728x90
EPE 패키지 설치
# Extra Packages for Enterprise Linux (or EPEL) 패키지 설치
$ yum install -y epel-releasecertbot 패키지 설치
$ yum install -y certbotLet's Encrypt(certbot) 인증서 발급
인증서 생성
: DNS 인증으로 인증서 발급하기
certbot certonly --manual --preferred-challenges dns -d img.sangchul.kr
[웹 서버 작업 - 1]
$ certbot certonly --manual --preferred-challenges dns -d img.sangchul.kr
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Cert is due for renewal, auto-renewing...
Renewing an existing certificate for img.sangchul.kr
Performing the following challenges:
dns-01 challenge for img.sangchul.kr
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name
_acme-challenge.img.sangchul.kr with the following value:
6X9DDTJlFNeFsDYC8bxpaL1BumSSRlYM_Ny2FinGIV4
Before continuing, verify the record is deployed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue[DNS 서버 작업]
** Enter를 누르기 전에 도메인 설정을 합니다.
DNS TXT 레코드 등록
_acme-challenge.img.sangchul.kr IN TXT 6X9DDTJlFNeFsDYC8bxpaL1BumSSRlYM_Ny2FinGIV4
TXT 레코드 조회
$ dig _acme-challenge.img.sangchul.kr txt +short
"6X9DDTJlFNeFsDYC8bxpaL1BumSSRlYM_Ny2FinGIV4"[웹 서버 작업 - 2]
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/img.sangchul.kr/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/img.sangchul.kr/privkey.pem
Your certificate will expire on 2021-12-15. To obtain a new or
tweaked version of this certificate in the future, simply run
certbot again. To non-interactively renew *all* of your
certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le웹 서버(가상호스트) 설정
SSLCertificateFile "/etc/letsencrypt/live/img.sangchul.kr/cert.pem"
SSLCertificateKeyFile "/etc/letsencrypt/live/img.sangchul.kr/privkey.pem"
SSLCACertificateFile "/etc/letsencrypt/live/img.sangchul.kr/chain.pem"
$ vim /usr/local/apache2/conf/extra/httpd-ssl.conf
...
SSLEngine on
SSLCertificateFile "/etc/letsencrypt/live/img.sangchul.kr/cert.pem"
SSLCertificateKeyFile "/etc/letsencrypt/live/img.sangchul.kr/privkey.pem"
SSLCACertificateFile "/etc/letsencrypt/live/img.sangchul.kr/chain.pem"
CustomLog "|/usr/sbin/cronolog /var/log/httpd/img.sangchul.kr-ssl-%Y%m%d.log" combined
ErrorLog "|/usr/sbin/cronolog /var/log/httpd/img.sangchul.kr-ssl-%Y%m%d.log"
...도커로 컨테이너로 Let's Encrypt(SSL) 인증서 발급
- DNS(도메인 TXT 레코드) 인증
$ docker run -it --rm --name certbot \
-v '/etc/letsencrypt:/etc/letsencrypt' \
-v '/var/lib/letsencrypt:/var/lib/letsencrypt' \
certbot/certbot certonly -d '*.sangchul.kr' \
--manual --preferred-challenges dns \
--server https://acme-v02.api.letsencrypt.org/directory인증서 갱신 테스트
certbot renew --dry-run인증서 갱신
certbot renew인증서 만료일 확인
certbot certificates인증서 삭제
certbot delete728x90
'리눅스' 카테고리의 다른 글
| [리눅스] Squirrelmail Install (0) | 2021.10.16 |
|---|---|
| [리눅스] CentOS 7 RabbitMQ 설치 방법 (0) | 2021.10.16 |
| [Linux] How to install JMeter on Linux (0) | 2021.08.19 |
| [리눅스] ping, telnet으로 통신(포트) 상태 확인 (0) | 2021.08.07 |
| [리눅스] PHP redis 확장(Extension)을 설치하는 방법 (0) | 2021.07.23 |
