CentOS apache 서버 letsencrypt 인증서 발급/갱신

매번 할때는 어케 되는데, 다시 할라면 자꾸 까먹어서 기록

 

인증서 갱신은 90일마다, 만료 30일 전부터 갱신 가능

 

1. 인증서 발급 전 확인

일단 도메인으로 인증서 발급할 사이트가 조회가 되어야 함 

curl -Ii http://yesplease.ml

HTTP/1.1 200 OK
Date: Thu, 20 Jan 2022 05:13:58 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.33
X-Powered-By: PHP/7.0.33
Link: <http://yesplease.ml/index.php/wp-json/>; rel="https://api.w.org/"
Content-Type: text/html; charset=UTF-8

2. 인증서 발급

certbot --apache -d yesplease.ml

3. apache 재기동 

https rewrite 설정 후 apache 재기동 

# /etc/httpd/conf/httpd.conf 에 추가 

<VirtualHost *:80>
        ServerAdmin email@address.com
        DocumentRoot /var/www/html/wordpress
        ServerName yesplease.ml
        ServerAlias www.yesplease.ml
        ErrorLog /var/log/httpd/tecminttest-error-log
        CustomLog /var/log/httpd/tecminttest-acces-log common
RewriteEngine on
RewriteCond %{SERVER_NAME} =yesplease.ml [OR]
RewriteCond %{SERVER_NAME} =www.yesplease.ml
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

# apache 재기동

systemctl restart httpd

4. 인증서 상태/만료일자 확인 

certbot certificates

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: yesplease.ml
    Serial Number: 385e3a56e282e8a062a3bf24cc4f73057ea
    Key Type: RSA
    Domains: yesplease.ml
    Expiry Date: 2022-04-20 04:16:26+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/yesplease.ml/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/yesplease.ml/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

5. 인증서 갱신

--dry-run 으로 실행해보고 오류 없으면 바로 renew 실행

certbot renew --dry-run

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/yesplease.ml.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org
Account registered.
Simulating renewal of an existing certificate for ncloud-winwin.ga
Performing the following challenges:
http-01 challenge for ncloud-winwin.ga
Waiting for verification...
Cleaning up challenges

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed with reload of apache server; fullchain is
/etc/letsencrypt/live/ncloud-winwin.ga/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations, all simulated renewals succeeded:
  /etc/letsencrypt/live/ncloud-winwin.ga/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

certbot renew

 

끝