๐Ÿ ์šฐ๋ถ„ํˆฌ ํ™ˆ ์„œ๋ฒ„ ๊ตฌ์ถ•๊ธฐ - Let's Encrypt ๋ฌด๋ฃŒ ์ธ์ฆ์„œ ๋ฐœ๊ธ‰ ๋ฐ ์ž๋™๊ฐฑ์‹  ์„ค์ •๐Ÿ 

๊น€ํƒœ์›ยท2022๋…„ 2์›” 22์ผ
7
post-thumbnail

๊ฐœ์š”


๋ณธ ์‹œ๋ฆฌ์ฆˆ๋Š” Ubuntu Server 20.04 ๋ฒ„์ „์„ ๊ธฐ์ค€์œผ๋กœ ํ•œ๋‹ค.

์ด๋ฒˆ ํฌ์ŠคํŒ…์—์„œ๋Š” Let's Encrypt ๋ฌด๋ฃŒ ์ธ์ฆ์„œ ๋ฐœ๊ธ‰ ๋ฐ ์ž๋™๊ฐฑ์‹  ์„ค์ • ๊ณผ์ •์„ ๋‹ค๋ฃฐ ์˜ˆ์ •์ด๋‹ค.


1. Let's Encrypt

๋„๋ฉ”์ธ์„ ํ™•๋ณดํ–ˆ์œผ๋ฉด ๊ทธ ๋„๋ฉ”์ธ์— ๋Œ€ํ•œ ๋ณด์•ˆ ์ƒํƒœ๋ฅผ ์ธ์ฆํ•ด์ฃผ๋Š” TLS ์ธ์ฆ์„œ๋ฅผ ๋ฐœ๊ธ‰๋ฐ›์„ ์ˆ˜ ์žˆ๋Š”๋ฐ, ์ด ์ธ์ฆ์„œ๋Š” ์›น์‚ฌ์ดํŠธ์˜ https ์ ‘์†๋ฟ๋งŒ ์•„๋‹ˆ๋ผ ๋ณด์•ˆ์ด ํ•„์š”ํ•œ FTPS, VPN ๋“ฑ์˜ ์—ฌ๋Ÿฌ ๊ฐ€์ง€ ์—ฐ๊ฒฐ์—๋„ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ๋‹ค.

TLS ์ธ์ฆ์„œ๋ฅผ ๋ฐœ๊ธ‰ํ•˜๋Š” ์—ฌ๋Ÿฌ ๊ธฐ๊ด€ ์ค‘์—์„œ Letโ€™s Encrypt๋Š” ๋ฌด๋ฃŒ๋กœ DV(Domain Validation) ์ธ์ฆ์„œ๋ฅผ ๋ฐœ๊ธ‰ํ•ด์ค€๋‹ค.

Letโ€™s Encrypt๋Š” ๊ฒ€์ฆ๋œ ์ธ์ฆ๊ธฐ๊ด€(CA)์œผ๋กœ์„œ, Letโ€™s Encrypt์˜ ์ธ์ฆ์„œ๋Š” ๋ชจ๋“  ์›น ๋ธŒ๋ผ์šฐ์ €์™€ VPN ํด๋ผ์ด์–ธํŠธ ๋“ฑ์—์„œ ์‹ ๋ขฐ ๋œ๋‹ค.

Letโ€™s Encrypt๊ฐ€ ์ธ์ฆ์„œ๋ฅผ ๋ฐœ๊ธ‰ํ•˜๋Š” ๋ฐฉ์‹์—๋Š” ๋„๋ฉ”์ธ๋งŒ ์ด์šฉํ•˜๋Š” ๋ฐฉ์‹, ์šด์˜ ์ค‘์ธ ์›น์‚ฌ์ดํŠธ๋ฅผ ์ด์šฉํ•˜๋Š” ๋ฐฉ์‹, DNS์˜ TXT ๋ ˆ์ฝ”๋“œ๋ฅผ ์ด์šฉํ•˜๋Š” ๋ฐฉ์‹์˜ ์„ธ ๊ฐ€์ง€๊ฐ€ ์žˆ๋‹ค.

์ด ์ค‘์—์„œ DNS์˜ TXT ๋ ˆ์ฝ”๋“œ๋ฅผ ์ด์šฉํ•˜๋Š” ๋ฐฉ์‹์„ ์‚ฌ์šฉํ•˜๋ฉด *.example.com ํ˜•ํƒœ์˜ ์™€์ผ๋“œ์นด๋“œ ์„œ๋ธŒ๋„๋ฉ”์ธ์— ๋Œ€ํ•œ ์ธ์ฆ์„œ๋ฅผ ๋ฐœ๊ธ‰๋ฐ›์„ ์ˆ˜ ์žˆ์–ด์„œ ํ•˜๋‚˜์˜ ์ธ์ฆ์„œ๋กœ ๋ชจ๋“  ์„œ๋ธŒ๋„๋ฉ”์ธ์— ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ๊ฒŒ ๋˜์–ด ํŽธ๋ฆฌํ•˜๋‹ค.

Letโ€™s Encrypt ์ธ์ฆ์„œ์˜ ์œ ํšจ๊ธฐ๊ฐ„์€ 90์ผ์ด๊ณ , ์œ ํšจ๊ธฐ๊ฐ„์ด 30์ผ ๋‚จ์•˜์„ ๋•Œ๋ถ€ํ„ฐ ๊ฐฑ์‹ ํ•  ์ˆ˜ ์žˆ๋‹ค.

์™€์ผ๋“œ์นด๋“œ ์ธ์ฆ์„œ๋Š” ๊ฐฑ์‹ ํ•  ๋•Œ๋งˆ๋‹ค DNS์˜ TXT ๋ ˆ์ฝ”๋“œ๋ฅผ ์ƒˆ๋กœ ์ƒ์„ฑํ•ด์•ผ ํ•˜๋Š”๋ฐ, DNS ๋ ˆ์ฝ”๋“œ๋ฅผ ์™ธ๋ถ€์—์„œ ์ž…๋ ฅํ•  ์ˆ˜ ์žˆ๋„๋ก API๋ฅผ ์ œ๊ณตํ•˜๋Š” DNS ์„œ๋น„์Šค๋ฅผ ์ด์šฉํ•œ๋‹ค๋ฉด ์šฐ๋ถ„ํˆฌ ์„œ๋ฒ„์—์„œ ๋ชจ๋“  ๊ฐฑ์‹  ๊ณผ์ •์„ ์ž๋™์œผ๋กœ ์ฒ˜๋ฆฌํ•  ์ˆ˜ ์žˆ๋‹ค.

Letโ€™s Encrypt์—์„œ ์ถ”์ฒœํ•˜๋Š” ์ธ์ฆ์„œ ๋ฐœ๊ธ‰ ํ”„๋กœ๊ทธ๋žจ์ธ Certbot์€ ์™€์ผ๋“œ์นด๋“œ ์ธ์ฆ์„œ ์ž๋™ ๊ฐฑ์‹ ์„ ์œ„ํ•ด ์—ฌ๋Ÿฌ ๊ฐ€์ง€ DNS ์„œ๋น„์Šค๋ฅผ ํ”Œ๋Ÿฌ๊ทธ์ธ ํ˜•ํƒœ๋กœ ์ง€์›ํ•˜๋Š”๋ฐ, ์—ฌ๊ธฐ์„œ๋Š” CloudFlare์˜ DNS ์„œ๋น„์Šค๋ฅผ ์„ ํƒํ–ˆ๋‹ค.


2. API ์ •๋ณด ์ €์žฅ

CloudFlare์˜ Global API Key๋ฅผ ์‚ฌ์šฉํ•˜๊ธฐ ์œ„ํ•ด์„œ Global API Key ์ •๋ณด๊ฐ€ ๋‹ด๊ธด ํŒŒ์ผ์„ ์šฐ๋ถ„ํˆฌ ์„œ๋ฒ„์— ์ƒ์„ฑํ•˜์ž.

Cloudflare์— ๋กœ๊ทธ์ธ์ด ๋œ ์ƒํƒœ๋ผ๋ฉด Cloudflare API Key ํ™•์ธ ๋งํฌ์— ์ ‘์†ํ•ด Global API Key๋ฅผ ํ™•์ธํ•  ์ˆ˜ ์žˆ๋‹ค.

ํŒŒ์ผ์ด ์œ„์น˜ํ•  ์ž„์˜์˜ ๋””๋ ‰ํ† ๋ฆฌ๋ฅผ ์ƒ์„ฑํ•œ๋‹ค.

sudo mkdir /root/.secrets

์ƒ์„ฑํ•œ ๋””๋ ‰ํ† ๋ฆฌ ์•„๋ž˜์— certbot-cloudflare.ini ๋ผ๋Š” ์ด๋ฆ„์œผ๋กœ Global API Key ์ •๋ณด๊ฐ€ ๋‹ด๊ธธ ํŒŒ์ผ์„ nano ํŽธ์ง‘๊ธฐ๋กœ ์ƒ์„ฑํ•œ๋‹ค. ํŒŒ์ผ ์ด๋ฆ„์€ ์›ํ•˜๋Š” ๋Œ€๋กœ ์ž‘์„ฑํ•˜๋ฉด ๋œ๋‹ค.

dns_cloudflare_email = mail@example.com
dns_cloudflare_api_key = qwertyuiop1234567890

nano ํŽธ์ง‘๊ธฐ๊ฐ€ ์—ด๋ฆฌ๋ฉด ์œ„์˜ ํ˜•์‹์œผ๋กœ ์ž์‹ ์˜ ๊ฐ’์„ ๊ธฐ๋กํ•œ๋‹ค.
mail@example.com์€ CloudFlare์˜ ๋กœ๊ทธ์ธ ID๋กœ ์‚ฌ์šฉํ•˜๋Š” ์ด๋ฉ”์ผ ์ฃผ์†Œ์ด๊ณ , kq70flsb6lcqd8g262c2b673vb73290vkxj2a์€ ์•ž์„œ ํ™•์ธํ•œ Global API Key ๊ฐ’์ด๋‹ค.

ํŽธ์ง‘์„ ๋งˆ์ณค์œผ๋ฉด Ctrlํ‚ค์™€ xํ‚ค๋ฅผ ๋™์‹œ์— ๋ˆŒ๋Ÿฌ์„œ nano ํŽธ์ง‘๊ธฐ๋ฅผ ๋น ์ ธ๋‚˜์˜ค๋ฉด์„œ ์ €์žฅํ•œ๋‹ค.

ํŒŒ์ผ์ด ์œ„์น˜ํ•œ ๋””๋ ‰ํ† ๋ฆฌ์™€ ํŒŒ์ผ์— root ์Šˆํผ์œ ์ €๋งŒ ์ ‘๊ทผํ•  ์ˆ˜ ์žˆ๋„๋ก ๊ถŒํ•œ์„ ์กฐ์ •ํ•œ๋‹ค.

sudo chmod 0700 /root/.secrets
sudo chmod 0400 /root/.secrets/certbot-cloudflare.ini

3. Certbot ์„ค์น˜

Letโ€™s Encrypt๊ฐ€ ์ถ”์ฒœํ•˜๋Š” ์ธ์ฆ์„œ ๋ฐœ๊ธ‰ ํ”„๋กœ๊ทธ๋žจ์ธ Certbot๊ณผ ์™€์ผ๋“œ์นด๋“œ ์ธ์ฆ์„œ ์ž๋™ ๊ฐฑ์‹ ์„ ์œ„ํ•œ CloudFlare ํ”Œ๋Ÿฌ๊ทธ์ธ์„ ์„ค์น˜ํ•œ๋‹ค.

sudo apt update
sudo apt install certbot -y
sudo apt install python3-certbot-dns-cloudflare -y

๋ฐœ๊ธ‰๋œ ์ธ์ฆ์„œ๋ฅผ ์›น ์„œ๋ฒ„์— ์ ์šฉ๊นŒ์ง€ ํ•ด์ฃผ๋Š” python-certbot-nginx, python-certbot-apache ๋“ฑ์˜ ๋ช‡ ๊ฐ€์ง€ ์ข…๋ฅ˜๊ฐ€ ์žˆ๋‹ค. ๊ทธ๋Ÿฐ๋ฐ ์›น ์„œ๋ฒ„์— ์ž๋™์œผ๋กœ ์ ์šฉํ•ด์ฃผ๋Š” ๋‚ด์šฉ์ด ์ผ๋ฅ ์ ์ด๋ผ์„œ ์–ด์ฐจํ”ผ ๋‹ค์‹œ ํŽธ์ง‘ํ•ด์•ผ ํ•˜๋ฏ€๋กœ ์ธ์ฆ์„œ๋งŒ ๋ฐœ๊ธ‰๋ฐ›์•„์„œ ์ง์ ‘ ์ ์šฉํ•˜๋Š” ํŽธ์ด ์˜คํžˆ๋ ค ๊ฐ„ํŽธํ•˜๋‹ค.

์•„๋ž˜ ํ˜•์‹์˜ ๋ช…๋ น์„ ์‹คํ–‰ํ•˜๋ฉด ์™€์ผ๋“œ์นด๋“œ ์ธ์ฆ์„œ๊ฐ€ ๋ฐœ๊ธ‰๋œ๋‹ค.

sudo certbot certonly --dns-cloudflare --preferred-challenges dns-01 --dns-cloudflare-propagation-seconds 20 --dns-cloudflare-credentials /root/.secrets/certbot-cloudflare.ini -d example.com -d *.example.com

certonly: ์ธ์ฆ์„œ๋ฅผ ๋ฐœ๊ธ‰๋ฐ›๊ธฐ๋งŒ ํ•˜๊ณ  ์ ์šฉ์€ ํ•˜์ง€ ์•Š๋Š” ๋ฐฉ์‹
--dns-cloudflare: CloudFlare ํ”Œ๋Ÿฌ๊ทธ์ธ์„ ์‚ฌ์šฉํ•˜๋Š” ๋ชจ๋“œ
--preferred-challenges dns-01: DNS ๋ ˆ์ฝ”๋“œ๋ฅผ ์‚ฌ์šฉํ•ด์„œ ์ธ์ฆ์„œ๋ฅผ ๋ฐœ๊ธ‰๋ฐ›๋Š” ๋ฐฉ์‹
--dns-cloudflare-propagation-seconds 20: CloudFlare์˜ DNS์— TXT ๋ ˆ์ฝ”๋“œ๊ฐ€ ์ƒ์„ฑ๋œ ํ›„ Letโ€™s Encrypt๊ฐ€ ์ด๋ฅผ ํ™•์ธํ•  ๋•Œ๊นŒ์ง€(DNS ๋ ˆ์ฝ”๋“œ๊ฐ€ ๋ฐ˜์˜๋  ๋•Œ๊นŒ์ง€) 20์ดˆ ๋Œ€๊ธฐ
--dns-cloudflare-credentials: ์•ž์„œ ์ƒ์„ฑํ•œ Global API Key ์ •๋ณด ํŒŒ์ผ์˜ ์œ„์น˜
-d: ์ธ์ฆ์„œ๋ฅผ ๋ฐœ๊ธ‰๋ฐ›์„ ๋„๋ฉ”์ธ์„ ์ž…๋ ฅํ•˜๋Š”๋ฐ, www. ๋“ฑ์˜ ์ ‘๋‘์‚ฌ๊ฐ€ ์—†๋Š” ๋ฃจํŠธ ๋„๋ฉ”์ธ example.com๊ณผ ์ ‘๋‘์‚ฌ์— ์™€์ผ๋“œ์นด๋“œ๋ฅผ ์ ์šฉํ•œ *.example.com์„ ๊ฐ๊ฐ ์ž…๋ ฅ

์œ„ ๋ช…๋ น์„ ์‹คํ–‰ํ•˜๋ฉด ์•„๋ž˜์ฒ˜๋Ÿผ ๋ช‡ ๊ฐ€์ง€ ์ •๋ณด๋ฅผ ์ž…๋ ฅํ•˜๋ผ๋Š” ๋ฉ”์‹œ์ง€๊ฐ€ ์ถœ๋ ฅ๋œ๋‹ค.

Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel):
์ด๋ฉ”์ผ ์ฃผ์†Œ๋ฅผ ์ž…๋ ฅํ•œ๋‹ค.

(A)gree/(C)ancel:
์•ฝ๊ด€์— ๋™์˜ํ•˜๊ธฐ ์œ„ํ•ด a๋ฅผ ์ž…๋ ฅํ•œ๋‹ค.

(Y)es/(N)o:
์ •๋ณด ์ด๋ฉ”์ผ ์ˆ˜์‹ ์„ ์›ํ•˜๋ฉด y, ์›ํ•˜์ง€ ์•Š์œผ๋ฉด n์„ ์ž…๋ ฅํ•œ๋‹ค.

์ธ์ฆ์„œ ๋ฐœ๊ธ‰์— ์„ฑ๊ณตํ•˜๋ฉด ์•„๋ž˜์™€ ๊ฐ™์ด /etc/letsencrypt/live/example.com/ ๊ฒฝ๋กœ์— ์ธ์ฆ์„œ๊ฐ€ ์ €์žฅ๋˜์—ˆ๋‹ค๋Š” ๋ฉ”์‹œ์ง€๊ฐ€ ์ถœ๋ ฅ๋œ๋‹ค.

IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/example.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/example.com/privkey.pem

๋ณด๋‹ค ์ž์„ธํ•˜๊ฒŒ๋Š” ์ด 4์ข…๋ฅ˜์˜ ์ธ์ฆ์„œ ํŒŒ์ผ์ด ์ƒ์„ฑ๋˜๋Š”๋ฐ ๊ฐ๊ฐ ๋‹ค์Œ์˜ ์ด๋ฆ„์œผ๋กœ ์ €์žฅ๋œ๋‹ค:

/etc/letsencrypt/live/example.com/cert.pem
/etc/letsencrypt/live/example.com/chain.pem
/etc/letsencrypt/live/example.com/fullchain.pem
/etc/letsencrypt/live/example.com/privkey.pem

Letโ€™s Encrypt ์ธ์ฆ์„œ๋Š” ์œ ํšจ๊ธฐ๊ฐ„์ด 90์ผ์ด๊ณ  ์œ ํšจ๊ธฐ๊ฐ„์ด 30์ผ ๋‚จ์•˜์„ ๋•Œ๋ถ€ํ„ฐ ์ธ์ฆ์„œ๋ฅผ ๊ฐฑ์‹ ํ•  ์ˆ˜ ์žˆ๋Š”๋ฐ, ์šฐ๋ถ„ํˆฌ ์„œ๋ฒ„ 17.10 ์ด์ƒ์˜ ๋ฒ„์ „์—์„œ ์šฐ๋ถ„ํˆฌ ์ €์žฅ์†Œ๋ฅผ ํ†ตํ•ด์„œ Certbot์„ ์„ค์น˜ํ•˜๋ฉด ์šฐ๋ถ„ํˆฌ ์„œ๋ฒ„์˜ ์ž‘์—… ์Šค์ผ€์ค„๋Ÿฌ์— ์ธ์ฆ์„œ ์ž๋™ ๊ฐฑ์‹  ๋ช…๋ น์ด ์ถ”๊ฐ€๋˜๊ธฐ ๋•Œ๋ฌธ์— ์‹ ๊ฒฝ ์“ธ ๊ฒƒ์ด ์—†๋‹ค.

์ธ์ฆ์„œ ์ž๋™ ๊ฐฑ์‹  ์Šค์ผ€์ค„์ด ์ž˜ ์ ์šฉ๋˜์—ˆ๋Š”์ง€ ํ™•์ธํ•˜๋ ค๋ฉด ์•„๋ž˜ ๋ช…๋ น์„ ์‹คํ–‰ํ•˜์ž.

sudo systemctl status certbot.timer

์•„๋ž˜์™€ ๊ฐ™์€ ๊ฒฐ๊ณผ๋ฅผ ํ™•์ธํ•  ์ˆ˜ ์žˆ๋‹ค.

โ— certbot.timer - Run certbot twice daily
     Loaded: loaded (/lib/systemd/system/certbot.timer; enabled; vendor preset: enabled)
     Active: active (waiting) since Mon 2022-02-14 22:52:08 KST; 1 weeks 1 days ago
    Trigger: Wed 2022-02-23 05:11:46 KST; 2h 17min left
   Triggers: โ— certbot.service

Feb 14 22:52:08 ktw-physical systemd[1]: Started Run certbot twice daily.

๋งŒ์ผ ๊ฐฑ์‹  ์ž‘์—…์ด ์ œ๋Œ€๋กœ ์ž‘๋™ํ•˜๋Š”์ง€ ํ™•์ธํ•˜๊ณ  ์‹ถ๋‹ค๋ฉด ์•„๋ž˜ ๋ช…๋ น์„ ์‹คํ–‰ํ•ด ๊ฐฑ์‹  ์‹œ๋ฎฌ๋ ˆ์ด์…˜์„ ์ง„ํ–‰ํ•˜์ž

sudo certbot renew --dry-run

์„ฑ๊ณตํ•˜๋ฉด ์•„๋ž˜์™€ ๊ฐ™์€ ๋ฉ”์‹œ์ง€๊ฐ€ ์ถœ๋ ฅ๋œ๋‹ค.

Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/example.com/fullchain.pem (success)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)

4. Certbot Hook ์„ค์ •

์ธ์ฆ์„œ๊ฐ€ ๊ฐฑ์‹ ๋˜๋ฉด ๊ฐฑ์‹ ๋œ ์ธ์ฆ์„œ๋ฅผ ๋‹ค๋ฅธ ์„œ๋น„์Šค์— ์ ์šฉํ•˜๋Š” ์ผ โ€“ ์˜ˆ๋ฅผ ๋“ค์–ด ์›น์‚ฌ์ดํŠธ๋ฅผ ์šด์˜ ์ค‘์ด๋ผ๋ฉด ์›น ์„œ๋ฒ„๋ฅผ ๋ฆฌ๋กœ๋“œ ํ•˜๋Š” ์ผ, VPN์„ ๊ตฌ์„ฑํ–ˆ๋‹ค๋ฉด VPN์„ ์žฌ์‹คํ–‰ํ•˜๋Š” ์ผ ๋“ฑ์„ ์ถ”๊ฐ€๋กœ ์ฒ˜๋ฆฌํ•ด์•ผ ํ•˜๋Š”๋ฐ, Certbot์˜ Hook ๊ธฐ๋Šฅ์„ ์‚ฌ์šฉํ•˜๋ฉด ์ด๋Ÿฐ ์ถ”๊ฐ€ ์ž‘์—…๋„ ๋ชจ๋‘ ๊ฐ™์ด ์ž๋™ํ™”ํ•  ์ˆ˜ ์žˆ๋‹ค.

์šฐ์„ , ์ธ์ฆ์„œ ๊ฐฑ์‹  ์ดํ›„์˜ ํ›„ํฌ ์ž‘์—…์„ ๊ด€๋ฆฌํ•˜๋Š” ๋””๋ ‰ํ† ๋ฆฌ์ธ /etc/letsencrypt/renewal-hooks/deploy/ ๊ฒฝ๋กœ์— ์ธ์ฆ์„œ๊ฐ€ ๊ฐฑ์‹ ๋˜๋ฉด ์ถ”๊ฐ€๋กœ ์ง„ํ–‰ํ•  ์—ฌ๋Ÿฌ ๊ฐ€์ง€ ๋ช…๋ น์„ ๋ชจ์•„ ๋†“์„ ์Šคํฌ๋ฆฝํŠธ ํŒŒ์ผ์„ nano ํŽธ์ง‘๊ธฐ๋กœ ์ƒ์„ฑํ•œ๋‹ค.

ํŒŒ์ผ ์ด๋ฆ„์€ ์›ํ•˜๋Š” ๋Œ€๋กœ ์ •ํ•˜๋ฉด ๋œ๋‹ค.

sudo nano /etc/letsencrypt/renewal-hooks/deploy/certbot-deploy-hook.sh

์ด ํŒŒ์ผ์— ์ธ์ฆ์„œ๊ฐ€ ๊ฐฑ์‹ ๋˜๋ฉด ์ถ”๊ฐ€๋กœ ์ง„ํ–‰ํ•  ์—ฌ๋Ÿฌ ๊ฐ€์ง€ ๋ช…๋ น์„ ๊ธฐ๋กํ•œ๋‹ค. ์•„๋ž˜ ์˜ˆ์‹œ๋Š” Nginx ์›น ์„œ๋ฒ„๋ฅผ ๋ฆฌ๋กœ๋“œํ•˜๋Š” ๋‚ด์šฉ์ด๋‹ค.

#!/bin/bash
/bin/systemctl reload nginx

์ž์‹ ์—๊ฒŒ ํ•„์š”ํ•œ ๋‚ด์šฉ์„ ์ž‘์„ฑํ•˜๊ณ , Ctrlํ‚ค์™€ xํ‚ค๋ฅผ ๋™์‹œ์— ๋ˆŒ๋Ÿฌ nano ํŽธ์ง‘๊ธฐ๋ฅผ ๋น ์ ธ๋‚˜์˜ค๋ฉด์„œ ์ €์žฅํ•œ๋‹ค.

์ƒ์„ฑํ•œ ํŒŒ์ผ์— ์‹คํ–‰ ๊ถŒํ•œ์„ ๋ถ€์—ฌํ•œ๋‹ค.

sudo chmod u+x /etc/letsencrypt/renewal-hooks/deploy/certbot-deploy-hook.sh

์ด์ œ ์ธ์ฆ์„œ๊ฐ€ ๊ฐฑ์‹ ๋˜๋ฉด certbot-deploy-hook.sh ํŒŒ์ผ์˜ ๋‚ด์šฉ์ด ์ž๋™์œผ๋กœ ์‹คํ–‰๋œ๋‹ค.


๋งˆ์น˜๋ฉฐ

์ด๋ฒˆ ํฌ์ŠคํŒ…์—์„œ๋Š” Let's Encrypt ๋ฌด๋ฃŒ ์ธ์ฆ์„œ ๋ฐœ๊ธ‰ ๋ฐ ์ž๋™๊ฐฑ์‹  ์„ค์ • ๊ณผ์ •์„ ๋‹ค๋ค˜๋‹ค.

๋‹ค์Œ ํฌ์ŠคํŒ…์—์„œ๋Š” Nginx ์„ค์น˜ ๋ฐ ์„ค์ • ๊ณผ์ •์„ ๋‹ค๋ฃฐ ์˜ˆ์ •์ด๋‹ค.

profile
๊ฐœ๋ฐœ์ด ์žฌ๋ฐŒ์–ด์„œ ํ•˜๋Š” Junior Backend Developer

1๊ฐœ์˜ ๋Œ“๊ธ€

comment-user-thumbnail
2022๋…„ 3์›” 1์ผ

์˜ค! ์ด๋ ‡๊ฒŒ ๋””ํ…Œ์ผํ•˜๊ฒŒ ์„ค๋ช… ํ•ด์ฃผ์…”์„œ ์‰ฝ๊ฒŒ ๋”ฐ๋ผํ•ด๋ด…๋‹ˆ๋‹ค ๐Ÿ˜€

๋‹ต๊ธ€ ๋‹ฌ๊ธฐ