[{"data":1,"prerenderedAt":581},["ShallowReactive",2],{"post-zerossl-free-ssl-certificate-setup":3},{"id":4,"title":5,"body":6,"date":567,"description":568,"extension":569,"meta":570,"navigation":576,"path":577,"seo":578,"stem":579,"__hash__":580},"blog\u002Fblog\u002Fzerossl-free-ssl-certificate-setup.md","ZeroSSLで無料SSL証明書を取得してGCPに適用する",{"type":7,"value":8,"toc":535},"minimark",[9,13,24,28,31,36,44,50,58,61,77,80,91,95,99,106,110,127,131,138,142,149,153,156,161,164,170,210,214,217,220,223,227,230,250,254,258,301,306,338,344,348,378,382,389,392,395,398,412,415,424,451,454,457,468,471,479,482,493,496,499,504,515,520,528,531],[10,11,12],"h2",{"id":12},"はじめに",[14,15,16,23],"p",{},[17,18,22],"a",{"href":19,"rel":20},"https:\u002F\u002Fzerossl.com\u002F",[21],"nofollow","ZeroSSL","を使って無料のSSL証明書を発行し、GCP環境にHTTPSを導入する方法を解説します。",[10,25,27],{"id":26},"zerosslとは","ZeroSSLとは",[14,29,30],{},"ZeroSSLは、Let's Encryptと同様に無料でSSL証明書を発行できるサービスです。",[32,33,35],"h3",{"id":34},"lets-encryptとの違い","Let's Encryptとの違い",[14,37,38,43],{},[17,39,42],{"href":40,"rel":41},"https:\u002F\u002Fscotthelme.co.uk\u002Fintroducing-another-free-ca-as-an-alternative-to-lets-encrypt\u002F",[21],"Scott Helme氏の記事","では、以下のように述べられています。",[45,46,47],"blockquote",{},[14,48,49],{},"Let's Encryptは、証明書を無料で大規模に提供することで、素晴らしい活動をしている素晴らしい組織です。しかし、問題は、長い間、そのような組織は彼らだけだったということです。他の選択肢を持つことは常に良いアイデアです。",[14,51,52,53],{},"参考記事: ",[17,54,57],{"href":55,"rel":56},"https:\u002F\u002Fzenn.dev\u002Fmattn\u002Farticles\u002Fb2c4c92c9116b1",[21],"ZeroSSL を使ってみた",[32,59,60],{"id":60},"主な特徴",[62,63,64,68,71,74],"ul",{},[65,66,67],"li",{},"無料プランで90日間有効な証明書を発行可能",[65,69,70],{},"Webブラウザベースで証明書を管理",[65,72,73],{},"DNS（CNAME）、HTTP、メールの3つの認証方法に対応",[65,75,76],{},"複数ドメインの証明書を一元管理",[10,78,79],{"id":79},"前提条件",[62,81,82,85,88],{},[65,83,84],{},"GCPプロジェクトが作成済み",[65,86,87],{},"ドメインを取得済み",[65,89,90],{},"Cloud Load Balancingが設定済み",[10,92,94],{"id":93},"ssl証明書の発行手順","SSL証明書の発行手順",[32,96,98],{"id":97},"_1-zerosslにアカウント登録","1. ZeroSSLにアカウント登録",[14,100,101,105],{},[17,102,104],{"href":19,"rel":103},[21],"ZeroSSL公式サイト","にアクセスし、アカウントを作成します。",[32,107,109],{"id":108},"_2-証明書の新規作成","2. 証明書の新規作成",[111,112,113,116,124],"ol",{},[65,114,115],{},"ダッシュボードから「Create Free SSL Certificate」をクリック",[65,117,118,119,123],{},"証明書を発行したいドメイン名を入力（例：",[120,121,122],"code",{},"example.com","）",[65,125,126],{},"「Next Step」をクリック",[32,128,130],{"id":129},"_3-証明書の有効期間を選択","3. 証明書の有効期間を選択",[111,132,133,136],{},[65,134,135],{},"無料プランの場合は「90-Day Certificate」を選択",[65,137,126],{},[32,139,141],{"id":140},"_4-プランの選択","4. プランの選択",[111,143,144,147],{},[65,145,146],{},"「Free」プランを選択",[65,148,126],{},[32,150,152],{"id":151},"_5-ドメイン認証方法の選択","5. ドメイン認証方法の選択",[14,154,155],{},"3つの認証方法から選択できます",[157,158,160],"h4",{"id":159},"dns認証cname-推奨","DNS認証（CNAME）- 推奨",[14,162,163],{},"最も確実な方法です。ZeroSSLが提供するCNAMEレコードをDNSに追加します。",[14,165,166],{},[167,168,169],"strong",{},"手順：",[111,171,172,175,178,204,207],{},[65,173,174],{},"「DNS (CNAME)」を選択",[65,176,177],{},"表示されたCNAMEレコードをメモ",[65,179,180,181],{},"Cloud DNSまたは使用中のDNSサービスに以下を追加\n",[62,182,183,192,198],{},[65,184,185,188,189],{},[167,186,187],{},"名前"," ",[120,190,191],{},"_acme-challenge.example.com",[65,193,194,197],{},[167,195,196],{},"タイプ"," CNAME",[65,199,200,203],{},[167,201,202],{},"値"," ZeroSSLが提供した値",[65,205,206],{},"DNSの反映を待つ（数分〜最大48時間）",[65,208,209],{},"「Verify Domain」をクリック",[157,211,213],{"id":212},"http認証","HTTP認証",[14,215,216],{},"Webサーバーに検証ファイルを配置する方法です。",[157,218,219],{"id":219},"メール認証",[14,221,222],{},"ドメインの管理者メールアドレスに送信される認証リンクをクリックする方法です。",[32,224,226],{"id":225},"_6-証明書のダウンロード","6. 証明書のダウンロード",[14,228,229],{},"認証が完了すると、以下のファイルをダウンロードできます。",[62,231,232,238,244],{},[65,233,234,237],{},[120,235,236],{},"certificate.crt"," - 証明書本体",[65,239,240,243],{},[120,241,242],{},"ca_bundle.crt"," - 中間証明書",[65,245,246,249],{},[120,247,248],{},"private.key"," - 秘密鍵",[10,251,253],{"id":252},"gcp-cloud-load-balancingへの適用","GCP Cloud Load Balancingへの適用",[32,255,257],{"id":256},"_1-証明書のアップロード","1. 証明書のアップロード",[111,259,260,263,266,269,272],{},[65,261,262],{},"GCPコンソールで「ネットワークサービス > Load Balancing」を開く",[65,264,265],{},"対象のロードバランサーを選択",[65,267,268],{},"「編集」をクリック",[65,270,271],{},"「フロントエンド構成」セクションで「証明書を追加」をクリック",[65,273,274,275],{},"以下を入力\n",[62,276,277,282,293],{},[65,278,279,281],{},[167,280,187],{}," 任意の証明書名",[65,283,284,188,287,289,290,292],{},[167,285,286],{},"証明書",[120,288,236],{},"と",[120,291,242],{},"を結合した内容",[65,294,295,188,298,300],{},[167,296,297],{},"秘密鍵",[120,299,248],{},"の内容",[14,302,303],{},[167,304,305],{},"証明書の結合方法：",[307,308,313],"pre",{"className":309,"code":310,"language":311,"meta":312,"style":312},"language-bash shiki shiki-themes github-light github-dark","cat certificate.crt ca_bundle.crt > fullchain.crt\n","bash","",[120,314,315],{"__ignoreMap":312},[316,317,320,324,328,331,335],"span",{"class":318,"line":319},"line",1,[316,321,323],{"class":322},"sScJk","cat",[316,325,327],{"class":326},"sZZnC"," certificate.crt",[316,329,330],{"class":326}," ca_bundle.crt",[316,332,334],{"class":333},"szBVR"," >",[316,336,337],{"class":326}," fullchain.crt\n",[111,339,341],{"start":340},6,[65,342,343],{},"「作成」をクリック",[32,345,347],{"id":346},"_2-cloud-dnsの設定","2. Cloud DNSの設定",[111,349,350,353,356],{},[65,351,352],{},"「ネットワークサービス > Cloud DNS」を開く",[65,354,355],{},"対象のDNSゾーンを選択",[65,357,358,359],{},"Aレコードを追加\n",[62,360,361,367,372],{},[65,362,363,188,365],{},[167,364,187],{},[120,366,122],{},[65,368,369,371],{},[167,370,196],{}," A",[65,373,374,377],{},[167,375,376],{},"データ"," Cloud Load BalancingのIPアドレス",[32,379,381],{"id":380},"_3-動作確認","3. 動作確認",[14,383,384,385,388],{},"ブラウザで",[120,386,387],{},"https:\u002F\u002Fexample.com","にアクセスし、SSL証明書が正しく適用されていることを確認します。",[10,390,391],{"id":391},"自動更新の設定",[14,393,394],{},"無料証明書は90日間で期限切れになるため、定期的な更新が必要です。",[32,396,397],{"id":397},"更新方法",[111,399,400,403,406,409],{},[65,401,402],{},"ZeroSSLダッシュボードで期限切れ前の証明書を確認",[65,404,405],{},"「Renew」ボタンをクリック",[65,407,408],{},"同じ手順で新しい証明書を発行",[65,410,411],{},"Cloud Load Balancingの証明書を更新",[32,413,414],{"id":414},"更新の自動化",[14,416,417,418,423],{},"ZeroSSLは",[17,419,422],{"href":420,"rel":421},"https:\u002F\u002Fzerossl.com\u002Fdocumentation\u002Fapi\u002F",[21],"API","を提供しているため、スクリプトで自動化することも可能です。",[307,425,427],{"className":309,"code":426,"language":311,"meta":312,"style":312},"# 例：証明書の有効期限を確認するスクリプト\ncurl -X GET \"https:\u002F\u002Fapi.zerossl.com\u002Fcertificates?access_key=YOUR_API_KEY\"\n",[120,428,429,435],{"__ignoreMap":312},[316,430,431],{"class":318,"line":319},[316,432,434],{"class":433},"sJ8bj","# 例：証明書の有効期限を確認するスクリプト\n",[316,436,438,441,445,448],{"class":318,"line":437},2,[316,439,440],{"class":322},"curl",[316,442,444],{"class":443},"sj4cs"," -X",[316,446,447],{"class":326}," GET",[316,449,450],{"class":326}," \"https:\u002F\u002Fapi.zerossl.com\u002Fcertificates?access_key=YOUR_API_KEY\"\n",[10,452,453],{"id":453},"注意点とデメリット",[32,455,456],{"id":456},"証明書の有効期間",[62,458,459,462,465],{},[65,460,461],{},"無料プランは90日間のみ",[65,463,464],{},"有料プランでは1年間の証明書を発行可能",[65,466,467],{},"更新を忘れると証明書が失効し、サイトにアクセスできなくなる",[32,469,470],{"id":470},"管理の手間",[62,472,473,476],{},[65,474,475],{},"自動更新機能がないため、手動更新が必要",[65,477,478],{},"複数ドメインがある場合、個別に管理が必要",[32,480,481],{"id":481},"推奨される運用",[62,483,484,487,490],{},[65,485,486],{},"カレンダーに更新日をリマインダー設定",[65,488,489],{},"証明書の有効期限を監視するスクリプトを作成",[65,491,492],{},"本番環境では、証明書の自動更新に対応したサービスの検討も推奨",[10,494,495],{"id":495},"まとめ",[14,497,498],{},"ZeroSSLを使った無料SSL証明書の発行とGCPへの適用方法を解説しました。",[14,500,501],{},[167,502,503],{},"メリット：",[62,505,506,509,512],{},[65,507,508],{},"無料でSSL証明書を取得可能",[65,510,511],{},"Webブラウザで簡単に管理",[65,513,514],{},"Let's Encryptの代替選択肢",[14,516,517],{},[167,518,519],{},"デメリット：",[62,521,522,525],{},[65,523,524],{},"90日ごとの手動更新が必要",[65,526,527],{},"自動更新機能がない",[14,529,530],{},"小規模プロジェクトや検証環境には最適ですが、本番環境で長期運用する場合は、自動更新に対応したサービスやマネージドSSL証明書の利用も検討してください。",[532,533,534],"style",{},"html pre.shiki code .sScJk, html code.shiki .sScJk{--shiki-default:#6F42C1;--shiki-dark:#B392F0}html pre.shiki code .sZZnC, html code.shiki .sZZnC{--shiki-default:#032F62;--shiki-dark:#9ECBFF}html pre.shiki code .szBVR, html code.shiki .szBVR{--shiki-default:#D73A49;--shiki-dark:#F97583}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html pre.shiki code .sJ8bj, html code.shiki .sJ8bj{--shiki-default:#6A737D;--shiki-dark:#6A737D}html pre.shiki code .sj4cs, html code.shiki .sj4cs{--shiki-default:#005CC5;--shiki-dark:#79B8FF}",{"title":312,"searchDepth":437,"depth":437,"links":536},[537,538,543,544,552,557,561,566],{"id":12,"depth":437,"text":12},{"id":26,"depth":437,"text":27,"children":539},[540,542],{"id":34,"depth":541,"text":35},3,{"id":60,"depth":541,"text":60},{"id":79,"depth":437,"text":79},{"id":93,"depth":437,"text":94,"children":545},[546,547,548,549,550,551],{"id":97,"depth":541,"text":98},{"id":108,"depth":541,"text":109},{"id":129,"depth":541,"text":130},{"id":140,"depth":541,"text":141},{"id":151,"depth":541,"text":152},{"id":225,"depth":541,"text":226},{"id":252,"depth":437,"text":253,"children":553},[554,555,556],{"id":256,"depth":541,"text":257},{"id":346,"depth":541,"text":347},{"id":380,"depth":541,"text":381},{"id":391,"depth":437,"text":391,"children":558},[559,560],{"id":397,"depth":541,"text":397},{"id":414,"depth":541,"text":414},{"id":453,"depth":437,"text":453,"children":562},[563,564,565],{"id":456,"depth":541,"text":456},{"id":470,"depth":541,"text":470},{"id":481,"depth":541,"text":481},{"id":495,"depth":437,"text":495},"2022-01-30","Let's Encryptの代替として注目されるZeroSSLを使った無料SSL証明書の取得方法を解説します。GCP Cloud Load BalancingへのSSL証明書適用手順も紹介します。","md",{"tags":571},[572,573,574,575],"gcp","ssl","security","cloud",true,"\u002Fblog\u002Fzerossl-free-ssl-certificate-setup",{"title":5,"description":568},"blog\u002Fzerossl-free-ssl-certificate-setup","OWJEnaU7PmVAit-yCMtK6fP_B1CeAtSsj7HwuD2Sjrc",1773664054140]