WordPress – SSL Setting – Ubuntu Linux

Add to favorites

Config change : /etc/apapche2/sites-available/*.conf  파일에 입력된 등록을 원하는 도메인 정보를 변경하고 시작하세요

sudo certbot –apache

$ sudo certbot –apache certonly

sudo certbot –nginx

Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
(A)gree/(C)ancel:

Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let’s Encrypt project and the non-profit
organization that develops Certbot? We’d like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
(Y)es/(N)o:

Which names would you like to activate HTTPS for?
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
1: test.com
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel):

Obtaining a new certificate
Performing the following challenges:
http-01 challenge for test.com
Waiting for verification…
Cleaning up challenges

IMPORTANT NOTES:
– Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/test.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/test.com/privkey.pem
Your cert will expire on 2018-12-16. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
“certbot renew”
– Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
– If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let’s Encrypt:   https://letsencrypt.org/donate
Donating to EFF:                    https://eff.org/donate-le

SSL 인증서 파일

• privkey.pem : 인증서를 위한 비밀키 파일입니다.
• fullchain.pem : 인증서와 체인 인증서가 합쳐진 전체 파일입니다. 대부분의 서버 소프트웨어에서 사용됩니다.
• chain.pem : Nginx >=1.3.7에서 OCSP stapling을 위해서 사용됩니다.
• cert.pem : 생성된 인증서 파일입니다.

Apache 인증서 활성화

$ sudo a2enmod ssl

/etc/apache2/sites-available/*.conf

SSLEngine on
SSLCertificateKeyFile   /etc/letsencrypt/live/test.com/privkey.pem
SSLCertificateFile      /etc/letsencrypt/live/test.com/cert.pem
SSLCertificateChainFile    /etc/letsencrypt/live/test.com/fullchain.pem
..

letsencrypt 자동갱신

0 0 1 * * /bin/bash -l -c ‘certbot renew –quiet’