Let's encrypt を試してみた件(整理は明日)

ubuntu@ip-172-26-13-137:~/go_template/server_test$ sudo certbot certonly  -w /home/ubuntu/go_template/server_test -d sea-anemone.tech
Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/sea-anemone.tech/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/sea-anemone.tech/privkey.pem
   Your cert will expire on 2021-01-28. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

--webroot などをガン無視。www.sea-anemone.tech が作れなかったけど、こっちも無視。

でもって、

ubuntu@ip-172-26-13-137:~/go_template/server_test$ sudo cp /etc/letsencrypt/live/sea-anemone.tech/fullchain.pem .
ubuntu@ip-172-26-13-137:~/go_template/server_test$ sudo cp /etc/letsencrypt/live/sea-anemone.tech/privkey.pem .

を強行。

privkey.pemの権限が厳しいので、危ないけど >chmod +777 privkey.pem をやって、golangからアクセスして貰えるようにしておいた(権限のモードを忘れた)

で、serverXX.goの中を書き換え

/*
                log.Fatal(http.ListenAndServe(*addr, nil)) // localhost:8080で起動をセット
        */

        /*
        var httpErr error
        if _, err := os.Stat("./algo.crt"); err == nil {
                fmt.Println("file ", "algo.crt found switching to https")
                if httpErr = http.ListenAndServeTLS(*addr, "./algo.crt", "./algo.key", nil); httpErr != nil {
                        log.Fatal("The process exited with https error: ", httpErr.Error())
                }
        } else {
                httpErr = http.ListenAndServe(*addr, nil)
                if httpErr != nil {
                        log.Fatal("The process exited with http error: ", httpErr.Error())
                }
        }
        */

        var httpErr error
        if _, err := os.Stat("./fullchain.pem"); err == nil {
                fmt.Println("file ", "fullchain.pem found switching to https")
                if httpErr = http.ListenAndServeTLS(*addr, "./fullchain.pem", "./privkey.pem", nil); httpErr != nil {
                        log.Fatal("The process exited with https error: ", httpErr.Error())
                }
        } else {
                httpErr = http.ListenAndServe(*addr, nil)
                if httpErr != nil {
                        log.Fatal("The process exited with http error: ", httpErr.Error())
                }
        }

としたら、とりあえず

https://sea-anemone.tech:8080

で、iPadに地図が表示されるのは確認できた。

今日はここまで。

 

 

2020/10,江端さんの技術メモ

Posted by ebata