SSL \uc778\uc99d\uc11c\ub294 \uc11c\ubc84\uac00 \ub3cc\uc544\uac00\ub294 \ub3c4\uba54\uc778 \ubcc4\ub85c \ubc1b\ub294 \uac83\uc774 \uc6d0\uce59\uc774\uae30 \ub54c\ubb38\uc5d0, \uc678\ubd80\ub85c \ub178\ucd9c\ub41c \uc11c\ube44\uc2a4\ub97c \uc81c\uacf5\ud558\ub294 \uc11c\ubc84 ( Docker, Jail, etc… ) \uac00 \uc5ec\ub7ec\uac1c \ub77c\uba74, \uac01\uac01 \ub530\ub85c \uc778\uc99d\uc11c\ub97c \ubc1b\uc544\uc57c \ud55c\ub2e4. \ud558\uc9c0\ub9cc \ub9ac\ubc84\uc2a4 \ud504\ub85d\uc2dc \uc11c\ubc84\ub97c \uc6b4\uc6a9\ud558\uace0 \uc788\ub2e4\uba74 \uc544\uc8fc \uac04\ud3b8\ud558\uac8c \uc778\uc99d\uc11c\ub97c \ud55c\ubc88\uc5d0 \ubab0\uc544\uc11c \uad00\ub9ac\ud560 \uc218 \uc788\ub2e4.<\/p>\n\n\n\n
\ubb34\ub8cc\ub85c \uc778\uc99d\uc11c\ub97c \ubc1b\uc744 \uc218 \uc788\ub294 Let’s Encrypt \ub97c \uc774\uc6a9\ud55c\ub2e4. \uace0\ub9d9\uac8c\ub3c4 \uc124\uc815 \ud234\uae4c\uc9c0 \ubc30\ud3ec\ud558\uace0 \uc788\uae30 \ub54c\ubb38\uc5d0 HTTP \ub85c \uc815\uc0c1\uc801\uc73c\ub85c \ub3d9\uc791\ud558\uac8c \uc124\uc815\ub418\uc5b4 \uc788\uc73c\uba74, \uc190\uc27d\uac8c \uc778\uc99d\uc11c\ub97c \ubc1c\uae09\ubc1b\uace0 \uc801\uc6a9 \ud560 \uc218 \uc788\ub2e4.<\/p>\n\n\n\n
shell> pkg install certbot\nshell> pkg install py39-certbot<\/code><\/pre>\n\n\n\ncertbot \uc744 \uc124\uce58\ud55c\ub2e4. \ub9cc\uc57d \uc548\ub41c\ub2e4\uba74..<\/p>\n\n\n\n
shell> pkg search certbot\npy39-certbot-2.8.0,1 Let's Encrypt client\npy39-certbot-apache-2.8.0 Apache plugin for Certbot\n....<\/code><\/pre>\n\n\n\n\ud328\ud0a4\uc9c0 \uac80\uc0c9\ud574\uc11c \uc124\uce58\ud55c\ub2e4.<\/p>\n\n\n\n
certbot \uc2e4\ud589<\/h4>\n\n\n\n
certbot \uc744 \uc2e4\ud589\ud558\uba74 \ubaa8\ub4e0 \uac83\uc744 \uc790\ub3d9\uc73c\ub85c \ud574 \uc900\ub2e4. \ubb54\uac00 \uc798\ubabb\ub418\uc9c0\ub9cc \uc54a\uc558\ub2e4\uba74… certbot \uc740 utf-8 \ub9cc \uc77d\uc744 \uc218 \uc788\uc73c\ubbc0\ub85c, conf \ud30c\uc77c \ub0b4\uc5d0 \ud55c\uae00\ub85c \uc8fc\uc11d\uc744 \uc4f0\uace0 ASCII \ub85c \uc800\uc7a5\ud558\uba74 \uc548\ub41c\ub2e4.<\/p>\n\n\n\n
shell> certbot --nginx\nSaving debug log to \/var\/log\/letsencrypt\/letsencrypt.log\n\nWhich names would you like to activate HTTPS for?\nWe recommend selecting either all domains, or all domains in a VirtualHost\/server block.\n\n-----------------------------------------------------------------------------------------\n1: blog.gerd.kr\n2: cloud.gerd.kr\n3: git.gerd.kr\n-----------------------------------------------------------------------------------------\nSelect the appropriate numbers separated by commas and\/or spaces, or leave input\nblank to select all options shown (Enter 'c' to cancel):<\/strong><\/code><\/pre>\n\n\n\n\uc5d4\ud130 \uce58\uba74 \uc9c0\uac00 \uc54c\uc544\uc11c \ub2e4 \ud574\uc900\ub2e4. \uadf8\ub9ac\uace0 \uc78a\uc9c0\ub9d0\uace0 nginx \ub97c \uc7ac\uc2dc\uc791\ud55c\ub2e4.<\/p>\n\n\n\n
shell> service nginx restart<\/code><\/pre>\n\n\n\n\uc778\uc99d\uc11c \uac31\uc2e0 \uc790\ub3d9\ud654<\/h4>\n\n\n\n
Let’s Encrypt \uc778\uc99d\uc11c\ub294 3\ub2ec\uac04\ub9cc \uc720\ud6a8\ud558\uae30 \ub54c\ubb38\uc5d0, \uc8fc\uae30\uc801\uc73c\ub85c \uac31\uc2e0\ud574 \uc918\uc57c \ud55c\ub2e4. crontab \uc744 \uc774\uc6a9\ud574\uc11c \uc790\ub3d9\ud654\ud55c\ub2e4. <\/p>\n\n\n\n
shell> crontab -e<\/code><\/pre>\n\n\n\nvi \uc5d0\ub514\ud130\uac00 \uc5f4\ub9b0\ub2e4. \uc5ec\uae30\uc5d0 \ubb38\ubc95\uc5d0 \ub9de\ucdb0 \ub123\ub294\ub2e4. \ubd84, \uc2dc, \uc77c, \uc6d4, \uc694\uc77c \uc21c\uc774\ub2e4. \ub098\ub294 \ub9e4\uc6d4 23\uc77c \uc624\uc804 4\uc2dc\uc5d0 “certbot renew” \ub97c \uc2e4\ud589\ud558\uace0 nginx \ub97c \uc7ac\uc2dc\uc791 \ud558\ub3c4\ub85d \uc124\uc815\ud588\ub2e4.<\/p>\n\n\n\n
0 4 23 * * certbot renew --renew-hook=\"service nginx restart\"\n<\/code><\/pre>\n\n\n\n\uc218\uc815\uc774 \uc644\ub8cc\ub418\uba74 ESC -> : -> wq \ub85c \uc800\uc7a5\ud55c\ub2e4.<\/p>\n\n\n\n
\uc791\uc131\ud55c \uba85\ub839\uc744 \ud655\uc778\ud558\ub824\uba74 -l \uc635\uc158\uc744 \uc0ac\uc6a9\ud55c\ub2e4.<\/p>\n\n\n\n
shell> crontab -l\n0 4 24 * * certbot renew --renew-hook=\"service nginx restart\"\n<\/code><\/pre>\n\n\n\n\ud655\uc778<\/h4>\n\n\n\n
\uc778\uc99d\uc11c \uc801\uc6a9\uc774 \ub05d\ub0ac\ub2e4. \uc811\uc18d\ud574 \ubcf4\uba74… \uc544\ub9c8 \uac1c\ud310\uc774 \ub0ac\uc744 \uac70\ub2e4. certbot \uc740 \uc6d0\ub798 \uc788\ub358 HTTP \uc811\uc18d\uc744 HTTPS \ub85c \uac15\uc81c\ub85c \ub118\uaca8\ubc84\ub9ac\ub3c4\ub85d \uc124\uc815 \ud30c\uc77c\uc744 \ubc14\uafd4\ubc84\ub9b0\ub2e4. <\/p>\n\n\n\n
\ub300\ubd80\ubd84\uc758 \uc6f9 \uc11c\ube44\uc2a4\ub294 HTTPS \uc124\uc815\uc744 \ub530\ub85c \ud574 \uc918\uc57c \ud55c\ub2e4. \ud2b9\ud788 \uc6cc\ub4dc\ud504\ub808\uc2a4 \uac19\uc740 \uac70… \uadf8\uac70 \uc124\uc815\uc774 \uc880 \ube61\uce5c\ub2e4. \ubb38\uc81c\uac00 \uc0dd\uae30\uba74, ReverseProxy \uc758 \uc124\uc815\ud30c\uc77c\uc744 \ud3b8\uc9d1\ud574\uc11c HTTP \uc811\uc18d\uc744 \uc0b4\ub9ac\uace0, \uac01 \uc6f9\uc11c\ube44\uc2a4 \uc124\uc815\uc744 \uba3c\uc800 \ud558\ub294 \uac83\uc774 \uc88b\ub2e4. \ubd88\uac00\ud53c\ud558\uac8c \uba3c\uc800 HTTPS \uc124\uc815\uc774 \ub418\uc5b4 \uc788\ub2e4\uba74 \ub0b4\ubd80 IP \ub97c \uc774\uc6a9\ud574 HTTP \ub85c \uc124\uce58\ub97c \ud574\uc57c \ud55c\ub2e4. \uc794\uba38\ub9ac \uad74\ub9b0\ub2f5\uc2dc\uace0 HTTPS \ub97c \uba3c\uc800 \uc124\uc815\ud55c \ub2e4\uc74c \uc124\uce58\ud558\uba74 \uc544\uc608 \uc124\uce58\uac00 \uc81c\ub300\ub85c \uc548 \ub41c\ub2e4. \uc874\ub098 \uc0bd\uc9c8… <\/p>\n\n\n\n
\uadf8\ub798\ub3c4 \ud55c\ubc88\ub9cc \uc81c\ub300\ub85c \ud558\uba74 \ub418\ub2c8\uae4c, \uac04\ubc14\ub808\ub2e4.<\/p>\n","protected":false},"excerpt":{"rendered":"
SSL \uc778\uc99d\uc11c\ub294 \uc11c\ubc84\uac00 \ub3cc\uc544\uac00\ub294 \ub3c4\uba54\uc778 \ubcc4\ub85c \ubc1b\ub294 \uac83\uc774 \uc6d0\uce59\uc774\uae30 \ub54c\ubb38\uc5d0, \uc678\ubd80\ub85c \ub178\ucd9c\ub41c \uc11c\ube44\uc2a4\ub97c \uc81c\uacf5\ud558\ub294 \uc11c\ubc84 ( Docker, Jail, etc… ) \uac00 \uc5ec\ub7ec\uac1c \ub77c\uba74, \uac01\uac01 \ub530\ub85c \uc778\uc99d\uc11c\ub97c \ubc1b\uc544\uc57c \ud55c\ub2e4. \ud558\uc9c0\ub9cc \ub9ac\ubc84\uc2a4 \ud504\ub85d\uc2dc \uc11c\ubc84\ub97c \uc6b4\uc6a9\ud558\uace0 \uc788\ub2e4\uba74 \uc544\uc8fc \uac04\ud3b8\ud558\uac8c \uc778\uc99d\uc11c\ub97c \ud55c\ubc88\uc5d0 \ubab0\uc544\uc11c \uad00\ub9ac\ud560 \uc218 \uc788\ub2e4. \ubb34\ub8cc\ub85c \uc778\uc99d\uc11c\ub97c \ubc1b\uc744 \uc218 \uc788\ub294 Let’s Encrypt \ub97c \uc774\uc6a9\ud55c\ub2e4. \uace0\ub9d9\uac8c\ub3c4 \uc124\uc815 \ud234\uae4c\uc9c0 \ubc30\ud3ec\ud558\uace0 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[28,23,27,24,8,29,26],"class_list":["post-5","post","type-post","status-publish","format-standard","hentry","category-truenas","tag-certbot","tag-https","tag-reverseproxy","tag-ssl","tag-truenas","tag-29","tag-26"],"_links":{"self":[{"href":"https:\/\/blog.gerd.kr\/index.php?rest_route=\/wp\/v2\/posts\/5","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.gerd.kr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.gerd.kr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.gerd.kr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.gerd.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5"}],"version-history":[{"count":21,"href":"https:\/\/blog.gerd.kr\/index.php?rest_route=\/wp\/v2\/posts\/5\/revisions"}],"predecessor-version":[{"id":120,"href":"https:\/\/blog.gerd.kr\/index.php?rest_route=\/wp\/v2\/posts\/5\/revisions\/120"}],"wp:attachment":[{"href":"https:\/\/blog.gerd.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.gerd.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.gerd.kr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}