변군이글루

[SSL 인증서] Let's Encrypt(certbot) 본문

* 리눅스

[SSL 인증서] Let's Encrypt(certbot)

변군 변군이글루 2021. 3. 9. 22:36
728x90
반응형

Let's Encrypt(certbot)

EPEL 패키지 설치

# Extra Packages for Enterprise Linux (or EPEL) 패키지 설치
$ yum install -y epel-release

certbot 패키지 설치 및 디렉터리 권한 설정

$ yum install -y certbot

$ mkdir -p /var/lib/letsencrypt/.well-known

$ cd /var/lib/

$ chgrp nobody letsencrypt

$ chmod g+s letsencrypt

인증서 생성

$ certbot certonly --agree-tos --email admin@sangchul.kr --webroot -w /var/lib/letsencrypt/ -d ssl.sangchul.kr
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
Account registered.
Requesting a certificate for ssl.sangchul.kr
Performing the following challenges:
http-01 challenge for ssl.sangchul.kr
Using the webroot path /var/lib/letsencrypt for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Subscribe to the EFF mailing list (email: admin@sangchul.kr).
Starting new HTTPS connection (1): supporters.eff.org

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/ssl.sangchul.kr/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/ssl.sangchul.kr/privkey.pem
   Your certificate will expire on 2021-06-07. To obtain a new or
   tweaked version of this certificate in the future, simply run
   certbot again. To non-interactively renew *all* of your
   certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

인증서 파일

/etc/letsencrypt/live/ssl.sangchul.kr/cert.pem
/etc/letsencrypt/live/ssl.sangchul.kr/privkey.pem
/etc/letsencrypt/live/ssl.sangchul.kr/chain.pem

 

 

728x90
반응형
0 Comments
댓글쓰기 폼