Let's encrypt を試してみた件(整理は明日)
ubuntu@ip-172-26-13-137:~/go_template/server_test$ sudo certbot certonly -w /home/ubuntu/go_template/server_test -d sea-anemone.tech
Saving debug log to /var/log/letsencrypt/letsencrypt.log
How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/sea-anemone.tech/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/sea-anemone.tech/privkey.pem
Your cert will expire on 2021-01-28. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
--webroot などをガン無視。www.sea-anemone.tech が作れなかったけど、こっちも無視。
でもって、
ubuntu@ip-172-26-13-137:~/go_template/server_test$ sudo cp /etc/letsencrypt/live/sea-anemone.tech/fullchain.pem .
ubuntu@ip-172-26-13-137:~/go_template/server_test$ sudo cp /etc/letsencrypt/live/sea-anemone.tech/privkey.pem .
を強行。
privkey.pemの権限が厳しいので、危ないけど >chmod +777 privkey.pem をやって、golangからアクセスして貰えるようにしておいた(権限のモードを忘れた)
で、serverXX.goの中を書き換え
/*
log.Fatal(http.ListenAndServe(*addr, nil)) // localhost:8080で起動をセット
*/
/*
var httpErr error
if _, err := os.Stat("./algo.crt"); err == nil {
fmt.Println("file ", "algo.crt found switching to https")
if httpErr = http.ListenAndServeTLS(*addr, "./algo.crt", "./algo.key", nil); httpErr != nil {
log.Fatal("The process exited with https error: ", httpErr.Error())
}
} else {
httpErr = http.ListenAndServe(*addr, nil)
if httpErr != nil {
log.Fatal("The process exited with http error: ", httpErr.Error())
}
}
*/
var httpErr error
if _, err := os.Stat("./fullchain.pem"); err == nil {
fmt.Println("file ", "fullchain.pem found switching to https")
if httpErr = http.ListenAndServeTLS(*addr, "./fullchain.pem", "./privkey.pem", nil); httpErr != nil {
log.Fatal("The process exited with https error: ", httpErr.Error())
}
} else {
httpErr = http.ListenAndServe(*addr, nil)
if httpErr != nil {
log.Fatal("The process exited with http error: ", httpErr.Error())
}
}
としたら、とりあえず
https://sea-anemone.tech:8080
で、iPadに地図が表示されるのは確認できた。
今日はここまで。