Amazon Linux + Apache + Let’s Encrypt のインストール



# yum -y install git

Let’s Encryptのインストール

# cd /etc
# git clone




# cd /etc/letsencrypt
# ./certbot-auto certonly --webroot \
 -w /var/www/html/ -d \
 -m  --debug\


Saving debug log to /var/log/letsencrypt/letsencrypt.log
Exiting abnormally:
Traceback (most recent call last):
  File "/root/.local/share/letsencrypt/bin/letsencrypt", line 11, in <module>
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/", line 742, in main
    return config.func(config, plugins)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/", line 666, in certonly
    le_client = _init_le_client(config, auth, installer)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/", line 382, in _init_le_client
    acc, acme = _determine_account(config)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/", line 367, in _determine_account
    config, account_storage, tos_cb=_tos_cb)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/", line 158, in register
    acme = acme_from_config_key(config, key)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/", line 44, in acme_from_config_key
    return acme_client.Client(config.server, key=key, net=net)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/", line 71, in __init__
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/", line 646, in get
    self._send_request('GET', url, **kwargs), content_type=content_type)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/", line 619, in _send_request
    response = self.session.request(method, url, *args, **kwargs)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/requests/", line 488, in request
    resp = self.send(prep, **send_kwargs)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/requests/", line 609, in send
    r = adapter.send(request, **kwargs)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/requests/", line 499, in send
    raise ReadTimeout(e, request=request)
ReadTimeout: HTTPSConnectionPool(host='', port=443): Read timed out. (read timeout=45)
Please see the logfiles in /var/log/letsencrypt for more details.


Please read the Terms of Service at
You must agree in order to register with the ACME server at
------------------------------------------------------------------------------- (A)gree/(C)ancel: A ------------------------------------------------------------------------------- Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about EFF and our work to encrypt the web, protect its users and defend digital rights. ------------------------------------------------------------------------------- (Y)es/(N)o: Y Obtaining a new certificate Performing the following challenges: http-01 challenge for Using the webroot path /var/www/html for all unmatched domains. Waiting for verification... Cleaning up challenges IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/ Your cert will expire on 2017-08-19. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again. To non-interactively renew *all* of your certificates, run "certbot-auto renew" - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: Donating to EFF:


Apache 2.4.8 未満だと fullchain.pem (サーバ証明書と中間証明書が結合したファイル)が利用できません。

# rpm -qa|grep httpd


# cd /etc/httpd/conf.d
# cp ssl.conf
# vi ssl.conf
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/
SSLCertificateKeyFile /etc/letsencrypt/live/


# /etc/init.d/httpd restart


Let’s Encrypt の証明書の有効期限は、90日間と短いため定期的に更新する必要があります。また、証明書が更新された場合はApacheに再読込を実施する必要があります。


# cd /etc/cron.weekly
# vi letsencrypt
/etc/letsencrypt/letsencrypt-auto renew > /dev/null
/etc/init.d/httpd reloadx
# chmod +x letsencrypt