirtualHost _default_:80>
  ServerName redmine.yourhost.com:80
  RewriteEngine on
  RewriteCond %{HTTP_HOST} ^redmine.yourhost\.com
  RewriteRule ^/(.*)$ https://redmine.yourhost.com/$1 [R=301,L]
</VirtualHost>

# Default SSL Virtual Host configuration.

<IfModule !ssl_module>
  LoadModule ssl_module modules/mod_ssl.so
</IfModule>

Listen 443
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !EDH !RC4"
SSLPassPhraseDialog  builtin
SSLSessionCache "shmcb:/opt/bitnami/apache2/logs/ssl_scache(512000)"
SSLSessionCacheTimeout  300

<VirtualHost _default_:443>
  DocumentRoot "/opt/bitnami/apache2/htdocs"
  SSLEngine on
#SSLCertificateFile "/opt/bitnami/apache3/conf/server.crt"
SSLCertificateFile "/etc/letsencrypt/live/redmine.yourhost.com/fullchain.pem"
#SSLCertificateKeyFile "/opt/bitnami/apache2/conf/server.key"
SSLCertificateKeyFile "/etc/letsencrypt/live/redmine.yourhost.com/privkey.pem"

  <Directory "/opt/bitnami/apache2/htdocs">
    Options Indexes FollowSymLinks
    AllowOverride All
    <IfVersion < 2.3 >
      Order allow,deny
      Allow from all
    </IfVersion>
    <IfVersion >= 2.3 >
      Require all granted
    </IfVersion>
  </Directory>

  # Error Documents
  ErrorDocument 503 /503.html

  # Bitnami applications installed with a prefix URL (default)
  Include "/opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf"
</VirtualHost>

# Bitnami applications that uses virtual host configuration
Include "/opt/bitnami/apache2/conf/bitnami/bitnami-apps-vhosts.conf"

あとがき

自分のためにメモっときます。

誤りがあれば、つっこんで頂ければありがたいです!