Amazon Linux 2 で nginx + Let’s Encrypt によるSSL化

sudo yum install -y amazon-linux-extras
sudo amazon-linux-extras install epel -y

sudo yum install -y certbot
sudo certbot --nginx

$ sudo certbot --nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel): ※メールアドレスを入力※

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Host xxx
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y ※Yを入力※

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y ※Yを入力※
Account registered.
No names were found in your configuration files. Please enter in your domain
name(s) (comma and/or space separated)  (Enter 'c' to cancel): ※ドメインを入力※
Requesting a certificate for xxx
Performing the following challenges:
http-01 challenge for xxx
Using default addresses 80 and [::]:80 ipv6only=on for authentication.
Waiting for verification...
Cleaning up challenges
Could not automatically find a matching server block for xxx. Set the `server_name` directive to use the Nginx installer.

IMPORTANT NOTES:
 - Unable to install the certificate
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/xxx/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/xxxx/privkey.pem
   Your certificate will expire on 2024-02-16. To obtain a new or
   tweaked version of this certificate in the future, simply run
   certbot again with the "certonly" option. To non-interactively
   renew *all* of your certificates, run "certbot renew"

server {
  listen 443 ssl;
  ssl_certificate     /etc/letsencrypt/live/xxx/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/xxx/privkey.pem;
}