Lock in $30 Savings on PRO—Offer Ends Soon! ⏳

Let's Let's Encrypt

Avatar for Kohei Ota Kohei Ota
January 23, 2018
Technology
1
250

Let's Let's Encrypt

Avatar for Kohei Ota

Kohei Ota

January 23, 2018
Tweet

More Decks by Kohei Ota

See All by Kohei Ota
CloudNative Meets WebAssembly: Exploring Wasm's Potential to Replace Containers
Avatar for Kohei Ota inductor
4
3.3k
The Cloud Native Chronicles: 10 Years of Community Growth Inside and Outside Japan
Avatar for Kohei Ota inductor
0
150
Cracking the KubeCon CfP
Avatar for Kohei Ota inductor
2
730
KubeCon Recap -Platform migration at Scale-
Avatar for Kohei Ota inductor
1
1k
コンテナビルド最新事情 2022年度版 / Container Build 2022
Avatar for Kohei Ota inductor
3
550
データベースとストレージのレプリケーション入門 / Intro-of-database-and-storage-replication
Avatar for Kohei Ota inductor
29
6.5k
KubeConのケーススタディから振り返る、Platform for Platforms のあり方と その実践 / Lessons from KubeCon case studies: Platform for Platforms and its practice
Avatar for Kohei Ota inductor
3
910
オンラインの技術カンファレンスを安定稼働させるための取り組み / SRE activity for online conference platform
Avatar for Kohei Ota inductor
1
1.3k
Kubernetesネットワーキング初級者脱出ガイド / Kubernetes networking beginner's guide
Avatar for Kohei Ota inductor
22
6.8k

Other Decks in Technology

See All in Technology
AI 駆動開発勉強会 フロントエンド支部 #1 w/あずもば
Avatar for 1ft-seabass 1ftseabass
PRO
0
360
MLflowで始めるプロンプト管理、評価、最適化
Avatar for Databricks Japan databricksjapan
1
220
Sansanが実践する Platform EngineeringとSREの協創
Avatar for SansanTech sansantech
PRO
2
850
AWS Security Agentの紹介/introducing-aws-security-agent
Avatar for tomoki10 tomoki10
0
230
AWS CLIの新しい認証情報設定方法aws loginコマンドの実態
Avatar for wkm2 wkm2
6
740
Haskell を武器にして挑む競技プログラミング ─ 操作的思考から意味モデル思考へ
Avatar for Naoya Ito naoya
6
1.5k
第4回 「メタデータ通り」 リアル開催
Avatar for データ横丁 datayokocho
0
130
Lambdaの常識はどう変わる?!re:Invent 2025 before after
Avatar for TomoyaIwata iwatatomoya
1
510
世界最速級 memcached 互換サーバー作った
Avatar for yasukata yasukata
0
340
文字列の並び順 / Unicode Collation
Avatar for とみたまさひろ tmtms
3
580
【AWS re:Invent 2025速報】AIビルダー向けアップデートをまとめて解説!
Avatar for みのるん minorun365
4
520
[CMU-DB-2025FALL] Apache Fluss - A Streaming Storage for Real-Time Lakehouse
Avatar for Jark Wu jark
0
120

Featured

See All Featured
The MySQL Ecosystem @ GitHub 2015
Avatar for Sam Lambert samlambert
251
13k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
Avatar for Morgane Peng morganepeng
132
19k
Into the Great Unknown - MozCon
Avatar for Noah Learner thekraken
40
2.2k
Automating Front-end Workflow
Avatar for Addy Osmani addyosmani
1371
200k
Mobile First: as difficult as doing things right
Avatar for Swwweet swwweet
225
10k
The Hidden Cost of Media on the Web [PixelPalooza 2025]
Avatar for Tammy Everts tammyeverts
1
100
Become a Pro
Avatar for Speaker Deck speakerdeck
PRO
31
5.7k
Build your cross-platform service in a week with App Engine
Avatar for Jose L jlugia
234
18k
How Fast Is Fast Enough? [PerfNow 2025]
Avatar for Tammy Everts tammyeverts
3
390
Bootstrapping a Software Product
Avatar for Garrett Dimon garrettdimon
PRO
307
120k
Stop Working from a Prison Cell
Avatar for Chris Michel hatefulcrawdad
273
21k
GraphQLの誤解/rethinking-graphql
Avatar for sonatard sonatard
73
11k

Transcript

  1. LET’S ENCRYPT ΍ͬͯΈΑ͏ͷձ INDUCTOR@DISCORDΠϯϑϥษڧձ

  2. ςΩετ ຊ೔ͷΞδΣϯμ ▸ ࣗݾ঺հ ▸ SSLͷ࢓૊Έʹ͍ͭͯ ▸ Let's Encryptʹ͍ͭͯ ▸

    SSLূ໌ॻΛઃஔ͢Δ ▸ αʔόʔͷίϯϑΟάΛ৮ͬͯΈΔ ▸ ϔομͱ͔ͷ֬ೝͷ࢓ํ

  3. ςΩετ ͓લͩΕͩΑ ▸ Wiki wo yonde kudasai ▸ https://wiki.infra-workshop.tech/user/inductor ▸

    σʔληϯλʔͷதͰαʔόʔͱ͔NWͱ͔ΆͪΆͪͯͨ͠ ӡ༻ͷதͷਓΛ΍ͬͯͨ ▸ ࠓ͸PHP/Android Javaͱ͔։ൃͯ͠Δ ▸ ࣍ͷ࢓ࣄ͸ͱ͋ΔاۀͷDevOpsܥΠϯϑϥ෦ୂΛ༧ఆ

  4. ςΩετ SSLͷ؆୯ͳ͘͠Έ ▸ ެ։伴ೝূͱڞ௨伴ೝূͷϋΠϒϦου ▸ ࠷ॳͷ伴ަ׵࣌ͷΈެ։伴Λ࢖͏ ▸ ઀ଓཱ֬ޙ͸ΫϥΠΞϯτ͝ͱʹಠཱͷڞ௨伴Ͱ௨৴͢Δ ▸ SSHͰΑ͘࢖ΘΕΔ伴ೝূ͸


    ެ։伴ೝূ ▸ ᷿Ͱ࿩୊ͷΞΫηϥϨʔγϣϯ
 ϒʔετͱ͸ͳΜͷؔ܎΋
 ͋Γ·ͤΜ

  5. ςΩετ ެ։伴ೝূͱ͸ ▸ ެ։伴ɾൿີ伴ͱݺ͹ΕΔ2छྨͷ伴Λ࢖ͬͯ҉߸Խ௨৴Λߦ͏ํ๏ ▸ ެ։伴ɿΈΜͳʹ౉͢҉߸ԽΛ͔͚ΔͨΊͷ伴 ▸ ൿີ伴ɿαʔόʔ͚͕ͩ࣋ͭ෮߸Խ༻ͷ伴 ▸ ϦΫΤετ࣌ʹެ։伴Λड͚औͬͨΫϥΠΞϯτ͕ɺ৘ใΛެ։伴Ͱ҉߸Խ্ͨ͠Ͱαʔ

    όʔʹૹ৴ˠαʔόʔଆ͸ൿີ伴Λ࢖ͬͯதΛݟΔ ▸ αʔόʔ্ʹ͋Δൿີ伴Ͱ͔͠த਎͕Θ͔Βͳ͍Αʂͱ͍͏࢓૊Έ ▸ ϝϦοτɿͲͷϢʔβʔʹରͯ͠΋ಉ͡ެ։伴Λ౉ͤΔͷͰɺ伴ͷ؅ཧָ͕ɻൿີ伴Λαʔ όʔ͔Β౪·Εͳ͍ݶΓ͸(ཧ࿦্)҆શ ▸ σϝϦοτɿΫϥΠΞϯτଆͱαʔόʔଆͰҟͳΔ伴Λ࢖͏ͨΊॲཧ͕ෳࡶɺ·ͨɺύ ϑΥʔϚϯε΋ѱ͍

  6. ςΩετ ڞ௨伴ೝূͱ͸ ▸ ҉߸Խɾ෮߸Խʹಉ͡伴Λ༻͍Δ҉߸ํࣜ ▸ ΈΜͳͰಉ͡伴Λ࢖͏ͱΈΜͳ͕σʔλΛݟΕͯ΍͹͍ͷͰɺ ී௨͸ΫϥΠΞϯτ͝ͱʹผʑͷ伴Λੜ੒ͯ͠؅ཧ͢Δ ▸ ϝϦοτɿ伴ͷछྨ͕1ͭͳͷͰܭࢉ଎౓͕଎͍ ▸

    σϝϦοτɿΫϥΠΞϯτ͕૿͑Δຖʹ伴ͷ਺͕ଟ͘ͳΔͷ Ͱ؅ཧ͕େมɻ·ͨɺڞ௨伴Λ࠷ॳʹ౉͢ͱ͖ʹ৘ใ͕౪· Εͯ͠·͏ͱɺ෮߸͞Εͯ͠·͏ͷͰ΍͹͍

  7. ςΩετ վΊͯɺSSLͷ؆୯ͳ͘͠Έ ▸ ެ։伴ೝূͱڞ௨伴ೝূͷϋΠϒϦου ▸ ࠷ॳͷ伴ަ׵࣌ͷΈެ։伴Λ࢖͏(࠷ॳ͚ͩܭࢉ͕ͪΐ͍ॏ͍) ▸ ઀ଓཱ֬ޙ͸ΫϥΠΞϯτ͝ͱʹಠཱͷڞ௨伴Ͱ௨৴͢Δ(͋ͱ͸·͠) ▸ SSHͰΑ͘࢖ΘΕΔ伴ೝূ͸


    ެ։伴ೝূ ▸ ᷿Ͱ࿩୊ͷΞΫηϥϨʔγϣϯ
 ϒʔετͱ͸ͳΜͷؔ܎΋
 ͋Γ·ͤΜ

  8. ςΩετ WHAT IS LET’S ENCRYPT? ▸ Let's Encrypt͸mozillaɺAkamaiɺCiscoɺGoogleɺ FacebookͳͲΛΛ͸͡Ίͱͨ͠େखITاۀͷࢧԉΛड͚ͯ 2014೥ʹ૑ઃ͞ΕͨϓϩδΣΫτͰɺݸਓͰ΋৴པ͞Εͨ

    αʔόূ໌ॻΛແྉͰൃߦ͢Δ͜ͱ͕Ͱ͖Δ͓खܰαʔϏε Ͱ͢ɻ ▸ 2016೥ͷय़ΑΓਖ਼ࣜʹαʔϏε͕։࢝͠ɺओཁͳ࠷৽OSͰ ͋Ε͹ඞཁͳύοέʔδ౳ͷಋೖ΋ඇৗʹεϜʔζʹߦ͏͜ ͱ͕Ͱ͖·͢ɻ

  9. ςΩετ ແྉͰূ໌ॻशಘͰ͖Δͬͯʁ ▸ Ұൠతʹɺ৴པࡁΈͷSSLূ໌ॻΛऔಘ͢ΔͨΊʹ͸ຊਓ֬ೝ͕ඞཁͰ͢ɻ
 Let's encryptͰ͸ɺݸਓ৘ใΛ࢖ΘͣҎԼ৚݅ͷ΋ͱͰূ໌ॻΛൃߦ͍ͯ͠·͢ɻ ▸ 1. DVূ໌ॻͷΈൃߦͰ͖Δɻ 


    ͜Ε͸ɺॴࡏ֬ೝͳͲͷ৹ࠪΛؚΉOVূ໌ॻͳͲ͸ൃߦͰ͖ͳ͍͜ͱΛҙຯ͠· ͢ɻ 
 ৴པੑͷ໘Ͱݴ͑͹ɺݸਓɾݕূ༻ͳͲɺ࠷௿ݶͷ༻్ʹ࢖͏ͷ͕ݡ໌Ͱ͢ɻ ▸ 2. ূ໌ॻͷ༗ޮظݶ͸3ϲ݄ͷΈɻ
 ແྉͰ͋Δ͜ͱ΍ɺສ͕ҰͷࣄނͳͲΛ๷͙ͨΊʹ΋͜ͷظؒΛઃఆ͍ͯ͠Δͦ ͏Ͱ͢ɻ

  10. ςΩετ Ͱ΋ɺΊΜͲ͍͘͞ΜͰ͠ΐ͏ʁ ▸ ࠓͷͱ͜ΖϫΠϧυΧʔυʹରԠͯ͠ͳ͍ͷͰαϒυϝΠϯ͝ͱʹशಘ͕ඞཁͰ͢
 (ෳ਺αϒυϝΠϯͱ͔·ͱΊͯऔಘ͢ΔΦϓγϣϯ͸͋Γ·͢) ▸ ϫΠϧυΧʔυ͸ࠓ೥ͷ2݄຤ʹରԠ༧ఆͬͯެࣜͰ͸ॻ͍ͯ͋Γ·͕͢ɺ
 ΋ͱ΋ͱ1݄͍ͬͯͬͯͨΜͰద౓ʹظ଴͓͖ͯ͠·͠ΐ͏ ▸ ACMEϓϩτίϧͱ͍͏ূ໌ॻࣗಈൃߦͷϓϩτίϧΛ࢖͏ͷͰɺίϚϯυҰൃͰҰॠͰऔಘ

    Ͱ͖·͢ɻ ▸ ࢓༷͸ΦʔϓϯͳͷͰɺίϚϯυΛࣗ෼Ͱ࡞Γ͍ͨͬͯਓͰ΋େৎ෉ʂ ▸ Apacheͱ͔nginxʹউखʹઃఆΛ௥Ճͯ͘͠ΕΔίϚϯυΦϓγϣϯ΋͋Γ·͕͢ɺݱࡏTLS SNIνϟϨϯδʹ੬ऑੑ͕ݟ͔͍ͭͬͯΔͨΊ࣮࣭࢖͑·ͤΜɻ ▸ 3ϲ݄ͷظݶ΋ɺࣗಈߋ৽ʹ͢Ε͹Α͍Ͱ͢ɻ

  11. ςΩετ ΍Δ͜ͱ(Ͳ͏ͤͩ͠HTTP/2ͱ͔΋΍ͬͱ͜) ▸ αʔόʔΛ༻ҙ͢Δ ▸ DNSͷAϨίʔυΛ͋ͯΔ ▸ certbotͰূ໌ॻΛऔಘ͢Δ ▸ αʔόʔͷઃఆʹॻ͖Ճ͑Δ

    ▸ ͓ΘΓ