기타

무료 SSL 인증서 + snap + certbot + centos 7

blog.and.kr mysop 2021. 5. 13. 14:36
728x90

최근 certbot으로 무료인증서 발급 방식이 변경되었다.

 

예전 구버젼으로도 받을수는 있는데

최근 버젼은 예전처럼 파일 하나만 받아서 사용할수 없다

 

snap을 통해 certbot을 설치후 사용할 수 있다

 

1. snap 설치

# yum install snap

 

==================================================================================================================================================================
 Package                                  Arch                            Version                                             Repository                     Size
==================================================================================================================================================================
Installing:
 snapd                                    x86_64                          2.49-2.el7                                          epel                           15 M
Installing for dependencies:
 bash-completion                          noarch                          1:2.1-8.el7                                         base                           87 k
 fuse                                     x86_64                          2.9.2-11.el7                                        base                           86 k
 fuse-libs                                x86_64                          2.9.2-11.el7                                        base                           93 k
 libzstd                                  x86_64                          1.4.9-1.el7                                         epel                          338 k
 snap-confine                             x86_64                          2.49-2.el7                                          epel                          2.8 M
 snapd-selinux                            noarch                          2.49-2.el7                                          epel                          393 k
 squashfs-tools                           x86_64                          4.3-0.21.gitaae0aff4.el7                            base                          101 k
 squashfuse                               x86_64                          0.1.102-1.el7                                       epel                           18 k
 squashfuse-libs                          x86_64                          0.1.102-1.el7                                       epel                           24 k
 
Transaction Summary
==================================================================================================================================================================
Install  1 Package (+9 Dependent packages)

Total download size: 19 M

 

대충 이런이런 패키지가 같이 설치된다

 

2. snap 심볼틱 연결

 

# ln -s /var/lib/snapd/snap /snap

 

이렇게 연결을 해줘야 사용할수 있다.

 

3. certbot 설치

 

# snap install --classic certbot

 

classic을 빼면 설치가 안된다......

 

4. certbot 명령어 등록

 

아무위치에서나 certbot을 실행하기 위해

심볼틱으로 등록한다

 

# ln -s /snap/bin/certbot /usr/bin/certbot

 

5. 인증서 발급받기

 

# certbot --apache

 

웹서버 종류에 따라 입맛대로

자세한 설명은 -h를 넣어 살펴보자

 

도메인 목록중에 인증서를 먹여야 하는 번호만 입력후 엔터만 누르면 된다

 

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 7
Cert is due for renewal, auto-renewing...
Renewing an existing certificate for 도메인
Performing the following challenges:
http-01 challenge for 도메인
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/httpd/user.d/vhost.conf
Redirecting vhost in /etc/httpd/user.d/vhost.conf to ssl vhost in /etc/httpd/user.d/vhost.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Your existing certificate has been successfully renewed, and the new certificate
has been installed.

The new certificate covers the following domains: 도메인
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/위치/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/위치/privkey.pem
   Your certificate will expire on 2021-08-11. To obtain a new or
   tweaked version of this certificate in the future, simply run
   certbot again with the "certonly" option. To non-interactively
   renew *all* of your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

 

- 끝 -

 

 

728x90