Let’s Encrypt – 무료 SSL 설치 방법

 

yum install git

git clone https://github.com/letsencrypt/letsencrypt

 

다운로드 받은 폴더로 이동 후 아래 명령을 실행하면 자동으로 설치가 진행 됩니다.

# cd letsencrypt  ( 다운로드폴더 )

 

./letsencrypt-auto –help

— bizadmin.co.kr 을 도메인에 맞게 수정 한다.

./certbot-auto certonly –manual -d “*.bizadmin.co.kr” -d bizadmin.co.kr  –preferred-challenges dns-01 –server https://acme-v02.api.letsencrypt.org/directory

 

— 아파치 설정 변경

cd /etc/httpd/conf

<VirtualHost *:443>
DocumentRoot “/home/bizadmin”
ServerName bizadmin.co.kr
ServerAlias www.bizadmin.co.kr
ErrorLog “logs/bizadmin.co.kr-error.log”
CustomLog “logs/bizadmin.co.kr-access.log” common
<Directory “/home/bizadmin”>
Order allow,deny
Allow from all
AllowOverride ALL
Require all granted
Options Indexes FollowSymLinks
</Directory>

SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/bizadmin.co.kr/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/bizadmin.co.kr/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/bizadmin.co.kr/chain.pem

#SSLProtocol all -SSLv2 -SSLv3
#SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDH$
#SSLHonorCipherOrder on
</VirtualHost>

<VirtualHost *:443>
DocumentRoot “/home/appinventor”
ServerName appinventor
ServerAlias aia.bizadmin.co.kr
ErrorLog “logs/aia.bizadmin.co.kr-error.log”
CustomLog “logs/aia.bizadmin.co.kr-access.log” common
<Directory “/home/appinventor”>
Order allow,deny
Allow from all
AllowOverride ALL
Require all granted
Options Indexes FollowSymLinks
</Directory>

SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/bizadmin.co.kr/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/bizadmin.co.kr/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/bizadmin.co.kr/chain.pem
</VirtualHost>

– 자동으로  https 사이트로 접속 하기
virtualhost 80번 포트 접속시에 리다이렉트 시키도록 설정 된 부분이 맨 밑에추가

<Location />
RedirectMatch /(.*)$ https://aia.bizadmin.co.kr/$1
</Location>

<Location />
RedirectMatch /(.*)$ https://streetvu.com/$1
</Location>

service httpd restart

SSL 적용 상태 확인 및  체크

https://www.sslshopper.com/ssl-checker.html#hostname=bizadmin.co.kr

인증서 자동 갱신

vi /etc/crontab

10 5 * * 1 root /usr/bin/letsencrypt renew >> /var/log/le-renew.log
15 5 * * 1 root apachectl graceful

## apachectl graceful

 

ssl_적용

Be the first to comment

Leave a Reply

Your email address will not be published.


*