Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Let's Let's Encrypt
Search
Kohei Ota
January 23, 2018
Technology
1
240
Let's Let's Encrypt
Kohei Ota
January 23, 2018
Tweet
Share
More Decks by Kohei Ota
See All by Kohei Ota
CloudNative Meets WebAssembly: Exploring Wasm's Potential to Replace Containers
inductor
3
2.2k
The Cloud Native Chronicles: 10 Years of Community Growth Inside and Outside Japan
inductor
0
120
Cracking the KubeCon CfP
inductor
2
550
KubeCon Recap -Platform migration at Scale-
inductor
1
970
コンテナビルド最新事情 2022年度版 / Container Build 2022
inductor
3
480
データベースとストレージのレプリケーション入門 / Intro-of-database-and-storage-replication
inductor
27
6.2k
KubeConのケーススタディから振り返る、Platform for Platforms のあり方と その実践 / Lessons from KubeCon case studies: Platform for Platforms and its practice
inductor
3
800
オンラインの技術カンファレンスを安定稼働させるための取り組み / SRE activity for online conference platform
inductor
1
1.2k
Kubernetesネットワーキング初級者脱出ガイド / Kubernetes networking beginner's guide
inductor
20
6.1k
Other Decks in Technology
See All in Technology
データベースの負荷を紐解く/untangle-the-database-load
emiki
2
550
Platform Engineeringで クラウドの「楽しくない」を解消しよう
jacopen
4
200
Two Blades, One Journey: Engineering While Managing
ohbarye
4
2.6k
What's new in Go 1.24?
ciarana
1
120
開発組織を進化させる!AWSで実践するチームトポロジー
iwamot
2
540
Ruby on Railsで持続可能な開発を行うために取り組んでいること
am1157154
3
160
Log Analytics を使った実際の運用 - Sansan Data Hub での取り組み
sansantech
PRO
0
110
AWSアカウントのセキュリティ自動化、どこまで進める? 最適な設計と実践ポイント
yuobayashi
7
1.6k
EMConf JP 2025 懇親会LT / EMConf JP 2025 social gathering
sugamasao
2
210
サバイバルモード下でのエンジニアリングマネジメント
konifar
21
7.1k
DevinでAI AWSエンジニア製造計画 序章 〜CDKを添えて〜/devin-load-to-aws-engineer
tomoki10
0
210
20250304_赤煉瓦倉庫_DeepSeek_Deep_Dive
hiouchiy
2
130
Featured
See All Featured
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
47
5.2k
Documentation Writing (for coders)
carmenintech
68
4.6k
Rebuilding a faster, lazier Slack
samanthasiow
80
8.9k
The Cult of Friendly URLs
andyhume
78
6.2k
Designing on Purpose - Digital PM Summit 2013
jponch
117
7.1k
Intergalactic Javascript Robots from Outer Space
tanoku
270
27k
Optimizing for Happiness
mojombo
377
70k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
45
9.4k
Gamification - CAS2011
davidbonilla
80
5.2k
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
4
380
Large-scale JavaScript Application Architecture
addyosmani
511
110k
Unsuck your backbone
ammeep
669
57k
Transcript
LET’S ENCRYPT ͬͯΈΑ͏ͷձ INDUCTOR@DISCORDΠϯϑϥษڧձ
ςΩετ ຊͷΞδΣϯμ ▸ ࣗݾհ ▸ SSLͷΈʹ͍ͭͯ ▸ Let's Encryptʹ͍ͭͯ ▸
SSLূ໌ॻΛઃஔ͢Δ ▸ αʔόʔͷίϯϑΟάΛ৮ͬͯΈΔ ▸ ϔομͱ͔ͷ֬ೝͷํ
ςΩετ ͓લͩΕͩΑ ▸ Wiki wo yonde kudasai ▸ https://wiki.infra-workshop.tech/user/inductor ▸
σʔληϯλʔͷதͰαʔόʔͱ͔NWͱ͔ΆͪΆͪͯͨ͠ ӡ༻ͷதͷਓΛͬͯͨ ▸ ࠓPHP/Android Javaͱ͔։ൃͯ͠Δ ▸ ࣍ͷࣄͱ͋ΔاۀͷDevOpsܥΠϯϑϥ෦ୂΛ༧ఆ
ςΩετ SSLͷ؆୯ͳ͘͠Έ ▸ ެ։伴ೝূͱڞ௨伴ೝূͷϋΠϒϦου ▸ ࠷ॳͷ伴ަ࣌ͷΈެ։伴Λ͏ ▸ ଓཱ֬ޙΫϥΠΞϯτ͝ͱʹಠཱͷڞ௨伴Ͱ௨৴͢Δ ▸ SSHͰΑ͘ΘΕΔ伴ೝূ
ެ։伴ೝূ ▸ ᷿ͰͷΞΫηϥϨʔγϣϯ ϒʔετͱͳΜͷؔ ͋Γ·ͤΜ
ςΩετ ެ։伴ೝূͱ ▸ ެ։伴ɾൿີ伴ͱݺΕΔ2छྨͷ伴Λͬͯ҉߸Խ௨৴Λߦ͏ํ๏ ▸ ެ։伴ɿΈΜͳʹ͢҉߸ԽΛ͔͚ΔͨΊͷ伴 ▸ ൿີ伴ɿαʔόʔ͚͕ͩ࣋ͭ෮߸Խ༻ͷ伴 ▸ ϦΫΤετ࣌ʹެ։伴Λड͚औͬͨΫϥΠΞϯτ͕ɺใΛެ։伴Ͱ҉߸Խ্ͨ͠Ͱαʔ
όʔʹૹ৴ˠαʔόʔଆൿີ伴ΛͬͯதΛݟΔ ▸ αʔόʔ্ʹ͋Δൿີ伴Ͱ͔͠த͕Θ͔Βͳ͍Αʂͱ͍͏Έ ▸ ϝϦοτɿͲͷϢʔβʔʹରͯ͠ಉ͡ެ։伴ΛͤΔͷͰɺ伴ͷཧָ͕ɻൿີ伴Λαʔ όʔ͔Β౪·Εͳ͍ݶΓ(ཧ্)҆શ ▸ σϝϦοτɿΫϥΠΞϯτଆͱαʔόʔଆͰҟͳΔ伴Λ͏ͨΊॲཧ͕ෳࡶɺ·ͨɺύ ϑΥʔϚϯεѱ͍
ςΩετ ڞ௨伴ೝূͱ ▸ ҉߸Խɾ෮߸Խʹಉ͡伴Λ༻͍Δ҉߸ํࣜ ▸ ΈΜͳͰಉ͡伴Λ͏ͱΈΜͳ͕σʔλΛݟΕ͍ͯͷͰɺ ී௨ΫϥΠΞϯτ͝ͱʹผʑͷ伴Λੜͯ͠ཧ͢Δ ▸ ϝϦοτɿ伴ͷछྨ͕1ͭͳͷͰܭࢉ͕͍ ▸
σϝϦοτɿΫϥΠΞϯτ͕૿͑Δຖʹ伴ͷ͕ଟ͘ͳΔͷ Ͱཧ͕େมɻ·ͨɺڞ௨伴Λ࠷ॳʹ͢ͱ͖ʹใ͕౪· Εͯ͠·͏ͱɺ෮߸͞Εͯ͠·͏ͷͰ͍
ςΩετ վΊͯɺSSLͷ؆୯ͳ͘͠Έ ▸ ެ։伴ೝূͱڞ௨伴ೝূͷϋΠϒϦου ▸ ࠷ॳͷ伴ަ࣌ͷΈެ։伴Λ͏(࠷ॳ͚ͩܭࢉ͕ͪΐ͍ॏ͍) ▸ ଓཱ֬ޙΫϥΠΞϯτ͝ͱʹಠཱͷڞ௨伴Ͱ௨৴͢Δ(͋ͱ·͠) ▸ SSHͰΑ͘ΘΕΔ伴ೝূ
ެ։伴ೝূ ▸ ᷿ͰͷΞΫηϥϨʔγϣϯ ϒʔετͱͳΜͷؔ ͋Γ·ͤΜ
ςΩετ WHAT IS LET’S ENCRYPT? ▸ Let's EncryptmozillaɺAkamaiɺCiscoɺGoogleɺ FacebookͳͲΛΛ͡Ίͱͨ͠େखITاۀͷࢧԉΛड͚ͯ 2014ʹઃ͞ΕͨϓϩδΣΫτͰɺݸਓͰ৴པ͞Εͨ
αʔόূ໌ॻΛແྉͰൃߦ͢Δ͜ͱ͕Ͱ͖Δ͓खܰαʔϏε Ͱ͢ɻ ▸ 2016ͷय़ΑΓਖ਼ࣜʹαʔϏε͕։࢝͠ɺओཁͳ࠷৽OSͰ ͋ΕඞཁͳύοέʔδͷಋೖඇৗʹεϜʔζʹߦ͏͜ ͱ͕Ͱ͖·͢ɻ
ςΩετ ແྉͰূ໌ॻशಘͰ͖Δͬͯʁ ▸ Ұൠతʹɺ৴པࡁΈͷSSLূ໌ॻΛऔಘ͢ΔͨΊʹຊਓ֬ೝ͕ඞཁͰ͢ɻ Let's encryptͰɺݸਓใΛΘͣҎԼ݅ͷͱͰূ໌ॻΛൃߦ͍ͯ͠·͢ɻ ▸ 1. DVূ໌ॻͷΈൃߦͰ͖Δɻ
͜Εɺॴࡏ֬ೝͳͲͷ৹ࠪΛؚΉOVূ໌ॻͳͲൃߦͰ͖ͳ͍͜ͱΛҙຯ͠· ͢ɻ ৴པੑͷ໘Ͱݴ͑ɺݸਓɾݕূ༻ͳͲɺ࠷ݶͷ༻్ʹ͏ͷ͕ݡ໌Ͱ͢ɻ ▸ 2. ূ໌ॻͷ༗ޮظݶ3ϲ݄ͷΈɻ ແྉͰ͋Δ͜ͱɺສ͕ҰͷࣄނͳͲΛ͙ͨΊʹ͜ͷظؒΛઃఆ͍ͯ͠Δͦ ͏Ͱ͢ɻ
ςΩετ ͰɺΊΜͲ͍͘͞ΜͰ͠ΐ͏ʁ ▸ ࠓͷͱ͜ΖϫΠϧυΧʔυʹରԠͯ͠ͳ͍ͷͰαϒυϝΠϯ͝ͱʹशಘ͕ඞཁͰ͢ (ෳαϒυϝΠϯͱ͔·ͱΊͯऔಘ͢ΔΦϓγϣϯ͋Γ·͢) ▸ ϫΠϧυΧʔυࠓͷ2݄ʹରԠ༧ఆͬͯެࣜͰॻ͍ͯ͋Γ·͕͢ɺ ͱͱ1݄͍ͬͯͬͯͨΜͰదʹظ͓͖ͯ͠·͠ΐ͏ ▸ ACMEϓϩτίϧͱ͍͏ূ໌ॻࣗಈൃߦͷϓϩτίϧΛ͏ͷͰɺίϚϯυҰൃͰҰॠͰऔಘ
Ͱ͖·͢ɻ ▸ ༷ΦʔϓϯͳͷͰɺίϚϯυΛࣗͰ࡞Γ͍ͨͬͯਓͰେৎʂ ▸ Apacheͱ͔nginxʹউखʹઃఆΛՃͯ͘͠ΕΔίϚϯυΦϓγϣϯ͋Γ·͕͢ɺݱࡏTLS SNIνϟϨϯδʹ੬ऑੑ͕ݟ͔͍ͭͬͯΔͨΊ࣮࣭͑·ͤΜɻ ▸ 3ϲ݄ͷظݶɺࣗಈߋ৽ʹ͢ΕΑ͍Ͱ͢ɻ
ςΩετ Δ͜ͱ(Ͳ͏ͤͩ͠HTTP/2ͱ͔ͬͱ͜) ▸ αʔόʔΛ༻ҙ͢Δ ▸ DNSͷAϨίʔυΛ͋ͯΔ ▸ certbotͰূ໌ॻΛऔಘ͢Δ ▸ αʔόʔͷઃఆʹॻ͖Ճ͑Δ
▸ ͓ΘΓ