Ubuntu 22.04 - 무료 SSL 인증서 - Letsencrypt 발급 받기

https://ryans-note.tistory.com/39

Centos S9 - 무료 SSL 인증서 - Letsencrypt 발급 받기

 

위 글과 동일하게 우분투 22.04 버전의 세팅방법입니다.

이 글에서는 하위도메인 세팅만 해보겠습니다.

전체 도메인 세팅 방법은 위 글을 참고로 certbot 명령을 동일하게 하시면 됩니다.

 

*. 도메인에서 IP 설정이 되어 있어야 합니다.

*. AWS를 사용한다면 보안 정책에 80,443 포트 허용을 해주어야 합니다.

#전체 업데이트 및 불필요한 것 제거
sudo apt update
sudo apt upgrade
sudo apt autoremove

#Certbot 설치
apt -y install certbot

#하위 도메인 인증서 설치
certbot certonly --standalone -d mail2.mydomain.com

중간에 관리자 이메일을 입력하고 동의여부 Y를 입력하면 됩니다.

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel): admin@mydomain.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y
Account registered.
Requesting a certificate for mail2.mydomain.com

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/mail2.mydomain.com/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/mail2.mydomain.com/privkey.pem
This certificate expires on 2023-10-24.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 

인증서 설치 확인

find / -name mail2.mydomain.com

/etc/letsencrypt/archive/mail2.mydomain.com
/etc/letsencrypt/live/mail2.mydomain.com

 

자동 인증서 갱신

vi /etc/crontab

# 매년 3월, 6월, 9월, 12월 1일 오전 2시 00에 인증서를 갱신하라
0 2 1 Mar,Jun,Sep,Dec * /usr/bin/certbot renew

 

아파치용 설정 파일

vi /etc/letsencrypt/options-ssl-apache.conf

# This file contains important security parameters. If you modify this file
# manually, Certbot will be unable to automatically provide future security
# updates. Instead, Certbot will print and log an error message with a path to
# the up-to-date file that you will need to refer to when manually updating
# this file.

SSLEngine on

# Intermediate configuration, tweak to your needs
SSLProtocol             all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder     off

SSLOptions +StrictRequire

# Add vhost name to log entries:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined
LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common

 

도움이 되었다면 공감과 댓글 한번 부탁드립니다.

 

* 참고글

https://www.server-world.info/en/note?os=Ubuntu_20.04&p=ssl&f=2