{"id":3391,"date":"2025-05-14T09:13:49","date_gmt":"2025-05-14T00:13:49","guid":{"rendered":"https:\/\/kiwamaqs.com\/weblog\/?p=3391"},"modified":"2025-05-14T09:18:34","modified_gmt":"2025-05-14T00:18:34","slug":"cloudflare-lets-encrypt-macos","status":"publish","type":"post","link":"https:\/\/kiwamaqs.com\/weblog\/cloudflare-lets-encrypt-macos\/","title":{"rendered":"Cloudflare + Let&#8217;s Encrypt + macOS\u3067\u306e\u81ea\u5b85\u30b5\u30fc\u30d0\u30fc\u904b\u7528\u5b8c\u5168\u30ac\u30a4\u30c9"},"content":{"rendered":"\n<h3 class=\"wp-block-heading\">\u306f\u3058\u3081\u306b<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">\u672c\u8a18\u4e8b\u3067\u306f\u3001macOS\u3067\u81ea\u5b85\u30b5\u30fc\u30d0\u30fc\u3092\u904b\u7528\u3057\u3066\u3044\u308b\u65b9\u5411\u3051\u306b\u3001Cloudflare\u3092\u4f7f\u3063\u305f\u30c9\u30e1\u30a4\u30f3\u7ba1\u7406\u3001Let&#8217;s Encrypt\u306b\u3088\u308bSSL\u8a3c\u660e\u66f8\u306e\u81ea\u52d5\u66f4\u65b0\u3001VPN\u3084SSH\u63a5\u7d9a\u306e\u305f\u3081\u306e\u30b5\u30d6\u30c9\u30e1\u30a4\u30f3\u8a2d\u5b9a\u3001\u30e1\u30fc\u30eb\u30b5\u30fc\u30d0\u30fc\u9023\u643a\u307e\u3067\u3092\u3001\u30c8\u30e9\u30d6\u30eb\u30b7\u30e5\u30fc\u30c6\u30a3\u30f3\u30b0\u3092\u4ea4\u3048\u3066\u7d39\u4ecb\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">1. Cloudflare \u3067\u30b5\u30d6\u30c9\u30e1\u30a4\u30f3\u3092\u8a2d\u5b9a\u3057\u3066 VPN \u3084 SSH \u3092\u4f7f\u3048\u308b\u3088\u3046\u306b\u3059\u308b<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\">\u2753 \u554f\u984c\uff1aCloudflare\u7d4c\u7531\u3067VPN\u3084SSH\u304c\u4f7f\u3048\u306a\u3044<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">Cloudflare\u306e\u30d7\u30ed\u30ad\u30b7\uff08\u30aa\u30ec\u30f3\u30b8\u306e\u96f2\uff09\u304c\u30aa\u30f3\u3060\u3068\u3001HTTPS\u4ee5\u5916\u306e\u901a\u4fe1\uff08SSH, VPN, SMTP\u306a\u3069\uff09\u304c\u906e\u65ad\u3055\u308c\u307e\u3059\u3002<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">\u2705 \u89e3\u6c7a\u7b56\uff1a<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Cloudflare\u306eDNS\u8a2d\u5b9a\u3067\u3001\u8a72\u5f53\u30b5\u30d6\u30c9\u30e1\u30a4\u30f3\uff08\u4f8b\uff1a<code>vpn.kiwamaqs.com<\/code>\uff09\u3092\u8ffd\u52a0<\/li>\n\n\n\n<li><strong>\u30d7\u30ed\u30ad\u30b7\u3092OFF\uff08\u7070\u8272\uff09<\/strong>&nbsp;\u306b\u3059\u308b\u3053\u3068\u3067\u3001\u76f4\u63a5\u901a\u4fe1\u53ef\u80fd\u306b<\/li>\n\n\n\n<li>VPN\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u3067\u306f&nbsp;<code>Endpoint = vpn.kiwamaqs.com:51820<\/code>&nbsp;\u306e\u3088\u3046\u306b\u6307\u5b9a<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">2. Let&#8217;s Encrypt \u8a3c\u660e\u66f8\u306e\u53d6\u5f97\u3068\u81ea\u52d5\u66f4\u65b0\uff08Cloudflare DNS\u8a8d\u8a3c\uff09<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\">\u2753 \u554f\u984c\uff1amacOS\u3067<code>pip<\/code>\u304c\u52d5\u304b\u305a\u30d7\u30e9\u30b0\u30a4\u30f3\u304c\u4f7f\u3048\u306a\u3044<\/h4>\n\n\n\n<h4 class=\"wp-block-heading\">\u2705 \u89e3\u6c7a\u7b56\uff1a<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>brew install certbot<\/code><\/li>\n\n\n\n<li><code>brew install pipx &amp;&amp; pipx install certbot &amp;&amp; pipx inject certbot certbot-dns-cloudflare<\/code><\/li>\n\n\n\n<li><code>~\/.secrets\/cloudflare.ini<\/code>&nbsp;\u306bAPI\u30c8\u30fc\u30af\u30f3\u3092\u4fdd\u5b58\u3057\u3001\u30d1\u30fc\u30df\u30c3\u30b7\u30e7\u30f3\u3092600\u306b<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">\u2705 \u5b9f\u884c\u30b3\u30de\u30f3\u30c9\u4f8b\uff1a<\/h4>\n\n\n\n<pre class=\"wp-block-code\"><code>~\/.local\/bin\/certbot certonly \\\n  --dns-cloudflare \\\n  --dns-cloudflare-credentials ~\/.secrets\/cloudflare.ini \\\n  -d kiwamaqs.com -d www.kiwamaqs.com\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">3. Apache + Certbot \u306e\u81ea\u52d5\u66f4\u65b0\u69cb\u6210<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\">\u2753 \u554f\u984c\uff1a\u8a3c\u660e\u66f8\u66f4\u65b0\u5f8c\u306bApache\u304c\u518d\u8d77\u52d5\u3055\u308c\u306a\u3044<\/h4>\n\n\n\n<h4 class=\"wp-block-heading\">\u2705 \u89e3\u6c7a\u7b56\uff1a<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>certbot renew --deploy-hook \"sudo apachectl graceful\"<\/code><\/li>\n\n\n\n<li><code>visudo<\/code>&nbsp;\u3067&nbsp;<code>apachectl<\/code>&nbsp;\u3092NOPASSWD\u8a31\u53ef<\/li>\n\n\n\n<li>cron \u306b\u767b\u9332\uff1a<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>0 4 * * * ~\/.local\/bin\/certbot renew --quiet --deploy-hook \"sudo \/usr\/local\/bin\/apachectl graceful\"\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">4. Postfix \/ Dovecot \u9023\u643a\uff08\u30e1\u30fc\u30eb\u30b5\u30fc\u30d0\u30fc\u306e\u8a3c\u660e\u66f8\uff09<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\">\u2753 \u554f\u984c\uff1a<code>mail.kiwamaqs.com<\/code>&nbsp;\u3092\u66f4\u65b0\u3059\u308b\u306b\u306f Apache \u505c\u6b62\u304c\u5fc5\u8981<\/h4>\n\n\n\n<h4 class=\"wp-block-heading\">\u2705 \u89e3\u6c7a\u7b56\uff1a<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>certbot renew<\/code>&nbsp;\u306e\u524d\u306b&nbsp;<code>apachectl stop<\/code><\/li>\n\n\n\n<li><code>--deploy-hook<\/code>&nbsp;\u306b&nbsp;<code>postfix reload<\/code>&nbsp;\u3068&nbsp;<code>doveadm reload<\/code>&nbsp;\u3092\u542b\u3080\u30b9\u30af\u30ea\u30d7\u30c8<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">\u2705 \u30b9\u30af\u30ea\u30d7\u30c8\u4f8b\uff1a<code>\/usr\/local\/bin\/mail-cert-reload.sh<\/code><\/h4>\n\n\n\n<pre class=\"wp-block-code\"><code>#!\/bin\/bash\nsudo \/usr\/local\/bin\/apachectl start\nsudo \/usr\/sbin\/postfix reload\nsudo \/usr\/bin\/doveadm reload\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\u304a\u308f\u308a\u306b<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">\u3053\u306e\u3088\u3046\u306b\u3001\u81ea\u5b85\u30b5\u30fc\u30d0\u30fc\u3067Cloudflare\u3068Let&#8217;s Encrypt\u3092\u7d44\u307f\u5408\u308f\u305b\u308b\u3053\u3068\u3067\u3001\u5b89\u5168\u304b\u3064\u81ea\u52d5\u5316\u3055\u308c\u305fSSL\/TLS\u74b0\u5883\u3092\u69cb\u7bc9\u3067\u304d\u307e\u3059\u3002\u30c8\u30e9\u30d6\u30eb\u30b7\u30e5\u30fc\u30c6\u30a3\u30f3\u30b0\u3092\u901a\u3058\u3066\u3001\u3088\u308a\u5805\u7262\u306a\u69cb\u6210\u3092\u76ee\u6307\u3057\u307e\u3057\u3087\u3046\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u306f\u3058\u3081\u306b \u672c\u8a18\u4e8b\u3067\u306f\u3001macOS\u3067\u81ea\u5b85\u30b5\u30fc\u30d0\u30fc\u3092\u904b\u7528\u3057\u3066\u3044\u308b\u65b9\u5411\u3051\u306b\u3001Cloudflare\u3092\u4f7f\u3063\u305f\u30c9\u30e1\u30a4\u30f3\u7ba1\u7406\u3001Let&#8217;s Encrypt\u306b\u3088\u308bSSL\u8a3c\u660e\u66f8\u306e\u81ea\u52d5\u66f4\u65b0\u3001VPN\u3084SSH\u63a5\u7d9a\u306e\u305f\u3081\u306e\u30b5\u30d6\u30c9\u30e1\u30a4\u30f3\u8a2d [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":3396,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ngg_post_thumbnail":0,"_lightning_design_setting":{"layout":"default"},"footnotes":""},"categories":[4],"tags":[],"class_list":["post-3391","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-mac"],"_links":{"self":[{"href":"https:\/\/kiwamaqs.com\/weblog\/wp-json\/wp\/v2\/posts\/3391","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kiwamaqs.com\/weblog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kiwamaqs.com\/weblog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kiwamaqs.com\/weblog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/kiwamaqs.com\/weblog\/wp-json\/wp\/v2\/comments?post=3391"}],"version-history":[{"count":1,"href":"https:\/\/kiwamaqs.com\/weblog\/wp-json\/wp\/v2\/posts\/3391\/revisions"}],"predecessor-version":[{"id":3395,"href":"https:\/\/kiwamaqs.com\/weblog\/wp-json\/wp\/v2\/posts\/3391\/revisions\/3395"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kiwamaqs.com\/weblog\/wp-json\/wp\/v2\/media\/3396"}],"wp:attachment":[{"href":"https:\/\/kiwamaqs.com\/weblog\/wp-json\/wp\/v2\/media?parent=3391"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kiwamaqs.com\/weblog\/wp-json\/wp\/v2\/categories?post=3391"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kiwamaqs.com\/weblog\/wp-json\/wp\/v2\/tags?post=3391"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}