Eve - NG HTTPS 로 접근

문제.
정상적으로 Let 's Encrypt 에서 SSL 인증 서 를 신청 할 수 있 습 니 다.이브 NG 홈 페이지 에 관련 튜 토리 얼 이 있 습 니 다.http://www.eve-ng.net/documentation/howto-s/82-howto-enable-letsencrypt-on-eve-2
그러나 80 과 443 포트 가 봉 인 된 이유 로 잘못 보 고 될 수 있다.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: xxx.com
   Type:   connection
   Detail: Fetching
   http://xxx.com/.well-known/acme-challenge/FNqnQqFIpQiqy_PcuIOD6vegvFc0W4F1aMGkmjbf51k:
   Timeout during connect (likely firewall problem)

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.

다른 방법 을 찾 아 봐 야 겠 어.
순서

sudo add-apt-repository -y ppa:certbot/certbot
sudo apt-get update
sudo apt-get install certbot 
sudo certbot certonly --manual --preferred-challenge dns -d xxx.com

제시 절차 에 따라 가 려 면 txt record 를 설정 해 야 합 니 다.Google 은 txt record 가 유효 하 는 지 확인 할 수 있 는 도구 가 있 습 니 다.https://toolbox.googleapps.com/apps/dig/
성공 하면 알림 메시지 가 나 옵 니 다.

Press Enter to Continue
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/eve-ng.xxx.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/eve-ng.xxx.com/privkey.pem
   Your cert will expire on 2018-12-12. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

여기 에는 4 개의 pem 파일 이 생 성 되 지만 fullchain. pem 과 prickey. pem 만 사용 하면 됩 니 다.
다음 명령 을 실행 합 니 다.

cat << EOF > /etc/apache2/sites-enabled/default-ssl.conf

다음 내용 을 입력 하 십시오. SSLCertificateFile 과 SSLCertificateKeyFile 경 로 를 바 꿔 야 합 니 다.

    
        ServerAdmin webmaster@localhost
        DocumentRoot /opt/unetlab/html/
        ErrorLog /opt/unetlab/data/Logs/ssl-error.log
        CustomLog /opt/unetlab/data/Logs/ssl-access.log combined
        Alias /Exports /opt/unetlab/data/Exports
        Alias /Logs /opt/unetlab/data/Logs
        SSLEngine on
        SSLCertificateFile    /etc/letsencrypt/live/eve-ng.xxx.com/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/eve-ng.xxx.com/privkey.pem
        
                SSLOptions +StdEnvVars
        
        
                SSLOptions +StdEnvVars
        
        
                Order allow,deny
                Allow from all
                ProxyPass http://127.0.0.1:8080/guacamole/ flushpackets=on
                ProxyPassReverse http://127.0.0.1:8080/guacamole/
        

        
                Order allow,deny
                Allow from all
                ProxyPass ws://127.0.0.1:8080/guacamole/websocket-tunnel
                ProxyPassReverse ws://127.0.0.1:8080/guacamole/websocket-tunnel
        
    

EOF

나중에 아파 치 서비스 다시 시작

/etc/init.d/apache2 restart

참조 링크
https://blog.csdn.net/conghua19/article/details/81433716 http://www.eve-ng.net/documentation/howto-s/82-howto-enable-letsencrypt-on-eve-2