[AWS] Lightsail Let’s encrypt 인증서 사용

Lightsail 을 사용 하여 WordPress 를 운영할 경우 Let’s encrypt 인증서를 간편하게 사용 할수 있습니다.

정석적인 방벙으로는 Lightsail 로드밸런서를 붙여도 되지만 가격이 많이 나가기 때문에 추천 하지 않습니다.

 

  • 명령어 형식은 다음과 같습니다. 
  • example.com 에 도메인 넣어 주고 2차 도메인은 -d 옵션을 사용하여 아래와 같이 넣어 줍니다. 
  • /opt/bitnami/letsencrypt/scripts/generate-certificate.sh -m test-user@gmail.com -d example.com -d www.example.com
  • bitnami apache 서비스가 재기동 되기 때문에 별도로 작업을 해줄 필요는 없습니다. 
  • 기본설치된 스크립트
root@ip-172-26-14-40:~# /opt/bitnami/letsencrypt/scripts/generate-certificate.sh -m test-user@gmail.com -d example.com -d www.example.com

This tool will now stop the web server and configure the required SSL certificate. It will also start it again once finished.

When supplying multiple domains, Lego creates a SAN (Subject Alternate Names) certificate which results in only one certificate
under the email "test-user@gmail.com" valid for all domains you entered ("example.com www.example.com").

The first domain in your list ("example.com") will be added as the "CommonName" of the certificate and the rest will be added
as "DNSNames" to the SAN extension  within the certificate

Do you want to continue? [y/n]: y
Unmonitored apache
Syntax OK
/opt/bitnami/apache2/scripts/ctl.sh : httpd stopped
2019/06/24 07:36:11 No key found for account test-user@gmail.com. Generating a P384 key.
2019/06/24 07:36:11 Saved key to /opt/bitnami/letsencrypt/accounts/acme-v02.api.letsencrypt.org/test-user@gmail.com/keys/test-user@gmail.com.key
2019/06/24 07:36:12 Please review the TOS at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
Do you accept the TOS? Y/n
y
2019/06/24 07:36:21 [INFO] acme: Registering account for test-user@gmail.com
!!!! HEADS UP !!!!

                Your account credentials have been saved in your Let's Encrypt
                configuration directory at "/opt/bitnami/letsencrypt/accounts".
                You should make a secure backup of this folder now. This
                configuration directory will also contain certificates and
                private keys obtained from Let's Encrypt so making regular
                backups of this folder is ideal.2019/06/24 07:36:21 [INFO] [example.com, www.example.com] acme: Obtaining bundled SAN certificate
2019/06/24 07:36:22 [INFO] [example.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/iDs2het-u8P9UW7tnlyReFHM8VmVhx5NNy0zqBCW5cQ
2019/06/24 07:36:22 [INFO] [www.example.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/E_aGWBPUekKDlXKKhZr7fZCWcv5M9938J35vgsdKXRE
2019/06/24 07:36:22 [INFO] [example.com] acme: use tls-alpn-01 solver
2019/06/24 07:36:22 [INFO] [www.example.com] acme: use tls-alpn-01 solver
2019/06/24 07:36:22 [INFO] [example.com] acme: Trying to solve TLS-ALPN-01
2019/06/24 07:36:28 [INFO] [example.com] The server validated our request
2019/06/24 07:36:28 [INFO] [www.example.com] acme: Trying to solve TLS-ALPN-01
2019/06/24 07:36:35 [INFO] [www.example.com] The server validated our request
2019/06/24 07:36:35 [INFO] [example.com, www.example.com] acme: Validations succeeded; requesting certificates
2019/06/24 07:36:36 [INFO] [example.com] Server responded with a certificate.
Syntax OK
/opt/bitnami/apache2/scripts/ctl.sh : httpd started at port 80
Monitored apache

Congratulations, the generation and configuration of your SSL certificate finished properly.

You can now configure a cronjob to renew it every month.

Do you want to proceed? [y/n]: y
root@ip-172-26-14-40:~#

root@ip-172-26-14-40:~$ crontab -l
0 0 1 * * sudo /opt/bitnami/letsencrypt/lego --path="/opt/bitnami/letsencrypt" --tls --email="test-user@gmail.com"  --domains=example.com --domains=www.example.com renew && sudo /opt/bitnami/apache2/bin/httpd -f /opt/bitnami/apache2/conf/httpd.conf -k graceful
root@ip-172-26-14-40:~$

 

  • web site 확인

댓글 남기기