Config change : /etc/apapche2/sites-available/*.conf 파일에 입력된 등록을 원하는 도메인 정보를 변경하고 시작하세요
sudo certbot –apache
$ sudo certbot –apache certonly
sudo certbot –nginx
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
(A)gree/(C)ancel:
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let’s Encrypt project and the non-profit
organization that develops Certbot? We’d like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
(Y)es/(N)o:
Which names would you like to activate HTTPS for?
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
1: test.com
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel):
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for test.com
Waiting for verification…
Cleaning up challenges
IMPORTANT NOTES:
– Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/test.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/test.com/privkey.pem
Your cert will expire on 2018-12-16. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
“certbot renew”
– Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
– If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
SSL 인증서 파일
- privkey.pem : 인증서를 위한 비밀키 파일입니다.
- fullchain.pem : 인증서와 체인 인증서가 합쳐진 전체 파일입니다. 대부분의 서버 소프트웨어에서 사용됩니다.
- chain.pem : Nginx >=1.3.7에서 OCSP stapling을 위해서 사용됩니다.
- cert.pem : 생성된 인증서 파일입니다.
Apache 인증서 활성화
$ sudo a2enmod ssl
/etc/apache2/sites-available/*.conf
SSLEngine on
SSLCertificateKeyFile /etc/letsencrypt/live/test.com/privkey.pem
SSLCertificateFile /etc/letsencrypt/live/test.com/cert.pem
SSLCertificateChainFile /etc/letsencrypt/live/test.com/fullchain.pem
..
letsencrypt 자동갱신
0 0 1 * * /bin/bash -l -c ‘certbot renew –quiet’