이채현
<aside> 💡
Certbot을 통해 무료로 서버인증서를 발급하고, 자동으로 갱신 가능
</aside>
최신 버전의 우분투에는 snapd가 설치되어있는 것으로 알고 있음
# apt # snap
# Ubuntu
sudo apt install snapd
sudo reboot
sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
# dns cloudflare
sudo snap set certbot trust-plugin-with-root=ok
sudo snap install certbot-dns-cloudflare
mkdir -p ~/.secrets/certbot
vi ~/.secrets/certbot/cloudflare.ini
----------------------------------
# Cloudflare API token used by Certbot
dns_cloudflare_api_token = IdgrE2pGEQxdq43kQPJ8*****************
chmod 600 ~/.secrets/certbot/cloudflare.ini
#
# *.4084.live
sudo certbot certonly --dns-cloudflare \\
--dns-cloudflare-credentials ~/.secrets/certbot/cloudflare.ini \\
-d *.4084.live
-----------------
ubuntu@dev-project-app:~$ sudo certbot certonly --dns-cloudflare \\
> --dns-cloudflare-credentials ~/.secrets/certbot/cloudflare.ini \\
> -d *.4084.live
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel): [email protected]
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
<https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf>. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
Account registered.
Requesting a certificate for *.4084.live
Waiting 10 seconds for DNS changes to propagate
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/4084.live/fullchain.pem
Key is saved at: /etc/letsencrypt/live/4084.live/privkey.pem
This certificate expires on 2022-02-26.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: <https://letsencrypt.org/donate>
* Donating to EFF: <https://eff.org/donate-le>
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
생성된 인증서 경로 /etc/letsencrypt/live/4084.live/fullchain.pem /etc/letsencrypt/live/4084.live/privkey.pem
# (--dry-run)
sudo certbot renew --dry-run
#(xx )
sudo certbot renew
(매주 일요일 2시 1분에 실행)