개발 일반
(서버) certbot 을 이용한 https 인증서 발급받기
danune.dev
2022. 6. 15. 14:08
https 를 사용하기 위해 certbot 으로 인증서를 발급받는 과정입니다
인증서 발급중에는 기존에 80번포트로 운영중인 서비스가 있었다면 잠시 꺼두셔야 합니다
1. 설치
sudo apt install certbot
2. 인증서 발급
| $ certbot certonly --standalone Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): danu.apps.co@gmail.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v02.api.letsencrypt.org/directory - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (A)gree/(C)ancel: A - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: N Please enter in your domain name(s) (comma and/or space separated) (Enter 'c' to cancel): {내 서버 도메인주소 입력} Obtaining a new certificate Performing the following challenges: http-01 challenge for {입력한 서버 도메인주소} Waiting for verification... Cleaning up challenges IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/{입력한 서버 도메인주소}/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/{입력한 서버 도메인주소}/privkey.pem Your cert will expire on 2022-09-13. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le |
3. 인증서 자동 갱신
- 인증서의 유효기간이 3개월이기 때문에 주기적으로 갱신해줘야 합니다
- crontab 을 이용해 갱신하면됩니다
crontab -e
# 아래 추가
0 0 1 * * /usr/bin/certbot renew- 매월 1일 0시 0분에 갱신하게 됩니다