na-blog

SSL関連をhttpd-ssl.confに集約

・httpd.confの修正・追加箇所
行番号1～6,9,12はアンコメント,12のInclude文でSSL機能ON-OFFを指定

LoadModule md_module modules/mod_md.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule watchdog_module modules/mod_watchdog.so

# Virtual hosts
Include conf/extra/httpd-vhosts.conf

# Secure (SSL/TLS) connections
Include conf/extra/httpd-ssl.conf

・httpd-ssl.confの修正・追加箇所
行番号1は追加し自ドメイン記入,4～9は自環境に修正,15,19はコメントアウト,25～37は最後に新規追加。34はfake証明書用,35は本番証明書用

MDomain hoge.com
< VirtualHost _default_:443>
#   General setup for the virtual host
DocumentRoot "D:/www/public_html"
ServerName hoge.com
ServerAlias www.hoge.com
ServerAdmin webmaster@hoge.com
ErrorLog "${SRVROOT}/logs/error.log"
TransferLog "${SRVROOT}/logs/access.log"
 
#   SSL Engine Switch:
#   Enable/Disable SSL for this virtual host.
SSLEngine on

#SSLCertificateFile "${SRVROOT}/conf/server.crt"
#SSLCertificateFile "${SRVROOT}/conf/server-dsa.crt"
#SSLCertificateFile "${SRVROOT}/conf/server-ecc.crt"

#SSLCertificateKeyFile "${SRVROOT}/conf/server.key"
#SSLCertificateKeyFile "${SRVROOT}/conf/server-dsa.key"
#SSLCertificateKeyFile "${SRVROOT}/conf/server-ecc.key"
#　　　　┋　　この間省略　　　　
< /VirtualHost>

< IfModule md_module>
MDBaseServer            off
MDCertificateProtocol   ACME
MDCAChallenges          http-01 tls-alpn-01
MDRenewMode             auto 
MDPrivateKeys           RSA 2048
MDRenewWindow           33%
MDStoreDir              md

MDCertificateAuthority https://acme-staging-v02.api.letsencrypt.org/directory
#MDCertificateAuthority  https://acme-v02.api.letsencrypt.org/directory
MDCertificateAgreement  https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
< /IfModule>

本来はこうあるべきなのかも。