정보실

웹학교

정보실

그누보드 리눅스 우분투 16.04 아파치에 Let's Encrypt 설치하기

본문

서버환경에 따라 Let's Encrypt 설치방법이 조금씩 다른 것 같다.

기존 운영중이던 abc.kr 같은 도메인에 https://abc.com 을 적용하기 (그누보드5)


서버환경
Ubuntu 16.04.x

Apache 2.4.x


1. CertBot 설치

#sudo apt-get install software-properties-common python-software-properties

#sudo add-apt-repository ppa:certbot/certbot

#sudo apt-get update

#sudo apt-get install python-certbot-apache


2. Let's Encrypt SSL 설치

sudo certbot --apache -d abc.kr


Saving debug log to /var/log/letsencrypt/letsencrypt.log

Plugins selected: Authenticator apache, Installer apache

Enter email address (used for urgent renewal and security notices) (Enter 'c' to

cancel): 이용하는 E-mail을 적어준다(abc@gmail.com)


Please read the Terms of Service at

https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must

agree in order to register with the ACME server at

https://acme-v01.api.letsencrypt.org/directory

-------------------------------------------------------------------------------

(A)gree/(C)ancel: A 당연히 약관에 동의해야 하므로 A


Would you be willing to share your email address with the Electronic Frontier

Foundation, a founding partner of the Let's Encrypt project and the non-profit

organization that develops Certbot? We'd like to send you email about EFF and

our work to encrypt the web, protect its users and defend digital rights.

-------------------------------------------------------------------------------

(Y)es/(N)o: N 굳이 Yes를 할 필요는...


Obtaining a new certificate

Performing the following challenges:

tls-sni-01 challenge for abc.kr

Waiting for verification...

Cleaning up challenges

Created an SSL vhost at /etc/apache2/sites-available/abc.kr-le-ssl.conf

Deploying Certificate for yourdomain.com to VirtualHost /etc/apache2/sites-available/abc.kr-le-ssl.conf

Enabling available site: /etc/apache2/sites-available/abc.kr-le-ssl.conf


3. HTTP 트래픽을 HTTPS로 리디렉션(Redirect HTTP traffic to HTTPS)


Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.

-------------------------------------------------------------------------------

1: No redirect - Make no further changes to the webserver configuration.

2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for

new sites, or if you're confident your site works on HTTPS. You can undo this

change by editing your web server's configuration.

-------------------------------------------------------------------------------

Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2 (2번선택)

Redirecting vhost in /etc/apache2/sites-enabled/abc.kr.conf to ssl vhost in /etc/apache2/sites-available/abc.kr-le-ssl.conf


-------------------------------------------------------------------------------

Congratulations! You have successfully enabled https://abc.kr


4. 그누보드 루트의 config.php 파일 수정

define('G5_DOMAIN', '');

define('G5_HTTPS_DOMAIN', 'https://abc.kr:443');


그리고 소스(예:CDN으로 연결하는 자바스크립트 라이브러리같은)중에 http:// 로 시작하는 것 있으면 https://로 수정

게시판편집기 추가된 이미지도 http:// 는 https://로...


5. SSL 갱신 (Let's Encrypt는 90일만 유지하므로 계속 자동 갱신이 필요)


#crontab -e


아래 라인 추가

0 0 1 * * /usr/bin/letsencrypt renew >> /var/log/letsencrypt-renew.log


크론데몬 재시작

#service cron restart


fb587120de647882b177cb6242bc311f_1536139752_9957.png
 




  • 트위터로 보내기
  • 페이스북으로 보내기
  • 구글플러스로 보내기
  • 카카오톡으로 보내기

페이지 정보

조회 173회 ]  작성일18-09-05 18:29

웹학교