sudo dnf install certbot python3-certbot-nginx -y
certbot --nginx -d office.dom.mydns.jp -d link.dom.mydns.jp -d dom.mydns.jp
Y を入力。Y または N)。 [1]※自動的に、/etc/nginx/conf.d/00-xxxx.conf が書き換わる。 ⇐確認必要。
# tree /etc/letsencrypt
/etc/letsencrypt
├── accounts
│ └── acme-v02.api.letsencrypt.org
│ └── directory
│ └── 37fc0a779cab99282f60862f0ee7f16f
│ ├── meta.json
│ ├── private_key.json
│ └── regr.json
├── archive
│ └── office.dom.mydns.jp
│ ├── cert1.pem
│ ├── chain1.pem
│ ├── fullchain1.pem
│ └── privkey1.pem
├── cli.ini
├── live
│ ├── README
│ └── office.dom.mydns.jp
│ ├── README
│ ├── cert.pem -> ../../archive/office.dom.mydns.jp/cert1.pem
│ ├── chain.pem -> ../../archive/office.dom.mydns.jp/chain1.pem
│ ├── fullchain.pem -> ../../archive/office.dom.mydns.jp/fullchain1.pem
│ └── privkey.pem -> ../../archive/office.dom.mydns.jp/privkey1.pem
├── options-ssl-nginx.conf
├── renewal
│ └── office.dom.mydns.jp.conf
├── renewal-hooks
│ ├── deploy
│ ├── post
│ └── pre
└── ssl-dhparams.pem
sudo systemctl restart nginx
Let's Encryptの有効期限は90日
# certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/office.dom.mydns.jp.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Account registered.
Simulating renewal of an existing certificate for office.dom.mydns.jp
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations, all simulated renewals succeeded:
/etc/letsencrypt/live/office.dom.mydns.jp/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
【確認】
※デバックは、本番のDjangoとNextJSを停止して、手動でDjangoとNextJSを起動する。
sudo systemctl stop gunicorn
sudo -u nginx /usr/local/bin/pm2 status
sudo -u nginx /usr/local/bin/pm2 stop nextjs-app
デバック時の利用。
vi /et c/hosts << __EOF__
192.168.1.198 office.dom.mydns.jp link.dom.mydns.jp dom.mydns.jp
__EOF__
【Djanogo】
. ./env
pip install django-extensions Werkzeug pyOpenSSL
INSTALLED_APPS = [
...
'django_extensions',
]
cd Cert
sudo cp /etc/letsencrypt/live/office.dom.mydns.jp/fullchain.pem fullchain.pem
sudo cp /etc/letsencrypt/live/office.dom.mydns.jp/privkey.pem privkey.pem
sudo chown takahab:takahab fullchain.pem privkey.pem
python manage.py runserver_plus --cert-file Cert/ fullchain.pem --key-file Cert/privkey.pem.pem 127.0.0.1:8001