#EPEL-Repository 설치
sudo yum install epel-release
#서트봇 설치
sudo yum install certbot
#서트봇 NGINX 설치
sudo yum install python2-certbot-nginx [python2-certbot-apache / python2-certbot-nginx]
#인증서 설치
sudo certbot --apache -d [ DOMAIN ] --no-eff-email --agree-tos -m ch1@test.com #선택1
sudo certbot --nginx -d [ DOMAIN ] --no-eff-email --agree-tos -m ch1@test.com #선택2
: --no-eff-email : Let's Encrypt 이메일을 받지 않음
: --agree-tos : 각종 체크 항목 전체 승인
: -m : 관리자 이메일 지정
---------------------------------------------------------------------------------------------
#성공 완료 시 문구
---------------------------------------------------------------------------------------------
[root@ip-XXXXX logs]# sudo certbot --nginx -d [ DOMAIN ] --no-eff-email --agree-tos -m ch1@test.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Account registered.
Requesting a certificate for [ DOMAIN ]
Performing the following challenges:
http-01 challenge for [ DOMAIN ]
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/nginx.conf
Redirecting all traffic on port 80 to ssl in /etc/nginx/nginx.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://[ DOMAIN ]
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/[ DOMAIN ]/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/[ DOMAIN ]/privkey.pem
Your certificate will expire on 2022-07-13. To obtain a new or
tweaked version of this certificate in the future, simply run
certbot again with the "certonly" option. To non-interactively
renew *all* of your certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
---------------------------------------------------------------------------------------------
#NGINX 내부 생성된 스크립트
ssl_certificate /etc/letsencrypt/live/[ DOMAIN ]/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/[ DOMAIN ]/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
#자동 갱신 테스트
sudo certbot renew --dry-run
sudo certbot renew --pre-hook "nginx -s stop" --post-hook "nginx"
#크론탭 등록
sudo crontab -e
#매월 1일 00:00 실행 설정
0 0 1 * * /usr/local/bin/certbot renew --pre-hook "nginx -s stop" --post-hook "nginx"
'개발 > 리눅스' 카테고리의 다른 글
| 리눅스 ROOT 논리적인 공간 추가 마운트 (0) | 2023.06.30 |
|---|---|
| AWS에 Jupyter Notebook 기본서비스로 설정 (0) | 2022.07.02 |
| openSSL 설정 (0) | 2022.04.08 |
| Linux 현재 날짜/시간 확인 및 변경 (0) | 2021.01.26 |
| Linux locale ( 한글 언어 설정 ) (0) | 2021.01.26 |