How to install Let's Encrypt SSL / 무료 인증서

테스트 환경

CentOS 8.4 

VMware

 

 

1. Stand Alone 

      추후 업데이트 예정

 

 

2. webroot

       추후 업데이트 예정

 

3. DNS

3가지 방법중 유일하게 wildcard 인증서 발급가능

Command : certbot certonly -d leeseonjae.n-e.kr -d *.leeseonjae.n-e.kr  -d seonjae.n-e.kr -d *.seonjae.n-e.kr -d --manual --preferred-challenges dns

 

[root@localhost test]# certbot certonly -d *.leeseonjae.n-e.kr -d *.seonjae.n-e.kr -d *.jaeseon.n-e.kr -d *.jaeseonlee.n-e.kr --manual --preferred-challenges dns Saving debug log to /var/log/letsencrypt/letsencrypt.log Requesting a certificate for *.leeseonjae.n-e.kr and 3 more domains   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please deploy a DNS TXT record under the name:   _acme-challenge.jaeseon.n-e.kr.   with the following value:   zXvBcpY9kYtWFBYZBZXuVdTtWjHXJdq9Imq387vpdfE   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Press Enter to Continue   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please deploy a DNS TXT record under the name:   _acme-challenge.jaeseonlee.n-e.kr.   with the following value:   C8IyWBGVL8i0dtIg7jSbbvIHOzVKAma7zyOqab0VKBk   (This must be set up in addition to the previous challenges; do not remove, replace, or undo the previous challenge tasks yet. Note that you might be asked to create multiple distinct TXT records with the same name. This is permitted by DNS standards.)   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Press Enter to Continue   . .  TXT 레코드를 시키는 대로 계속해서 추가  ( 동일한 도메인이 나오면 변경이 아니라 레코드를 추가 해야 한다.  ) .

각각의 레코드를 DNS 서버에 추가한다. 

모든 과정이 완료되면 아래의 메시지와 함께 성공!

Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/leeseonjae.n-e.kr/fullchain.pem Key is saved at:        /etc/letsencrypt/live/leeseonjae.n-e.kr/privkey.pem This certificate expires on 2022-11-16. These files will be updated when the certificate renews.   NEXT STEPS: - This certificate will not be renewed automatically. Autorenewal of --manual certificates requires the use of an authentication hook script (--manual-auth-hook) but one was not provided. To renew this certificate, repeat this same certbot command before the certificate's expiry date.   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - If you like Certbot, please consider supporting our work by: * Donating to ISRG / Let's Encrypt:  https://letsencrypt.org/donate * Donating to EFF:                    https://eff.org/donate-le - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 

위의 과정에서 DNS가 조회가 안되면 실패한다.

 

실패한 후에 동일한 커맨드를 입력하면 성공했던 도메인들을 제외하고

나머지 도메인들만 재인증하게 되며 요구하는 TXT레코드 값이 바뀌게 된다.