nginx에 http 세팅이 모두 완료됐다는 가정하에 작성되었습니다.
1. certbot 설치하기
sudo apt update
sudo apt install -y snapd
# snapd 최신 버전으로 업데이트
sudo snap install core
sudo snap refresh core
# snapd 를 사용해 certbot 설치
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
2. SSL 등록하기
sudo certbot --nginx
질의내용의 프롬프트가 나옴
# 이메일 등록
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel):
# 이용약관 동의 - 필수 Y
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o:
# 이메일을 통해 이메일로 뉴스들을 받아볼 것인지 동의 - 선택 Y,N
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o:
# 도메인 설정
# http 등록이 제대로 이루어졌다면, 등록했던 domain 리스트가 나옴
# 숫자를 입력하면 되는데, 한꺼번에 여러개 실행가능 (e.g, 1,2,3)
Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: some_random_domain.com
2: some_random_domain2.com
3: sub1.some_random_domain.com
4: sub2.some_random_domain.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
3. 성공메시지
Requesting a certificate for xxxxxx.com
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/xxxxxx.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/xxxxxx.com/privkey.pem
This certificate expires on 2024-02-01.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
Deploying certificate
Successfully deployed certificate for xxxxxx.com to /etc/nginx/sites-enabled/default
Congratulations! You have successfully enabled HTTPS on xxxxxx.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
여기서 알아둬야 할 것은, certificate 키들의 위치이다. 또한 certbot 에서는 이미, 백그라운드 서비스를 통해 자동으로 갱신해준다는 것!
나는 nginx 세팅을 /etc/nginx/sites-enabled/default 에 해뒀기 때문에 /etc/nginx/sites-enabled/default 에 들어가보면, certbot 으로
# managed by Certbot
코맨트와 함께 잘 등록되었다는 것을 알 수 있다.