Ubuntu 18.04
에서 Let’s Encrypt SSL Cert 설치 방법이 달라졌다.
1. Install Let’s Encrypt client (Certbot)
|
|
sudo add-apt-repository ppa:certbot/certbot sudo apt update sudo apt install python-certbot-apache |
2. Get an SSL Certificate
|
|
sudo certbot --apache -d test.com -d www.test.com |
결과
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1:수정없이 2:자동수정되게 (아래와 같은 문제 발생됨) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Your existing certificate has been successfully renewed, and the new certificate has been installed. The new certificate covers the following domains: https://aaa.auctionpro.co.kr You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=aaa.auctionpro.co.kr - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
2.1 delete SSL (필요시)
|
|
sudo certbot delete --cert-name example.com |
3. Test SSL
https://www.ssllabs.com/ssltest/analyze.html?d=aaa.auctionpro.co.kr
:::::::::::::::::::::::::::::::::: 아래 사항 생략::::::::::::::::::::::::::::::::::: 4. Auto Renewal (최신버전 설치 되면 자동으로 Renewal 됩니다) :: 아래 사항 생략
|
|
sudo certbot renew --dry-run |
결과
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/aaa.auctionpro.co.kr.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert not due for renewal, but simulating renewal for dry run Plugins selected: Authenticator apache, Installer apache Renewing an existing certificate Performing the following challenges: http-01 challenge for aaa.auctionpro.co.kr Waiting for verification... Cleaning up challenges - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - new certificate deployed with reload of apache server; fullchain is /etc/letsencrypt/live/aaa.auctionpro.co.kr/fullchain.pem - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
[…]
