Ubuntu 20.04에 무료 TLS/SSL 인증서 설치
Prerequisites
Server Login
Installing Certbot
Auto-Renewal Certbot
소개
TLS/SSL is the standard security technology that works behind the scenes invisibly to the end-user devices to make a secure connection. It creates a protected connection between the user-end and the server-end and authenticates the user’s information to legitimate website owners.
In this guide, we’ll enable encrypted HTTPS on web servers to simplify the process by providing a secure connection. The entire process we’ll use Certbot 자동 갱신 프로세스를 사용하여 Ubuntu 20.04에 NGINX용 무료 SSL 인증서를 설치합니다.전제 조건
To stick with this guide, you need:
서버 로그인
To get a free SSL certificate we need to install Certbot on the server to configure HTTPS with the domain name. Firstly log into the domain IP Address with ssh keys if you don’t know how to configure the SSH key setup then you can follow thisHow To Set Up SSH Keys 보안 셸 연결을 이해하는 데 도움이 될 수 있습니다. 터미널을 열고 다음 명령을 작성하십시오.
ssh -i ‘here put your ssh key location’ host_name@vlaue
예시
ssh -i ‘/home/.ssh/’ cheems@199.180.130.80
내 서버 이름을 가정합니다: cheems 및 값은 199.180.130.80입니다.
Certbot 설치
To get an SSL certificate on the domain we’ll need to install the Certbot by hitting a simple command on the terminal to make sure you are logged in the server. Then run this command
sudo snap install --classic certbot
This command will install the certbot program in the server now need to execute this command
sudo certbot --nginx
After hitting this you will see those outputs
Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: cheems
2: www.cheems
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
You can select multiple domain by adding a space between numbers like 1 2 and then hit enter
Then you’ll see outputs like this
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for cheems
http-01 challenge for www.cheems
Enabled Apache rewrite module
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/apache2/sites-available/cheems-le-ssl.conf
Enabled Apache socache_shmcb module
Enabled Apache ssl module
Deploying Certificate to VirtualHost /etc/apache2/sites-available/cheems-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/cheems-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/cheems-le-ssl.conf
Now next part is the redirection setup. When a request comes into your domain will automatically redirect to the HTTPS address of your domain address. So Always select 2 to enable this redirection setup
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
After this, the installation and the setup configuration is done and it’ll show an output like this
Congratulations! You have successfully enabled https://cheems and
https://www.cheems
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=cheems
https://www.ssllabs.com/ssltest/analyze.html?d=www.cheems
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/cheems/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/cheems/privkey.pem
Your cert will expire on 2022-01-25. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
Congratulations if you are still up and running to install and configure but this free version of SSL is only valid for three months so it’s a huge pain to remember when will the HTTPS certificate expire. No worries there’s a way to make this automatic procedure to reinstall the certificate and renew it before the expiry date.
자동 갱신 Certbot
To make the process in an automatic manner just write down this command
sudo systemctl status certbot.timer
This command will run the certbot scripts twice a day and will automatically renew any SSL certificate. You will see this kind of output
● certbot.timer - Run certbot twice daily
Loaded: loaded (/lib/systemd/system/certbot.timer; enabled; vendor preset: enabled)
Active: active (waiting) since Tue 2022-01-25 17:57:48 UTC; 17h ago
Trigger: Wed 2022-01-25 23:50:31 UTC; 12h left
Triggers: ● certbot.service
Mar 25 17:57:48 fine-turtle systemd[1]: Started Run certbot twice daily.
Now to test the renewal process simply just hit this line
sudo certbot renew --dry-run
If theres no error then all set and ready to go.
Reference
이 문제에 관하여(Ubuntu 20.04에 무료 TLS/SSL 인증서 설치), 우리는 이곳에서 더 많은 자료를 발견하고 링크를 클릭하여 보았다 https://dev.to/sharman/install-free-tlsssl-certificate-on-ubuntu-2004-37oj텍스트를 자유롭게 공유하거나 복사할 수 있습니다.하지만 이 문서의 URL은 참조 URL로 남겨 두십시오.
우수한 개발자 콘텐츠 발견에 전념
(Collection and Share based on the CC Protocol.)
좋은 웹페이지 즐겨찾기
