1. mod_ssl 설치
yum install -y mod_ssl
2. Certbot 설치
mkdir /usr/local/certbot cd /usr/local/certbot wget https://dl.eff.org/certbot-auto chmod 755 certbot-auto
3. Certbot 사용전 업데이트(단순 실행)
./certbot-auto
Error while running apachectl configtest.
AH00526: Syntax error on line 85 of /etc/httpd/conf.d/ssl.conf:
SSLCertificateFile: file '/etc/pki/tls/certs/localhost.crt' does not exist or is empty
How would you like to authenticate and install certificates?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Apache Web Server plugin (apache) [Misconfigured]
2: Nginx Web Server plugin (nginx)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): c
*일단 기본 패키지 설치를 위해 실행한 것이므로 여기서 중단
4. nginx 플러그인을 이용하여 인증서 발급
./certbot-auto --nginx --register-unsafely-without-email
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: a
Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: db.25ni.pe.kr
2: dns.25ni.pe.kr
3: mail.25ni.pe.kr
4: yeonghoon.kim
5: data.yeonghoon.kim
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 4
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):2
리다이렉트를 선택할 경우 알아서 nginx 설정을 바꿔줌.
server {
if ($host = yeonghoon.kim) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name yeonghoon.kim;
return 404; # managed by Certbot
}
5. nginx 재구동 후 정상적으로 작동하는지 확인
service nginx restart
nginx 패키지 설치 기준이므로 소스 설치를 했을 경우 수동으로 발급할 것