yum install open-sslLet's Encrypt 설치
필수 패키지 설치 보통있겠지만, 없을수도있는 분을 위해
yum install httpd mod_sslLet's Encrypt 설치!
yum -y install certbotcertbot 로 인증서 제작! 끝(?!)
[root@localhost iteach4u]# certbot certonly --server https://acme-v01.api.letsencrypt.org/directory \
--rsa-key-size 4096 --agree-tos \
--email dikafryo@gmail.com --webroot -w /home/iteach4u/htdocs/ \
-d www.iteach4u.kr -d iteach4u.kr-d 옵션을 통해 같은 도메인에 호스트만 바뀌는 경우는 7일동안 5개의 도메인까지 가능하며,
1대의 서버에서 3시간에 10개의 도메인의 인증을 허용함.
아래와 같이 나오며.. 메일 수신을 할꺼냐? 물어보고 Y/N선택하면 설치 끝.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.iteach4u.kr
Using the webroot path /home/iteach4u/htdocs for all unmatched domains.
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/www.iteach4u.kr/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/www.iteach4u.kr/privkey.pem
Your cert will expire on 2018-12-17. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le위에 분홍색 경로에 파일을 ssl.conf 에 등록해야하니 잘 알아두자.
vi /etc/httpd/conf.d/ssl.conf 파일에 가상호스트를 만든다.
<VirtualHost *:443>
ServerName www.iteach4u.kr
DocumentRoot "/home/iteach4u/htdocs"
<Directory "/home/iteach4u/htdocs">
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
SSLEngine on
Header always set Strict-Transport-Security "max-age=31536000"
SSLCertificateFile /etc/letsencrypt/live/www.iteach4u.kr/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.iteach4u.kr/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/www.iteach4u.kr/chain.pem
SSLCACertificateFile /etc/letsencrypt/live/www.iteach4u.kr/fullchain.pem
ErrorLog "logs/error_log"
CustomLog "logs/access_log" combined
</VirtualHost>갱신은 완전 간단하다
/usr/bin/certbot renew
하면 자동갱신되며 저 명령어를 크론에 등록하면 되겠다.
갱신일 30일이하로 남아야 갱신되고 그 이상이면 갱신 안되고 그냥 pass니까. 나는 일주일에 한번씩 갱신하는걸로. 마지막 숫자는 수요일을 뜻함
vi /etc/crontab
3 2 * * 4 /usr/bin/certbot renew
댓글 없음:
댓글 쓰기