{"id":3177,"date":"2020-04-21T10:33:29","date_gmt":"2020-04-21T01:33:29","guid":{"rendered":"\/blog\/?p=3177"},"modified":"2024-09-27T17:02:20","modified_gmt":"2024-09-27T08:02:20","slug":"letsencryptcertbot-%ec%84%a4%ec%b9%98-%eb%b0%8f-%ec%82%ac%ec%9a%a9","status":"publish","type":"post","link":"https:\/\/hasu0707.duckdns.org\/blog\/?p=3177","title":{"rendered":"letsencrypt(certbot) \uc124\uce58 \ubc0f \uc0ac\uc6a9"},"content":{"rendered":"\n<span style=\"font-family: \ub3cb\uc6c0\uccb4, \uad74\ub9bc\uccb4, \ub098\ub214\uace0\ub515\ucf54\ub529, \uad81\uc11c\uccb4; font-size: 12pt;\">#!\/bin\/bash<br \/>#####################################################################<br \/>#<br \/># Let's Encrypt \uc778\uc99d\uc11c \uc124\uce58 \uc2a4\ud06c\ub9bd\ud2b8<br \/>#<br \/># https:\/\/letsencrypt.org\/ko\/<br \/>#<br \/>#####################################################################<br \/><br \/>#####################################################################<br \/># Let's encrypt\ub85c SSL \uc778\uc99d\uc11c \ubc1b\ub294 4\uac00\uc9c0 \ubc29\ubc95<br \/>#<br \/># \u25a0webroot: \uc0ac\uc774\ud2b8 \ub514\ub809\ud1a0\ub9ac \ub0b4\uc5d0 \uc778\uc99d\uc11c \uc720\ud6a8\uc131\uc744 \ud655\uc778\ud560 \uc218 \uc788\ub294 \ud30c\uc77c\uc744 \uc5c5\ub85c\ub4dc\ud558\uc5ec \uc778\uc99d\uc11c\ub97c \ubc1c\uae09\ud558\ub294 \ubc29\ubc95<br \/># - \uc2e4\uc81c \uc791\ub3d9\ud558\uace0 \uc788\ub294 \uc6f9\uc11c\ubc84\uc758 \ud2b9\uc815 \ub370\ub809\ud1a0\ub9ac\uc758 \ud2b9\uc815 \ud30c\uc77c \uc4f0\uae30 \uc791\uc5c5\uc744 \ud1b5\ud574\uc11c \uc778\uc99d<br \/># - \uc774 \ubc29\uc2dd\uc758 \uc7a5\uc810\uc740 nginx\ub97c \uc911\ub2e8\uc2dc\ud0ac \ud544\uc694\uac00 \uc5c6\uc74c.<br \/># - \uc774 \ubc29\ubc95\uc758 \ub2e8\uc810\uc740 \uc778\uc99d \uba85\ub839\uc5d0 \ud558\ub098\uc758 \ub3c4\uba54\uc778 \uc778\uc99d\uc11c\ub9cc \ubc1c\uae09 \uac00\ub2a5<br \/># \u25a0\uc6f9\uc11c\ubc84<br \/># - Nginx\ub098 \uc544\ud30c\uce58\uc640 \uac19\uc740 \uc6f9\uc11c\ubc84\uc5d0\uc11c \uc9c1\uc811 SSL \uc778\uc99d\uc744 \uc2e4\uc2dc\ud558\uace0 \uc6f9\uc11c\ubc84\uc5d0 \ub9de\ub294 SSL\uc138\ud305\uac12\uc744 \ubd80\uc5ec<br \/># - \ubc1c\uae09\uc774\ub098 \uac31\uc2e0\uc744 \uc704\ud574 \uc6f9\uc11c\ubc84\ub97c \uc911\ub2e8\uc2dc\ud0ac \ud544\uc694\uac00 \uc5c6\uc74c<br \/># - \uc778\uc99d\uc11c \uac31\uc2e0 \uc2dc \uc0c1\ud669\uc5d0 \ub9de\uac8c \uc138\ud305\uc744 \uc790\ub3d9\uc73c\ub85c \uc5c5\ub370\uc774\ud2b8<br \/># - \uc0ac\uc6a9\uc790\uac00 \uc138\ud305\uc744 \ubcc0\uacbd\ud560 \uc218 \uc788\uc9c0\ub9cc \uc790\ub3d9 \uc5c5\ub370\uc774\ud2b8 \uc2dc \ubc18\uc601\ub418\uc9c0\ub294 \uc54a\uc74c<br \/># \u25a0standalone: \uc0ac\uc774\ud2b8 \uc791\ub3d9\uc744 \uba48\ucd94\uace0 \uc774 \uc0ac\uc774\ud2b8\uc758 \ub124\ud06c\uc6cc\ud0b9\uc744 \uc774\uc6a9\ud574 \uc0ac\uc774\ud2b8 \uc720\ud6a8\uc131\uc744 \ud655\uc778\ud574 Let&rsquo;s Encrypt SSL \uc778\uc99d\uc11c\ub97c \ubc1c\uae09\ud558\ub294 \ubc29\uc2dd<br \/># - 80\ud3ec\ud2b8\ub85c \uac00\uc0c1 staandalone \uc6f9\uc11c\ubc84\ub97c \ub744\uc6cc \uc778\uc99d\uc11c\ub97c \ubc1c\uae09<br \/># - \uc774 \ubc29\uc2dd\uc740 \ub3d9\uc2dc\uc5d0 \uc5ec\ub7ec \ub3c4\uba54\uc778\uc744 \ubc1c\uae09 \ubc1b\uc744 \uc218 \uc788\uc74c<br \/># - \uadf8\ub807\uc9c0\ub9cc \uc778\uc99d\uc11c \ubc1c\uae09 \uc804\uc5d0 Nginx\ub97c \uc911\ub2e8\ud558\uace0 \ubc1c\uae09 \uc644\ub8cc \ud6c4 \ub2e4\uc2dc Nginx\ub97c \uc2dc\uc791\ud574\uc57c \ud568<br \/># \u25a0DNS: \ub3c4\uba54\uc778\uc744 \ucffc\ub9ac\ud574 \ud655\uc778\ub418\ub294 TXT \ub808\ucf54\ub4dc\ub85c \uc0ac\uc774\ud2b8 \uc720\ud6a8\uc131\uc744 \ud655\uc778\ud558\ub294 \ubc29\ubc95<br \/># - \uc640\uc77c\ub4dc \uce74\ub4dc \ubc29\uc2dd\uc73c\ub85c \uc778\uc99d\uc11c\ub97c \ubc1c\uae09 \uac00\ub2a5<br \/># - \uc774 \ubc29\ubc95\uc740 \ub2f9\uc5f0\ud558\uac8c\ub3c4 \uc11c\ubc84 \uad00\ub9ac\uc790\uac00 \ub3c4\uba54\uc778 DNS\ub97c \uad00\ub9ac\/\uc218\uc815\ud560 \uc218 \uc788\uc5b4\uc57c \ud558\uba70<br \/># - \uc778\uc99d\uc11c \uac31\uc2e0 \uc2dc\ub9c8\ub2e4 DNS\uc5d0\uc11c TXT\uac12\uc744 \ubcc0\uacbd\ud574\uc57c \ud558\ubbc0\ub85c<br \/># - \uc678\ubd80\uc5d0\uc11c TXT \ub808\ucf54\ub4dc\ub97c \uc785\ub825\ud560 \uc218 \uc788\ub3c4\ub85d DNS\uac00 API\ub97c \uc81c\uacf5\ud558\ub294 \uacbd\uc6b0\ub9cc \uac31\uc2e0 \uacfc\uc815\uc744 \uc790\ub3d9\uc73c\ub85c \ucc98\ub9ac(\ud074\ub77c\uc6b0\ub4dc \ud50c\ub808\uc5b4 API\uac00 \ub300\ud45c\uc801\uc778 \uc0ac\ub840)<br \/>#####################################################################<br \/><br \/>MY_DOMAIN=\"esvali.com\"<br \/>MY_EMAIL=\"esecuvali@gmail.com\"<br \/>MY_DOMAIN_LIST=\"${MY_DOMAIN},www.${MY_DOMAIN},imap.${MY_DOMAIN},smtp.${MY_DOMAIN},tech.${MY_DOMAIN},mail.${MY_DOMAIN},pop.${MY_DOMAIN}\"<br \/><br \/>#####################################################################<br \/># \uad00\ub828 \ud328\ud0a4\uc9c0\ub97c \uc124\uce58 \ud55c\ub2e4.<br \/>#####################################################################<br \/>function install_centos() {<br \/>&nbsp; yum -y install yum-utils epel-release<br \/>&nbsp; yum -y install python-pip<br \/>&nbsp; # pip install --upgrade pip<br \/>&nbsp; # pip install cryptography --upgrade<br \/>&nbsp; # pip install pyopenssl<br \/>&nbsp; yum -y install certbot python2-certbot-apache mod_ssl<br \/>}<br \/><br \/>#####################################################################<br \/># \uc778\uc99d\uc11c\ub97c \ubc1c\uae09\ud55c\ub2e4.<br \/>#<br \/># certonly: \uc6f9\uc11c\ubc84\uc758 \uc124\uc815\ud30c\uc77c\uc740 \uac74\ub4e4\uc9c0 \uc54a\uace0 \uc778\uc99d\uc11c\ub9cc \ubc1c\uae09\ud55c\ub2e4.<br \/># --standalone: \uc790\uccb4 \uc6f9\uc11c\ubc84\ub85c \ub3c4\uba54\uc778\uc5d0 \ub300\ud55c \uc778\uc99d\uc744 \ud55c\ub2e4.<br \/># -d: \uc0ac\uc6a9\ud560 \ub3c4\uba54\uc778\uc744 \ub098\uc5f4\ud55c\ub2e4.<br \/>#<br \/># \uc124\uce58\ub41c \uc778\uc99d\uc11c\ub294 \/etc\/letsencrypt\/archive\/${MY_DOMAIN}\uc5d0 \uc124\uce58\ub418\uace0<br \/># \/etc\/letsencrypt\/live\/${MY_DOMAIN}\uc73c\ub85c \uc778\ub371\uc2f1 \ub41c\ub2e4.<br \/>#####################################################################<br \/>function install_cert() {<br \/>&nbsp; if [ ! -d ebroot ]; then<br \/>&nbsp; &nbsp; mkdir ebroot<br \/>&nbsp; fi<br \/><br \/>&nbsp; # standalone \ubc29\uc2dd\uc740 \uc790\uccb4 80\ud3ec\ud2b8\ub85c \ud1b5\uc2e0\ud558\uae30 \ub54c\ubb38\uc5d0 \uc678\ubd80\uc5d0\uc11c 80 \ud3ec\ud2b8\ub85c \ub4e4\uc5b4\uc62c \uc218 \uc788\uc5b4\uc57c \ud55c\ub2e4.<br \/>&nbsp; systemctl stop httpd<br \/>&nbsp; rm -rf \/etc\/letsencrypt<br \/>&nbsp; rm -rf \/var\/log\/letsencrypt<br \/>&nbsp; certbot \\<br \/>certonly \\<br \/>--standalone \\<br \/>--non-interactive \\<br \/>--agree-tos \\<br \/>--register-unsafely-without-email \\<br \/>-d ${MY_DOMAIN_LIST}<br \/>&nbsp; systemctl start httpd<br \/>}<br \/><br \/>#####################################################################<br \/># config \ud30c\uc77c \uc0dd\uc131<br \/>#####################################################################<br \/>function make_conf() {<br \/>&nbsp; echo \"archive_dir = \/etc\/letsencrypt\/archive\/${MY_DOMAIN}\" &gt; \/etc\/letsencrypt\/renewal\/${MY_DOMAIN}.conf<br \/>&nbsp; echo \"cert = \/etc\/letsencrypt\/live\/${MY_DOMAIN}\/cert.pem\" &gt;&gt; \/etc\/letsencrypt\/renewal\/${MY_DOMAIN}.conf<br \/>&nbsp; echo \"privkey = \/etc\/letsencrypt\/live\/${MY_DOMAIN}\/privkey.pem\" &gt;&gt; \/etc\/letsencrypt\/renewal\/${MY_DOMAIN}.conf<br \/>&nbsp; echo \"chain = \/etc\/letsencrypt\/live\/${MY_DOMAIN}\/chain.pem\" &gt;&gt; \/etc\/letsencrypt\/renewal\/${MY_DOMAIN}.conf<br \/>&nbsp; echo \"fullchain = \/etc\/letsencrypt\/live\/${MY_DOMAIN}\/fullchain.pem\" &gt;&gt; \/etc\/letsencrypt\/renewal\/${MY_DOMAIN}.conf<br \/>}<br \/><br \/>#####################################################################<br \/># \uc778\uc99d\uc11c\ub97c \uc0ad\uc81c\ud55c\ub2e4.<br \/>#####################################################################<br \/>function remove_cert() {<br \/>&nbsp; certbot delete --cert-name \"${MY_DOMAIN}\"<br \/>&nbsp; rm -rf \/var\/log\/letsencrypt\/*<br \/>}<br \/><br \/>#####################################################################<br \/># \uc778\uc99d\uc11c\ub97c \uac31\uc2e0\ud55c\ub2e4.<br \/>#####################################################################<br \/>function renew_cert() {<br \/>&nbsp; RETVAL=$(certbot certificates | grep \"EXPIRED\")<br \/>&nbsp; if [ $? == 0 ]<br \/>&nbsp; then<br \/>&nbsp; &nbsp; certbot --standalone renew<br \/>&nbsp; &nbsp; systemctl reload httpd<br \/>&nbsp; &nbsp; systemctl reload postfix<br \/>&nbsp; &nbsp; systemctl reload dovecot<br \/>&nbsp; else<br \/>&nbsp; &nbsp; echo \"valid\"<br \/>&nbsp; fi<br \/>}<br \/><br \/>#####################################################################<br \/># \ud604\uc7ac \uc124\uce58\ub418\uc5b4 \uc788\ub294 \uc778\uc99d\uc11c\ub97c \ud655\uc778<br \/>#####################################################################<br \/>function view_cert() {<br \/>&nbsp; certbot certificates<br \/>}<br \/><br \/>#####################################################################<br \/># \ud604\uc7ac \uc124\uce58\ub418\uc5b4 \uc788\ub294 \uc778\uc99d\uc11c\uc758 \uc815\uc0c1\uc5ec\ubd80 \ud655\uc778<br \/>#####################################################################<br \/>function test_cert() {<br \/>&nbsp; certbot renew -dry-run<br \/>}<br \/><br \/>#####################################################################<br \/># main<br \/>#####################################################################<br \/>case \"$1\" in<br \/>&nbsp; install)<br \/>&nbsp; &nbsp; remove_cert<br \/>&nbsp; &nbsp; make_conf<br \/>&nbsp; &nbsp; install_cert<br \/>&nbsp; &nbsp; ;;<br \/>&nbsp; remove)<br \/>&nbsp; &nbsp; remove_cert<br \/>&nbsp; &nbsp; ;;<br \/>&nbsp; renew)<br \/>&nbsp; &nbsp; renew_cert<br \/>&nbsp; &nbsp; ;;<br \/>&nbsp; view)<br \/>&nbsp; &nbsp; view_cert<br \/>&nbsp; &nbsp; test_cert<br \/>&nbsp; &nbsp; ;;<br \/>&nbsp; yum)<br \/>&nbsp; &nbsp; install_centos<br \/>&nbsp; &nbsp; ;;<br \/>&nbsp; *)<br \/>&nbsp; &nbsp; echo \"Usage: $0 install|remove|renew|view|yum\" &gt;&amp;2<br \/>&nbsp; &nbsp; exit 1<br \/>&nbsp; &nbsp; ;;<br \/>esac<\/span>\n","protected":false},"excerpt":{"rendered":"<p>#!\/bin\/bash####################################################################### Let&#8217;s Encrypt \uc778\uc99d\uc11c \uc124\uce58 \uc2a4\ud06c\ub9bd\ud2b8## https:\/\/letsencrypt.org\/ko\/###################################################################### ###################################################################### Let&#8217;s encrypt\ub85c SSL \uc778\uc99d\uc11c \ubc1b\ub294 4\uac00\uc9c0 \ubc29\ubc95## \u25a0webroot: \uc0ac\uc774\ud2b8 \ub514\ub809\ud1a0\ub9ac \ub0b4\uc5d0 \uc778\uc99d\uc11c \uc720\ud6a8\uc131\uc744 \ud655\uc778\ud560 \uc218 \uc788\ub294 \ud30c\uc77c\uc744 \uc5c5\ub85c\ub4dc\ud558\uc5ec \uc778\uc99d\uc11c\ub97c \ubc1c\uae09\ud558\ub294 \ubc29\ubc95# &#8211; \uc2e4\uc81c \uc791\ub3d9\ud558\uace0 \uc788\ub294 \uc6f9\uc11c\ubc84\uc758 \ud2b9\uc815 \ub370\ub809\ud1a0\ub9ac\uc758 \ud2b9\uc815 \ud30c\uc77c \uc4f0\uae30 \uc791\uc5c5\uc744 \ud1b5\ud574\uc11c \uc778\uc99d# &#8211; \uc774 \ubc29\uc2dd\uc758 \uc7a5\uc810\uc740 nginx\ub97c \uc911\ub2e8\uc2dc\ud0ac \ud544\uc694\uac00 \uc5c6\uc74c.# &#8211; \uc774 \ubc29\ubc95\uc758 \ub2e8\uc810\uc740 \uc778\uc99d [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_import_markdown_pro_load_document_selector":0,"_import_markdown_pro_submit_text_textarea":"","site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"set","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[12],"tags":[],"class_list":["post-3177","post","type-post","status-publish","format-standard","hentry","category-computing_security"],"_links":{"self":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/posts\/3177","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3177"}],"version-history":[{"count":0,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/posts\/3177\/revisions"}],"wp:attachment":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3177"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3177"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3177"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}