linux
CentOS 7.x의 nginx에 letsencrypt 설치하기.
KwonGyo
2021. 6. 3. 00:58
다음 키워드를 이용하여 epel-release를 설치합니다.yum install -y epel-release
다음과 같이 뜰겁니다.
$ yum install -y epel-release
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
epel/x86_64/metalink | 8.5 kB 00:00
* base: mirror.kakao.com
* epel: epel.01link.hk
* extras: mirror.kakao.com
* updates: mirror.kakao.com
base | 3.6 kB 00:00
epel | 4.7 kB 00:00
extras | 2.9 kB 00:00
mysql-connectors-community | 2.6 kB 00:00
mysql-tools-community | 2.6 kB 00:00
mysql57-community | 2.6 kB 00:00
updates | 2.9 kB 00:00
(1/2): epel/x86_64/updateinfo | 1.0 MB 00:00
(2/2): epel/x86_64/primary_db | 6.9 MB 00:04
Resolving Dependencies
--> Running transaction check
---> Package epel-release.noarch 0:7-11 will be updated
---> Package epel-release.noarch 0:7-13 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Updating:
epel-release noarch 7-13 epel 15 k
Transaction Summary
================================================================================
Upgrade 1 Package
Total download size: 15 k
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
epel-release-7-13.noarch.rpm | 15 kB 00:01
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Updating : epel-release-7-13.noarch 1/2
Cleanup : epel-release-7-11.noarch 2/2
Verifying : epel-release-7-13.noarch 1/2
Verifying : epel-release-7-11.noarch 2/2
Updated:
epel-release.noarch 0:7-13
Complete!certbot을 설치해줍니다.$ yum install -y certbot
$ yum install -y certbot
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.kakao.com
* epel: ftp.iij.ad.jp
* extras: mirror.kakao.com
* updates: mirror.kakao.com
Resolving Dependencies
--> Running transaction check
---> Package certbot.noarch 0:1.11.0-1.el7 will be installed
--> Processing Dependency: python2-certbot = 1.11.0-1.el7 for package: certbot-1.11.0-1.el7.noarch
--> Running transaction check
---> Package python2-certbot.noarch 0:1.11.0-1.el7 will be installed
--> Processing Dependency: python-parsedatetime >= 1.3 for package: python2-certbot-1.11.0-1.el7.noarch
--> Processing Dependency: python2-acme >= 1.8.0 for package: python2-certbot-1.11.0-1.el7.noarch
--> Processing Dependency: python2-configargparse >= 0.9.3 for package: python2-certbot-1.11.0-1.el7.noarch
--> Processing Dependency: python2-cryptography >= 1.2.3 for package: python2-certbot-1.11.0-1.el7.noarch
--> Processing Dependency: python2-distro >= 1.0.1 for package: python2-certbot-1.11.0-1.el7.noarch
--> Processing Dependency: python2-josepy >= 1.1.0 for package: python2-certbot-1.11.0-1.el7.noarch
--> Processing Dependency: python-setuptools for package: python2-certbot-1.11.0-1.el7.noarch
--> Processing Dependency: python-zope-component for package: python2-certbot-1.11.0-1.el7.noarch
--> Processing Dependency: python-zope-interface for package: python2-certbot-1.11.0-1.el7.noarch
--> Processing Dependency: python2-mock for package: python2-certbot-1.11.0-1.el7.noarch
--> Processing Dependency: python2-pyrfc3339 for package: python2-certbot-1.11.0-1.el7.noarch
--> Processing Dependency: pytz for package: python2-certbot-1.11.0-1.el7.noarch
--> Running transaction check
---> Package python-setuptools.noarch 0:0.9.8-7.el7 will be installed
--> Processing Dependency: python-backports-ssl_match_hostname for package: python-setuptools-0.9.8-7.el7.noarch
---> Package python-zope-component.noarch 1:4.1.0-5.el7 will be installed
--> Processing Dependency: python-zope-event for package: 1:python-zope-component-4.1.0-5.el7.noarch
---> Package python-zope-interface.x86_64 0:4.0.5-4.el7 will be installed
---> Package python2-acme.noarch 0:1.11.0-1.el7 will be installed
--> Processing Dependency: pyOpenSSL >= 0.13.1 for package: python2-acme-1.11.0-1.el7.noarch
--> Processing Dependency: python2-requests >= 2.6.0 for package: python2-acme-1.11.0-1.el7.noarch
--> Processing Dependency: python-ndg_httpsclient for package: python2-acme-1.11.0-1.el7.noarch
--> Processing Dependency: python-requests-toolbelt for package: python2-acme-1.11.0-1.el7.noarch
--> Processing Dependency: python2-pyasn1 for package: python2-acme-1.11.0-1.el7.noarch
--> Processing Dependency: python2-six for package: python2-acme-1.11.0-1.el7.noarch
---> Package python2-configargparse.noarch 0:0.11.0-2.el7 will be installed
---> Package python2-cryptography.x86_64 0:1.7.2-2.el7 will be installed
--> Processing Dependency: python-six >= 1.4.1 for package: python2-cryptography-1.7.2-2.el7.x86_64
--> Processing Dependency: python-idna >= 2.0 for package: python2-cryptography-1.7.2-2.el7.x86_64
--> Processing Dependency: python-cffi >= 1.4.1 for package: python2-cryptography-1.7.2-2.el7.x86_64
--> Processing Dependency: python-ipaddress for package: python2-cryptography-1.7.2-2.el7.x86_64
--> Processing Dependency: python-enum34 for package: python2-cryptography-1.7.2-2.el7.x86_64
---> Package python2-distro.noarch 0:1.2.0-3.el7 will be installed
---> Package python2-josepy.noarch 0:1.3.0-2.el7 will be installed
---> Package python2-mock.noarch 0:1.0.1-10.el7 will be installed
---> Package python2-parsedatetime.noarch 0:2.4-6.el7 will be installed
--> Processing Dependency: python2-future for package: python2-parsedatetime-2.4-6.el7.noarch
---> Package python2-pyrfc3339.noarch 0:1.1-3.el7 will be installed
---> Package pytz.noarch 0:2016.10-2.el7 will be installed
--> Running transaction check
---> Package pyOpenSSL.x86_64 0:0.13.1-4.el7 will be installed
---> Package python-backports-ssl_match_hostname.noarch 0:3.5.0.1-1.el7 will be installed
--> Processing Dependency: python-backports for package: python-backports-ssl_match_hostname-3.5.0.1-1.el7.noarch
---> Package python-cffi.x86_64 0:1.6.0-5.el7 will be installed
--> Processing Dependency: python-pycparser for package: python-cffi-1.6.0-5.el7.x86_64
---> Package python-enum34.noarch 0:1.0.4-1.el7 will be installed
---> Package python-idna.noarch 0:2.4-1.el7 will be installed
---> Package python-ipaddress.noarch 0:1.0.16-2.el7 will be installed
---> Package python-ndg_httpsclient.noarch 0:0.3.2-1.el7 will be installed
---> Package python-requests.noarch 0:2.6.0-10.el7 will be installed
--> Processing Dependency: python-urllib3 >= 1.10.2-1 for package: python-requests-2.6.0-10.el7.noarch
--> Processing Dependency: python-chardet >= 2.2.1-1 for package: python-requests-2.6.0-10.el7.noarch
---> Package python-requests-toolbelt.noarch 0:0.8.0-3.el7 will be installed
---> Package python-six.noarch 0:1.9.0-2.el7 will be installed
---> Package python-zope-event.noarch 0:4.0.3-2.el7 will be installed
---> Package python2-future.noarch 0:0.18.2-2.el7 will be installed
---> Package python2-pyasn1.noarch 0:0.1.9-7.el7 will be installed
---> Package python2-six.noarch 0:1.9.0-0.el7 will be installed
--> Running transaction check
---> Package python-backports.x86_64 0:1.0-8.el7 will be installed
---> Package python-chardet.noarch 0:2.2.1-3.el7 will be installed
---> Package python-pycparser.noarch 0:2.14-1.el7 will be installed
---> Package python-urllib3.noarch 0:1.10.2-7.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
========================================================================================================================
Package Arch Version Repository Size
========================================================================================================================
Installing:
certbot noarch 1.11.0-1.el7 epel 46 k
Installing for dependencies:
pyOpenSSL x86_64 0.13.1-4.el7 base 135 k
python-backports x86_64 1.0-8.el7 base 5.8 k
python-backports-ssl_match_hostname noarch 3.5.0.1-1.el7 base 13 k
python-cffi x86_64 1.6.0-5.el7 base 218 k
python-chardet noarch 2.2.1-3.el7 base 227 k
python-enum34 noarch 1.0.4-1.el7 base 52 k
python-idna noarch 2.4-1.el7 base 94 k
python-ipaddress noarch 1.0.16-2.el7 base 34 k
python-ndg_httpsclient noarch 0.3.2-1.el7 epel 43 k
python-pycparser noarch 2.14-1.el7 base 104 k
python-requests noarch 2.6.0-10.el7 base 95 k
python-requests-toolbelt noarch 0.8.0-3.el7 epel 78 k
python-setuptools noarch 0.9.8-7.el7 base 397 k
python-six noarch 1.9.0-2.el7 base 29 k
python-urllib3 noarch 1.10.2-7.el7 base 103 k
python-zope-component noarch 1:4.1.0-5.el7 epel 228 k
python-zope-event noarch 4.0.3-2.el7 epel 79 k
python-zope-interface x86_64 4.0.5-4.el7 base 138 k
python2-acme noarch 1.11.0-1.el7 epel 83 k
python2-certbot noarch 1.11.0-1.el7 epel 386 k
python2-configargparse noarch 0.11.0-2.el7 epel 31 k
python2-cryptography x86_64 1.7.2-2.el7 base 502 k
python2-distro noarch 1.2.0-3.el7 epel 29 k
python2-future noarch 0.18.2-2.el7 epel 806 k
python2-josepy noarch 1.3.0-2.el7 epel 89 k
python2-mock noarch 1.0.1-10.el7 epel 92 k
python2-parsedatetime noarch 2.4-6.el7 epel 78 k
python2-pyasn1 noarch 0.1.9-7.el7 base 100 k
python2-pyrfc3339 noarch 1.1-3.el7 epel 16 k
python2-six noarch 1.9.0-0.el7 epel 2.9 k
pytz noarch 2016.10-2.el7 base 46 k
Transaction Summary
========================================================================================================================
Install 1 Package (+31 Dependent packages)
Total download size: 4.3 M
Installed size: 20 M
Downloading packages:
(1/32): python-backports-1.0-8.el7.x86_64.rpm | 5.8 kB 00:00:00
(2/32): pyOpenSSL-0.13.1-4.el7.x86_64.rpm | 135 kB 00:00:00
(3/32): python-backports-ssl_match_hostname-3.5.0.1-1.el7.noarch.rpm | 13 kB 00:00:00
(4/32): python-chardet-2.2.1-3.el7.noarch.rpm | 227 kB 00:00:00
(5/32): python-cffi-1.6.0-5.el7.x86_64.rpm | 218 kB 00:00:00
(6/32): python-enum34-1.0.4-1.el7.noarch.rpm | 52 kB 00:00:00
(7/32): python-ipaddress-1.0.16-2.el7.noarch.rpm | 34 kB 00:00:00
(8/32): python-pycparser-2.14-1.el7.noarch.rpm | 104 kB 00:00:00
(9/32): python-idna-2.4-1.el7.noarch.rpm | 94 kB 00:00:00
(10/32): python-requests-2.6.0-10.el7.noarch.rpm | 95 kB 00:00:00
(11/32): certbot-1.11.0-1.el7.noarch.rpm | 46 kB 00:00:00
(12/32): python-setuptools-0.9.8-7.el7.noarch.rpm | 397 kB 00:00:00
(13/32): python-urllib3-1.10.2-7.el7.noarch.rpm | 103 kB 00:00:00
(14/32): python-six-1.9.0-2.el7.noarch.rpm | 29 kB 00:00:00
(15/32): python-requests-toolbelt-0.8.0-3.el7.noarch.rpm | 78 kB 00:00:00
(16/32): python-zope-component-4.1.0-5.el7.noarch.rpm | 228 kB 00:00:00
(17/32): python-zope-interface-4.0.5-4.el7.x86_64.rpm | 138 kB 00:00:00
(18/32): python-zope-event-4.0.3-2.el7.noarch.rpm | 79 kB 00:00:00
(19/32): python2-acme-1.11.0-1.el7.noarch.rpm | 83 kB 00:00:00
(20/32): python2-certbot-1.11.0-1.el7.noarch.rpm | 386 kB 00:00:00
(21/32): python2-cryptography-1.7.2-2.el7.x86_64.rpm | 502 kB 00:00:00
(22/32): python2-configargparse-0.11.0-2.el7.noarch.rpm | 31 kB 00:00:00
(23/32): python2-distro-1.2.0-3.el7.noarch.rpm | 29 kB 00:00:00
(24/32): python2-future-0.18.2-2.el7.noarch.rpm | 806 kB 00:00:00
(25/32): python2-josepy-1.3.0-2.el7.noarch.rpm | 89 kB 00:00:00
(26/32): python2-mock-1.0.1-10.el7.noarch.rpm | 92 kB 00:00:00
(27/32): python2-pyasn1-0.1.9-7.el7.noarch.rpm | 100 kB 00:00:00
(28/32): python2-parsedatetime-2.4-6.el7.noarch.rpm | 78 kB 00:00:00
(29/32): python2-pyrfc3339-1.1-3.el7.noarch.rpm | 16 kB 00:00:00
(30/32): pytz-2016.10-2.el7.noarch.rpm | 46 kB 00:00:00
(31/32): python2-six-1.9.0-0.el7.noarch.rpm | 2.9 kB 00:00:00
(32/32): python-ndg_httpsclient-0.3.2-1.el7.noarch.rpm | 43 kB 00:00:01
------------------------------------------------------------------------------------------------------------------------
Total 2.3 MB/s | 4.3 MB 00:00:01
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : python2-pyasn1-0.1.9-7.el7.noarch 1/32
Installing : pyOpenSSL-0.13.1-4.el7.x86_64 2/32
Installing : python-six-1.9.0-2.el7.noarch 3/32
Installing : python-ipaddress-1.0.16-2.el7.noarch 4/32
Installing : python2-six-1.9.0-0.el7.noarch 5/32
Installing : python2-pyrfc3339-1.1-3.el7.noarch 6/32
Installing : python-zope-interface-4.0.5-4.el7.x86_64 7/32
Installing : pytz-2016.10-2.el7.noarch 8/32
Installing : python-zope-event-4.0.3-2.el7.noarch 9/32
Installing : 1:python-zope-component-4.1.0-5.el7.noarch 10/32
Installing : python-pycparser-2.14-1.el7.noarch 11/32
Installing : python-cffi-1.6.0-5.el7.x86_64 12/32
Installing : python-chardet-2.2.1-3.el7.noarch 13/32
Installing : python2-mock-1.0.1-10.el7.noarch 14/32
Installing : python-backports-1.0-8.el7.x86_64 15/32
Installing : python-backports-ssl_match_hostname-3.5.0.1-1.el7.noarch 16/32
Installing : python-setuptools-0.9.8-7.el7.noarch 17/32
Installing : python-ndg_httpsclient-0.3.2-1.el7.noarch 18/32
Installing : python-urllib3-1.10.2-7.el7.noarch 19/32
Installing : python-requests-2.6.0-10.el7.noarch 20/32
Installing : python-requests-toolbelt-0.8.0-3.el7.noarch 21/32
Installing : python2-distro-1.2.0-3.el7.noarch 22/32
Installing : python2-future-0.18.2-2.el7.noarch 23/32
Installing : python2-parsedatetime-2.4-6.el7.noarch 24/32
Installing : python2-configargparse-0.11.0-2.el7.noarch 25/32
Installing : python-enum34-1.0.4-1.el7.noarch 26/32
Installing : python-idna-2.4-1.el7.noarch 27/32
Installing : python2-cryptography-1.7.2-2.el7.x86_64 28/32
Installing : python2-josepy-1.3.0-2.el7.noarch 29/32
Installing : python2-acme-1.11.0-1.el7.noarch 30/32
Installing : python2-certbot-1.11.0-1.el7.noarch 31/32
Installing : certbot-1.11.0-1.el7.noarch 32/32
Verifying : python-idna-2.4-1.el7.noarch 1/32
Verifying : python-backports-ssl_match_hostname-3.5.0.1-1.el7.noarch 2/32
Verifying : python2-six-1.9.0-0.el7.noarch 3/32
Verifying : pytz-2016.10-2.el7.noarch 4/32
Verifying : python-ndg_httpsclient-0.3.2-1.el7.noarch 5/32
Verifying : python-enum34-1.0.4-1.el7.noarch 6/32
Verifying : 1:python-zope-component-4.1.0-5.el7.noarch 7/32
Verifying : python-setuptools-0.9.8-7.el7.noarch 8/32
Verifying : python-ipaddress-1.0.16-2.el7.noarch 9/32
Verifying : certbot-1.11.0-1.el7.noarch 10/32
Verifying : python-requests-toolbelt-0.8.0-3.el7.noarch 11/32
Verifying : python2-configargparse-0.11.0-2.el7.noarch 12/32
Verifying : python2-future-0.18.2-2.el7.noarch 13/32
Verifying : python-zope-interface-4.0.5-4.el7.x86_64 14/32
Verifying : python-six-1.9.0-2.el7.noarch 15/32
Verifying : python2-distro-1.2.0-3.el7.noarch 16/32
Verifying : python2-josepy-1.3.0-2.el7.noarch 17/32
Verifying : python-urllib3-1.10.2-7.el7.noarch 18/32
Verifying : python-backports-1.0-8.el7.x86_64 19/32
Verifying : python2-acme-1.11.0-1.el7.noarch 20/32
Verifying : pyOpenSSL-0.13.1-4.el7.x86_64 21/32
Verifying : python-cffi-1.6.0-5.el7.x86_64 22/32
Verifying : python2-mock-1.0.1-10.el7.noarch 23/32
Verifying : python-chardet-2.2.1-3.el7.noarch 24/32
Verifying : python-pycparser-2.14-1.el7.noarch 25/32
Verifying : python-requests-2.6.0-10.el7.noarch 26/32
Verifying : python-zope-event-4.0.3-2.el7.noarch 27/32
Verifying : python2-pyrfc3339-1.1-3.el7.noarch 28/32
Verifying : python2-pyasn1-0.1.9-7.el7.noarch 29/32
Verifying : python2-parsedatetime-2.4-6.el7.noarch 30/32
Verifying : python2-cryptography-1.7.2-2.el7.x86_64 31/32
Verifying : python2-certbot-1.11.0-1.el7.noarch 32/32
Installed:
certbot.noarch 0:1.11.0-1.el7
Dependency Installed:
pyOpenSSL.x86_64 0:0.13.1-4.el7 python-backports.x86_64 0:1.0-8.el7
python-backports-ssl_match_hostname.noarch 0:3.5.0.1-1.el7 python-cffi.x86_64 0:1.6.0-5.el7
python-chardet.noarch 0:2.2.1-3.el7 python-enum34.noarch 0:1.0.4-1.el7
python-idna.noarch 0:2.4-1.el7 python-ipaddress.noarch 0:1.0.16-2.el7
python-ndg_httpsclient.noarch 0:0.3.2-1.el7 python-pycparser.noarch 0:2.14-1.el7
python-requests.noarch 0:2.6.0-10.el7 python-requests-toolbelt.noarch 0:0.8.0-3.el7
python-setuptools.noarch 0:0.9.8-7.el7 python-six.noarch 0:1.9.0-2.el7
python-urllib3.noarch 0:1.10.2-7.el7 python-zope-component.noarch 1:4.1.0-5.el7
python-zope-event.noarch 0:4.0.3-2.el7 python-zope-interface.x86_64 0:4.0.5-4.el7
python2-acme.noarch 0:1.11.0-1.el7 python2-certbot.noarch 0:1.11.0-1.el7
python2-configargparse.noarch 0:0.11.0-2.el7 python2-cryptography.x86_64 0:1.7.2-2.el7
python2-distro.noarch 0:1.2.0-3.el7 python2-future.noarch 0:0.18.2-2.el7
python2-josepy.noarch 0:1.3.0-2.el7 python2-mock.noarch 0:1.0.1-10.el7
python2-parsedatetime.noarch 0:2.4-6.el7 python2-pyasn1.noarch 0:0.1.9-7.el7
python2-pyrfc3339.noarch 0:1.1-3.el7 python2-six.noarch 0:1.9.0-0.el7
pytz.noarch 0:2016.10-2.el7
Complete!python2-certbot-nginx 을 설치해줍니다.
yum install -y python2-certbot-nginx
$ yum install -y python2-certbot-nginx
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.kakao.com
* epel: epel.01link.hk
* extras: mirror.kakao.com
* updates: mirror.kakao.com
Resolving Dependencies
--> Running transaction check
---> Package python2-certbot-nginx.noarch 0:1.11.0-1.el7 will be installed
--> Processing Dependency: pyparsing >= 1.5.5 for package: python2-certbot-nginx-1.11.0-1.el7.noarch
--> Running transaction check
---> Package pyparsing.noarch 0:1.5.6-9.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
========================================================================================================================
Package Arch Version Repository Size
========================================================================================================================
Installing:
python2-certbot-nginx noarch 1.11.0-1.el7 epel 78 k
Installing for dependencies:
pyparsing noarch 1.5.6-9.el7 base 94 k
Transaction Summary
========================================================================================================================
Install 1 Package (+1 Dependent package)
Total download size: 172 k
Installed size: 633 k
Downloading packages:
(1/2): pyparsing-1.5.6-9.el7.noarch.rpm | 94 kB 00:00:00
(2/2): python2-certbot-nginx-1.11.0-1.el7.noarch.rpm | 78 kB 00:00:00
------------------------------------------------------------------------------------------------------------------------
Total 243 kB/s | 172 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : pyparsing-1.5.6-9.el7.noarch 1/2
Installing : python2-certbot-nginx-1.11.0-1.el7.noarch 2/2
Verifying : python2-certbot-nginx-1.11.0-1.el7.noarch 1/2
Verifying : pyparsing-1.5.6-9.el7.noarch 2/2
Installed:
python2-certbot-nginx.noarch 0:1.11.0-1.el7
Dependency Installed:
pyparsing.noarch 0:1.5.6-9.el7
Complete!인증을 시작합시다.
아래의 키워드를 입력합니다.$ certbot --standalone -d [도메인주소] certonly
그렇다면 아래처럼 노출되는데요,
이메일 입력 해주시고 넘어갑니다.
$ certbot --standalone -d [도메인주소] certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel): [이메일주소]
다음으로 서비스 약관을 읽고 동의하라는 문구가 노출되는데요.
y를 눌러 동의하고 넘어갑니다.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y제공한 이메일을 이용하여,
EFF와 공유하고 이곳 저곳에 사용하는걸 동의하냐는 말인데요.
y누르고 넘어갑니다.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y완료되면 아래처럼 노출됩니다.
Account registered.
Requesting a certificate for [도메인주소]
Performing the following challenges:
http-01 challenge for [도메인주소]
Waiting for verification...
Cleaning up challenges
Subscribe to the EFF mailing list (email: [이메일주소]).
Starting new HTTPS connection (1): supporters.eff.org
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/[도메인주소]/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/[도메인주소]/privkey.pem
Your certificate will expire on 2021-08-31. To obtain a new or
tweaked version of this certificate in the future, simply run
certbot again. To non-interactively renew *all* of your
certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le여기서 인증키가 저장 되어있는 두 패스를 잘 보시면 됩니다.
/etc/letsencrypt/live/[도메인주소]/fullchain.pem
/etc/letsencrypt/live/[도메인주소]/privkey.pemnginx.conf에 가서 다음과 같이 ssl 전용 server를 세팅합니다.
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name [도메인주소];
root /usr/share/nginx/html;
ssl_certificate /etc/letsencrypt/live/[도메인주소]/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/[도메인주소]/privkey.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
}기존에 80포트로 제공중이던 기본 서버를,
443 포트로 redirect 해주도록 아래와 같이 세팅을 변경합니다.
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name [도메인주소];
return 301 https://$host$request_uri;
}시간이 지남에 따라서 자동 갱신이 가능하도록 crontab을 등록해줍니다.
다음을 이용하여 에디터 페이지로 이동합니다.crontab -e
매일 밤 1시에 자동으로 업데이트가 가능하도록 다음과 같이 입력합니다.
0 1 * * * sudo certbot renew --standalone --pre-hook "service nginx stop" --post-hook "service nginx start"잘 등록 되었는지 확인합니다.
$ crontab -l
0 1 * * * sudo certbot renew --standalone --pre-hook "service nginx stop" --post-hook "service nginx start"세팅이 완료되었습니다.
참고한 사이트
https://certbot.eff.org/lets-encrypt/centosrhel7-nginx
https://www.burndogfather.com/187