Put SSL (certbot) in GCP + CentOS6 (VM) + nginx

What to do this time

Let's put SSL in GCP + CentOS6 (VM) + nginx and connect with https

Information gathering

Let's Encrypt with GCP and display SSL (TLS) Automatically update SSL (TLS) with Let's encrypt with GCP Set up SSL for Nginx with Let's Encrypt Force Nginx to redirect request to https (TLS) Fixed the problem that NGINX repeatedly redirects after setting HTTP> redirect to HTTPS Put in certbot, get ssl, and set it to nginx.

certbot put in

Connect to gcp with ssh Stop nginx for the time being sudo service nginx stop git put sudo yum install git git clone certbot cd /usr/local

sudo git clone https://github.com/certbot/certbot.git

# Get SSL certificate
 Execute below
```cd /usr/local/certbot```

#### **`./certbot-auto certonly --standalone -t`**

After that, the following input confirmation

python

 enter email address

#### **`python`**
```(a)gree/(c)ancel

 Agree!

#### **`python`**
```(y)es/(n)o

 Can I send you an email? Because it is a question like NO

#### **`python`**
```please enter in your domain name(s) (comma and/or space separated)  (enter 'c' to cancel)

 Enter domain name (separate domain name and www.domain name with input space)
 It looks like it's done. .. ..

# nginx settings
 The following modifications may modify default.conf in /etc/nginx/conf.d/
 I think there is no problem even if you create it in another conf.
 I backed up an existing file in /etc/nginx/conf.d/ and created a domain name conf file.

cd /etc/nginx/conf.d sudo mv default.conf default.conf.org sudo mv ssl.conf ssl.conf.org sudo mv virtual.conf virtual.conf.org sudo cp default.conf.org domain name.conf

 Modify the created domain name.conf as follows

server { listen 80; server_name domain name; return 301 https://Domain namerequest_uri; ※redirect } server { listen 80; listen 443; server_name www.Domain name; return 301 https://Domain namerequest_uri; ※redirect }

server { listen 443 ssl default_server; listen [::]:443 ssl; server_name domain name; ssl_protocols TLSv1.1 TLSv1.2; ssl_certificate /etc/letsencrypt/live/Domain name/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/Domain name/privkey.pem; (Omission) }

 Modify the read file of nginx.conf

#include /etc/nginx/conf.d/*.conf;Comment out
include /etc/nginx/conf.d/Domain name.conf;

 start nginx
```sudo service nginx start```
```sudo service nginx reload```
```sudo service nginx restart```
 It started! !!
 Set firewall on GCP VM
 ![2020-09-01_01h01_43.jpg](https://qiita-image-store.s3.ap-northeast-1.amazonaws.com/0/567235/0059a952-906a-00b3-c05b-27b6dac8441d.jpeg)
# Connection confirmation
 ![2020-09-01_02h29_53.jpg](https://qiita-image-store.s3.ap-northeast-1.amazonaws.com/0/567235/696cbc39-a2e6-9c03-b673-689685b603f3.jpeg)
 I was able to connect with http, https, and www!
 Yeah
# certbot automatic update settings
 Set the following in cron
```crontab -e```

0 4 1 * * root /usr/local/certbot/certbot-auto renew --post-hook "service nginx restart"

 I think I can see if it works today.
 But I'm sleepy so take a rest.

# Work so far
 GCP resurrection work history
 [Restoring the neglected GCP (1) -Project creation-](https://qiita.com/3S_Laboo/items/62322280d1844d461bab)
 [Restoring the neglected GCP (2) -Create VM instance-](https://qiita.com/3S_Laboo/items/03b54621479e193101f7)
 [Restoring the neglected GCP (3) -install gcloud CLI-](https://qiita.com/3S_Laboo/items/75682b3d008d0fdce355)
 [Restoring the neglected GCP (4) -ssh connection from PC (Windows 10) to VM-](https://qiita.com/3S_Laboo/items/63a17738071a171decb1)
 [Restore the neglected GCP (5)-Fix the IP of the VM-](https://qiita.com/3S_Laboo/items/c897628aec6d04f4fe5f)
 [Restoring the neglected GCP (6) -installing nginx and setting http-](https://qiita.com/3S_Laboo/items/9a8446f84baa80252cb9)
 [Restoring the neglected GCP (end) -Setting your own domain-](https://qiita.com/3S_Laboo/items/cce944d49cbd1d4aa745)