AWS EC2 인스턴스에서 Let's Encrypt 사용
4886 단어 aws
목표
문서
Tutorial: Configure SSL/TLS on Amazon Linux 2
그러나 여기에 있는 설명서의 일부 지침은 오래되었습니다.
전제 조건
절차
EC2 머신에 아파치 설치
Tutorial: Install a LAMP web server on Amazon Linux 2
$ sudo yum update -y
$ sudo yum install -y httpd
$ sudo systemctl start httpd
$ sudo systemctl enable httpd
$ sudo systemctl is-enabled httpd
localhost.crt 생성
$ sudo yum install -y mod_ssl
$ cd /etc/pki/tls/certs
$ sudo ./make-dummy-cert localhost.crt
문서에 그렇게 명시되어 있지만 SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
주석 처리하지 마십시오. 그렇지 않으면 아파치를 실행할 때 오류가 발생합니다(알 수 없는 이유).
실제로 이 localhost.crt가 필요한지 여부를 모르겠습니다.
certbot 설치 및 실행
$ sudo wget -r --no-parent -A 'epel-release-*.rpm' http://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/
$ sudo rpm -Uvh dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/epel-release-*.rpm
$ sudo yum-config-manager --enable epel*
/etc/httpd/conf/httpd.conf
및 Listen 80
뒤에 다음 행을 추가하고 다음을 삽입하십시오.
<VirtualHost *:80>
DocumentRoot "/var/www/html"
ServerName "example.com"
ServerAlias "www.example.com"
</VirtualHost>
아파치를 다시 시작하고 certbot을 설치하고 실행하십시오.
$ sudo systemctl restart httpd
$ sudo yum install -y certbot python2-certbot-apache
$ sudo certbot
약관에 동의합니다.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A
활성화하려는 도메인 이름을 선택합니다.
Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: example.com
2: www.example.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
그런 다음 몇 가지 질문에 답하면 끝입니다!
Congratulations! You have successfully enabled https://example.com and
https://www.example.com
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=example.com
https://www.ssllabs.com/ssltest/analyze.html?d=www.example.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/certbot.oneeyedman.net/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/certbot.oneeyedman.net/privkey.pem
Your cert will expire on 2019-08-01. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
/etc/letsencrypt/live/certbot.oneeyedman.net
에서 인증서, 개인 키 및 체인을 볼 수 있습니다. 이를 Amazon Certificate Manager로 가져와 Elastic Load Balancer에 사용할 수 있습니다.
추신
$ sudo yum update -y
$ sudo yum install -y httpd
$ sudo systemctl start httpd
$ sudo systemctl enable httpd
$ sudo systemctl is-enabled httpd
$ sudo yum install -y mod_ssl
$ cd /etc/pki/tls/certs
$ sudo ./make-dummy-cert localhost.crt
$ sudo wget -r --no-parent -A 'epel-release-*.rpm' http://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/
$ sudo rpm -Uvh dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/epel-release-*.rpm
$ sudo yum-config-manager --enable epel*
<VirtualHost *:80>
DocumentRoot "/var/www/html"
ServerName "example.com"
ServerAlias "www.example.com"
</VirtualHost>
$ sudo systemctl restart httpd
$ sudo yum install -y certbot python2-certbot-apache
$ sudo certbot
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A
Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: example.com
2: www.example.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
Congratulations! You have successfully enabled https://example.com and
https://www.example.com
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=example.com
https://www.ssllabs.com/ssltest/analyze.html?d=www.example.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/certbot.oneeyedman.net/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/certbot.oneeyedman.net/privkey.pem
Your cert will expire on 2019-08-01. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
sudo yum install
와 같이 curl
와 별도로 certbot을 설치하는 다른 방법이 있습니다. 나는 이것에 대한 AWS 문서를 따랐다. curl
를 사용하는 경우에는 Amazon Linux 2의 요구사항에 맞도록 설정을 해야 합니다. Reference
이 문제에 관하여(AWS EC2 인스턴스에서 Let's Encrypt 사용), 우리는 이곳에서 더 많은 자료를 발견하고 링크를 클릭하여 보았다 https://dev.to/greenteabiscuit/using-let-s-encrypt-on-aws-ec2-instance-2aca텍스트를 자유롭게 공유하거나 복사할 수 있습니다.하지만 이 문서의 URL은 참조 URL로 남겨 두십시오.
우수한 개발자 콘텐츠 발견에 전념 (Collection and Share based on the CC Protocol.)