Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Let's Let's Encrypt
Search
Kohei Ota
January 23, 2018
Technology
1
240
Let's Let's Encrypt
Kohei Ota
January 23, 2018
Tweet
Share
More Decks by Kohei Ota
See All by Kohei Ota
CloudNative Meets WebAssembly: Exploring Wasm's Potential to Replace Containers
inductor
3
2.2k
The Cloud Native Chronicles: 10 Years of Community Growth Inside and Outside Japan
inductor
0
120
Cracking the KubeCon CfP
inductor
2
540
KubeCon Recap -Platform migration at Scale-
inductor
1
970
コンテナビルド最新事情 2022年度版 / Container Build 2022
inductor
3
480
データベースとストレージのレプリケーション入門 / Intro-of-database-and-storage-replication
inductor
26
6.2k
KubeConのケーススタディから振り返る、Platform for Platforms のあり方と その実践 / Lessons from KubeCon case studies: Platform for Platforms and its practice
inductor
3
800
オンラインの技術カンファレンスを安定稼働させるための取り組み / SRE activity for online conference platform
inductor
1
1.2k
Kubernetesネットワーキング初級者脱出ガイド / Kubernetes networking beginner's guide
inductor
19
6.1k
Other Decks in Technology
See All in Technology
Potential EM 制度を始めた理由、そして2年後にやめた理由 - EMConf JP 2025
hoyo
2
2.6k
IAMポリシーのAllow/Denyについて、改めて理解する
smt7174
2
200
【Findy】「正しく」失敗できる チームの作り方 〜リアルな事例から紐解く失敗を恐れない組織とは〜 / A team that can fail correctly by findy
i35_267
5
860
EMConf JP 2025 懇親会LT / EMConf JP 2025 social gathering
sugamasao
2
190
AWSを活用したIoTにおけるセキュリティ対策のご紹介
kwskyk
0
340
あなたが人生で成功するための5つの普遍的法則 #jawsug #jawsdays2025 / 20250301 HEROZ
yoshidashingo
2
280
サイト信頼性エンジニアリングとAmazon Web Services / SRE and AWS
ymotongpoo
7
1.5k
Pwned Labsのすゝめ
ken5scal
1
400
ESXi で仮想化した ARM 環境で LLM を動作させてみるぞ
unnowataru
0
170
4th place solution Eedi - Mining Misconceptions in Mathematics
rist
0
140
JavaにおけるNull非許容性
skrb
2
2.6k
Two Blades, One Journey: Engineering While Managing
ohbarye
4
1.9k
Featured
See All Featured
Java REST API Framework Comparison - PWX 2021
mraible
29
8.4k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
133
33k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
44
7k
Six Lessons from altMBA
skipperchong
27
3.6k
Practical Orchestrator
shlominoach
186
10k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
49
2.3k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
666
120k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
4
430
Bash Introduction
62gerente
611
210k
The Illustrated Children's Guide to Kubernetes
chrisshort
48
49k
[RailsConf 2023] Rails as a piece of cake
palkan
53
5.3k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
193
16k
Transcript
LET’S ENCRYPT ͬͯΈΑ͏ͷձ INDUCTOR@DISCORDΠϯϑϥษڧձ
ςΩετ ຊͷΞδΣϯμ ▸ ࣗݾհ ▸ SSLͷΈʹ͍ͭͯ ▸ Let's Encryptʹ͍ͭͯ ▸
SSLূ໌ॻΛઃஔ͢Δ ▸ αʔόʔͷίϯϑΟάΛ৮ͬͯΈΔ ▸ ϔομͱ͔ͷ֬ೝͷํ
ςΩετ ͓લͩΕͩΑ ▸ Wiki wo yonde kudasai ▸ https://wiki.infra-workshop.tech/user/inductor ▸
σʔληϯλʔͷதͰαʔόʔͱ͔NWͱ͔ΆͪΆͪͯͨ͠ ӡ༻ͷதͷਓΛͬͯͨ ▸ ࠓPHP/Android Javaͱ͔։ൃͯ͠Δ ▸ ࣍ͷࣄͱ͋ΔاۀͷDevOpsܥΠϯϑϥ෦ୂΛ༧ఆ
ςΩετ SSLͷ؆୯ͳ͘͠Έ ▸ ެ։伴ೝূͱڞ௨伴ೝূͷϋΠϒϦου ▸ ࠷ॳͷ伴ަ࣌ͷΈެ։伴Λ͏ ▸ ଓཱ֬ޙΫϥΠΞϯτ͝ͱʹಠཱͷڞ௨伴Ͱ௨৴͢Δ ▸ SSHͰΑ͘ΘΕΔ伴ೝূ
ެ։伴ೝূ ▸ ᷿ͰͷΞΫηϥϨʔγϣϯ ϒʔετͱͳΜͷؔ ͋Γ·ͤΜ
ςΩετ ެ։伴ೝূͱ ▸ ެ։伴ɾൿີ伴ͱݺΕΔ2छྨͷ伴Λͬͯ҉߸Խ௨৴Λߦ͏ํ๏ ▸ ެ։伴ɿΈΜͳʹ͢҉߸ԽΛ͔͚ΔͨΊͷ伴 ▸ ൿີ伴ɿαʔόʔ͚͕ͩ࣋ͭ෮߸Խ༻ͷ伴 ▸ ϦΫΤετ࣌ʹެ։伴Λड͚औͬͨΫϥΠΞϯτ͕ɺใΛެ։伴Ͱ҉߸Խ্ͨ͠Ͱαʔ
όʔʹૹ৴ˠαʔόʔଆൿີ伴ΛͬͯதΛݟΔ ▸ αʔόʔ্ʹ͋Δൿີ伴Ͱ͔͠த͕Θ͔Βͳ͍Αʂͱ͍͏Έ ▸ ϝϦοτɿͲͷϢʔβʔʹରͯ͠ಉ͡ެ։伴ΛͤΔͷͰɺ伴ͷཧָ͕ɻൿີ伴Λαʔ όʔ͔Β౪·Εͳ͍ݶΓ(ཧ্)҆શ ▸ σϝϦοτɿΫϥΠΞϯτଆͱαʔόʔଆͰҟͳΔ伴Λ͏ͨΊॲཧ͕ෳࡶɺ·ͨɺύ ϑΥʔϚϯεѱ͍
ςΩετ ڞ௨伴ೝূͱ ▸ ҉߸Խɾ෮߸Խʹಉ͡伴Λ༻͍Δ҉߸ํࣜ ▸ ΈΜͳͰಉ͡伴Λ͏ͱΈΜͳ͕σʔλΛݟΕ͍ͯͷͰɺ ී௨ΫϥΠΞϯτ͝ͱʹผʑͷ伴Λੜͯ͠ཧ͢Δ ▸ ϝϦοτɿ伴ͷछྨ͕1ͭͳͷͰܭࢉ͕͍ ▸
σϝϦοτɿΫϥΠΞϯτ͕૿͑Δຖʹ伴ͷ͕ଟ͘ͳΔͷ Ͱཧ͕େมɻ·ͨɺڞ௨伴Λ࠷ॳʹ͢ͱ͖ʹใ͕౪· Εͯ͠·͏ͱɺ෮߸͞Εͯ͠·͏ͷͰ͍
ςΩετ վΊͯɺSSLͷ؆୯ͳ͘͠Έ ▸ ެ։伴ೝূͱڞ௨伴ೝূͷϋΠϒϦου ▸ ࠷ॳͷ伴ަ࣌ͷΈެ։伴Λ͏(࠷ॳ͚ͩܭࢉ͕ͪΐ͍ॏ͍) ▸ ଓཱ֬ޙΫϥΠΞϯτ͝ͱʹಠཱͷڞ௨伴Ͱ௨৴͢Δ(͋ͱ·͠) ▸ SSHͰΑ͘ΘΕΔ伴ೝূ
ެ։伴ೝূ ▸ ᷿ͰͷΞΫηϥϨʔγϣϯ ϒʔετͱͳΜͷؔ ͋Γ·ͤΜ
ςΩετ WHAT IS LET’S ENCRYPT? ▸ Let's EncryptmozillaɺAkamaiɺCiscoɺGoogleɺ FacebookͳͲΛΛ͡Ίͱͨ͠େखITاۀͷࢧԉΛड͚ͯ 2014ʹઃ͞ΕͨϓϩδΣΫτͰɺݸਓͰ৴པ͞Εͨ
αʔόূ໌ॻΛແྉͰൃߦ͢Δ͜ͱ͕Ͱ͖Δ͓खܰαʔϏε Ͱ͢ɻ ▸ 2016ͷय़ΑΓਖ਼ࣜʹαʔϏε͕։࢝͠ɺओཁͳ࠷৽OSͰ ͋ΕඞཁͳύοέʔδͷಋೖඇৗʹεϜʔζʹߦ͏͜ ͱ͕Ͱ͖·͢ɻ
ςΩετ ແྉͰূ໌ॻशಘͰ͖Δͬͯʁ ▸ Ұൠతʹɺ৴པࡁΈͷSSLূ໌ॻΛऔಘ͢ΔͨΊʹຊਓ֬ೝ͕ඞཁͰ͢ɻ Let's encryptͰɺݸਓใΛΘͣҎԼ݅ͷͱͰূ໌ॻΛൃߦ͍ͯ͠·͢ɻ ▸ 1. DVূ໌ॻͷΈൃߦͰ͖Δɻ
͜Εɺॴࡏ֬ೝͳͲͷ৹ࠪΛؚΉOVূ໌ॻͳͲൃߦͰ͖ͳ͍͜ͱΛҙຯ͠· ͢ɻ ৴པੑͷ໘Ͱݴ͑ɺݸਓɾݕূ༻ͳͲɺ࠷ݶͷ༻్ʹ͏ͷ͕ݡ໌Ͱ͢ɻ ▸ 2. ূ໌ॻͷ༗ޮظݶ3ϲ݄ͷΈɻ ແྉͰ͋Δ͜ͱɺສ͕ҰͷࣄނͳͲΛ͙ͨΊʹ͜ͷظؒΛઃఆ͍ͯ͠Δͦ ͏Ͱ͢ɻ
ςΩετ ͰɺΊΜͲ͍͘͞ΜͰ͠ΐ͏ʁ ▸ ࠓͷͱ͜ΖϫΠϧυΧʔυʹରԠͯ͠ͳ͍ͷͰαϒυϝΠϯ͝ͱʹशಘ͕ඞཁͰ͢ (ෳαϒυϝΠϯͱ͔·ͱΊͯऔಘ͢ΔΦϓγϣϯ͋Γ·͢) ▸ ϫΠϧυΧʔυࠓͷ2݄ʹରԠ༧ఆͬͯެࣜͰॻ͍ͯ͋Γ·͕͢ɺ ͱͱ1݄͍ͬͯͬͯͨΜͰదʹظ͓͖ͯ͠·͠ΐ͏ ▸ ACMEϓϩτίϧͱ͍͏ূ໌ॻࣗಈൃߦͷϓϩτίϧΛ͏ͷͰɺίϚϯυҰൃͰҰॠͰऔಘ
Ͱ͖·͢ɻ ▸ ༷ΦʔϓϯͳͷͰɺίϚϯυΛࣗͰ࡞Γ͍ͨͬͯਓͰେৎʂ ▸ Apacheͱ͔nginxʹউखʹઃఆΛՃͯ͘͠ΕΔίϚϯυΦϓγϣϯ͋Γ·͕͢ɺݱࡏTLS SNIνϟϨϯδʹ੬ऑੑ͕ݟ͔͍ͭͬͯΔͨΊ࣮࣭͑·ͤΜɻ ▸ 3ϲ݄ͷظݶɺࣗಈߋ৽ʹ͢ΕΑ͍Ͱ͢ɻ
ςΩετ Δ͜ͱ(Ͳ͏ͤͩ͠HTTP/2ͱ͔ͬͱ͜) ▸ αʔόʔΛ༻ҙ͢Δ ▸ DNSͷAϨίʔυΛ͋ͯΔ ▸ certbotͰূ໌ॻΛऔಘ͢Δ ▸ αʔόʔͷઃఆʹॻ͖Ճ͑Δ
▸ ͓ΘΓ