Search

์ธ์ฆ์„œ ์„ค์น˜

Let's Encrypt ์ธ์ฆ์„œ ์„ค์น˜

๊ฐœ์š”

Let's Encrypt๋ž€ ๋ฌด๋ฃŒ๋กœ SSL/TLS ์ธ์ฆ์„œ๋ฅผ ๋ฐœ๊ธ‰ํ•ด์ฃผ๋Š” ๋น„์˜๋ฆฌ ์ธ์ฆ ๊ธฐ๊ด€(CA)์ด๋‹ค. Certbot ๋„๊ตฌ๋ฅผ ์‚ฌ์šฉํ•˜๋ฉด ๋ช…๋ น์–ด ๋ช‡ ์ค„๋กœ ์ธ์ฆ์„œ ๋ฐœ๊ธ‰๊ณผ Nginx ์ž๋™ ์„ค์ •๊นŒ์ง€ ํ•œ ๋ฒˆ์— ์ฒ˜๋ฆฌํ•  ์ˆ˜ ์žˆ๋‹ค.
์•ž์„  ์‹ค์Šต์—์„œ ๊ตญ๋ฃฐ.com์„ ๋‚ด ์„œ๋ฒ„์— ์—ฐ๊ฒฐํ–ˆ์–ด์š”. ๊ทธ๋Ÿฐ๋ฐ ์ง€๊ธˆ์€ http://๊ตญ๋ฃฐ.com (HTTP)์œผ๋กœ๋งŒ ์ ‘์†ํ•  ์ˆ˜ ์žˆ์–ด์š”.
์ธ์ฆ์„œ๋ฅผ ์„ค์น˜ํ•˜๋ฉด https://๊ตญ๋ฃฐ.com (HTTPS)์œผ๋กœ ์ ‘์†ํ•  ์ˆ˜ ์žˆ๊ณ , ๋ธŒ๋ผ์šฐ์ €์— ์ž๋ฌผ์‡  ๊ฐ€ ์ƒ๊ฒจ์š”!
HTTPS๊ฐ€ ํ•„์š”ํ•œ ์ด์œ :
โ€ข
๋ฐ์ดํ„ฐ ์•”ํ˜ธํ™” (๋กœ๊ทธ์ธ ์ •๋ณด, ๊ฐœ์ธ์ •๋ณด ๋ณดํ˜ธ)
โ€ข
SEO ์ ์ˆ˜ ํ–ฅ์ƒ (๊ตฌ๊ธ€์ด HTTPS ์‚ฌ์ดํŠธ๋ฅผ ์šฐ์„  ๋…ธ์ถœ)
โ€ข
๋ธŒ๋ผ์šฐ์ € ์ฃผ์†Œ์ฐฝ ์ž๋ฌผ์‡  (์‹ ๋ขฐ๋„ ์ƒ์Šน)
โ€ข
HTTP/2 ์‚ฌ์šฉ ๊ฐ€๋Šฅ (์„ฑ๋Šฅ ํ–ฅ์ƒ)

์ธ์ฆ์„œ ๋ฐœ๊ธ‰ ์ „์ฒด ํ๋ฆ„

sequenceDiagram
    participant Certbot as ๐Ÿค– Certbot
    participant LE as ๐Ÿ›๏ธ Let's Encrypt CA
    participant Nginx as ๐Ÿ–ฅ๏ธ Nginx ์„œ๋ฒ„

    Certbot->>LE: ๊ตญ๋ฃฐ.com ์ธ์ฆ์„œ ๋ฐœ๊ธ‰ ์š”์ฒญ
    LE-->>Certbot: ๋„๋ฉ”์ธ ์†Œ์œ  ์ฆ๋ช… ์ฑŒ๋ฆฐ์ง€ ๋ฐœ๊ธ‰
    Certbot->>Nginx: /.well-known/acme-challenge/ ์— ํŒŒ์ผ ๋ฐฐ์น˜
    LE->>Nginx: ์ฑŒ๋ฆฐ์ง€ ํŒŒ์ผ ํ™•์ธ (๋„๋ฉ”์ธ ์†Œ์œ  ๊ฒ€์ฆ)
    LE-->>Certbot: ๊ฒ€์ฆ ์™„๋ฃŒ! ์ธ์ฆ์„œ ๋ฐœ๊ธ‰
    Certbot->>Nginx: Nginx ์„ค์ • ์ž๋™ ์ˆ˜์ • (HTTPS ๋ธ”๋ก ์ถ”๊ฐ€)
    Note over Nginx: 443 ํฌํŠธ๋กœ HTTPS ์„œ๋น„์Šค ์‹œ์ž‘
Mermaid
๋ณต์‚ฌ

Certbot ์„ค์น˜ ๋ฐฉ๋ฒ• ๋น„๊ต

๋ฐฉ๋ฒ•
๋ช…๋ น์–ด
์ถ”์ฒœ ์—ฌ๋ถ€
snap (๊ถŒ์žฅ)
snap install --classic certbot
์ตœ์‹  ๋ฒ„์ „ ์œ ์ง€
apt (Ubuntu)
apt install certbot python3-certbot-nginx
๊ฐ„๋‹จ
pip
pip install certbot
์ˆ˜๋™ ๊ด€๋ฆฌ ํ•„์š”

1๋‹จ๊ณ„: Certbot ์„ค์น˜

# 1. snap์œผ๋กœ certbot ์„ค์น˜ (Ubuntu 20.04 ์ด์ƒ ๊ถŒ์žฅ) sudo snap install --classic certbot # 2. certbot ๋ช…๋ น์–ด PATH ๋“ฑ๋ก sudo ln -s /snap/bin/certbot /usr/bin/certbot # 3. ์„ค์น˜ ํ™•์ธ certbot --version # ๊ฒฐ๊ณผ ์˜ˆ์‹œ: certbot 2.x.x
Bash
๋ณต์‚ฌ

2๋‹จ๊ณ„: ๋ฐฉํ™”๋ฒฝ ํฌํŠธ 443 ์—ด๊ธฐ

HTTPS๋Š” 443 ํฌํŠธ๋ฅผ ์‚ฌ์šฉํ•ด์š”. ์•ž์„  ์‹ค์Šต์—์„œ 80 ํฌํŠธ๋Š” ์—ด์—ˆ์œผ๋‹ˆ, 443๋„ ์ถ”๊ฐ€๋กœ ์—ด์–ด์ค˜์•ผ ํ•ด์š”!
# 443 ํฌํŠธ ํ—ˆ์šฉ sudo ufw allow 443/tcp sudo ufw reload # ํ™•์ธ sudo ufw status # ๊ฒฐ๊ณผ ์˜ˆ์‹œ # 80/tcp ALLOW # 443/tcp ALLOW โ† ์ถ”๊ฐ€๋จ
Bash
๋ณต์‚ฌ

3๋‹จ๊ณ„: ์ธ์ฆ์„œ ๋ฐœ๊ธ‰

Certbot์—๋Š” ์—ฌ๋Ÿฌ ๋ฐœ๊ธ‰ ๋ชจ๋“œ๊ฐ€ ์žˆ์–ด์š”.
graph TD
    A["certbot ์‹คํ–‰"] --> B{"Nginx ์„ค์ •<br/>์ž๋™ ์ˆ˜์ • ์—ฌ๋ถ€"}
    B -->|"์ž๋™ ์ˆ˜์ • OK"| C["certbot --nginx<br/>(nginx ํ”Œ๋Ÿฌ๊ทธ์ธ)"]
    B -->|"์ˆ˜๋™์œผ๋กœ ์„ค์ •"| D["certbot certonly<br/>(์ธ์ฆ์„œ๋งŒ ๋ฐœ๊ธ‰)"]

    C --> E["โœ… ๋ฐœ๊ธ‰ + Nginx ์„ค์ • ์ž๋™ ์™„๋ฃŒ"]
    D --> F["์ธ์ฆ์„œ ๋ฐœ๊ธ‰ ํ›„<br/>Nginx ์ˆ˜๋™ ์„ค์ •"]

    style E fill:#90EE90
Mermaid
๋ณต์‚ฌ

๋ฐฉ๋ฒ• A: Nginx ํ”Œ๋Ÿฌ๊ทธ์ธ (์ž๋™ ์„ค์ •, ์ดˆ๋ณด์ž ์ถ”์ฒœ)

sudo certbot --nginx -d ๊ตญ๋ฃฐ.com -d www.๊ตญ๋ฃฐ.com
Bash
๋ณต์‚ฌ
์‹คํ–‰ํ•˜๋ฉด ์•„๋ž˜ ์งˆ๋ฌธ์ด ๋‚˜์™€์š”:
Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): your@email.com โ† ์ด๋ฉ”์ผ ์ž…๋ ฅ Please read the Terms of Service at ... (A)gree/(C)ancel: A โ† ๋™์˜ Would you be willing to share your email address with the EFF? (Y)es/(N)o: N โ† ์„ ํƒ Please choose whether or not to redirect HTTP traffic to HTTPS: 1: No redirect 2: Redirect - Make all requests redirect to secure HTTPS access โ† 2 ์„ ํƒ (HTTPโ†’HTTPS ์ž๋™ ๋ฆฌ๋‹ค์ด๋ ‰ํŠธ) Select the appropriate number [1-2]: 2
Plain Text
๋ณต์‚ฌ
์™„๋ฃŒ ๋ฉ”์‹œ์ง€:
Congratulations! You have successfully enabled HTTPS on <https://๊ตญ๋ฃฐ.com>
Plain Text
๋ณต์‚ฌ

๋ฐฉ๋ฒ• B: certonly (์ธ์ฆ์„œ๋งŒ ๋ฐœ๊ธ‰)

sudo certbot certonly --webroot \\ -w /var/www/krules \\ -d ๊ตญ๋ฃฐ.com \\ -d www.๊ตญ๋ฃฐ.com
Bash
๋ณต์‚ฌ

4๋‹จ๊ณ„: ๋ฐœ๊ธ‰๋œ ์ธ์ฆ์„œ ํ™•์ธ

# ์ธ์ฆ์„œ ๋ชฉ๋ก ํ™•์ธ sudo certbot certificates # ๊ฒฐ๊ณผ ์˜ˆ์‹œ # Found the following certs: # Certificate Name: ๊ตญ๋ฃฐ.com # Domains: ๊ตญ๋ฃฐ.com www.๊ตญ๋ฃฐ.com # Expiry Date: 2026-07-21 (VALID: 89 days) # Certificate Path: /etc/letsencrypt/live/๊ตญ๋ฃฐ.com/fullchain.pem # Private Key Path: /etc/letsencrypt/live/๊ตญ๋ฃฐ.com/privkey.pem
Bash
๋ณต์‚ฌ

์ธ์ฆ์„œ ํŒŒ์ผ ๊ตฌ์กฐ

/etc/letsencrypt/live/๊ตญ๋ฃฐ.com/ โ”œโ”€โ”€ fullchain.pem โ† ์ธ์ฆ์„œ (์„œ๋ฒ„ ์ธ์ฆ์„œ + ์ฒด์ธ ์ธ์ฆ์„œ) โ”œโ”€โ”€ privkey.pem โ† ๊ฐœ์ธํ‚ค (์ ˆ๋Œ€ ์™ธ๋ถ€ ๋…ธ์ถœ ๊ธˆ์ง€!) โ”œโ”€โ”€ cert.pem โ† ์„œ๋ฒ„ ์ธ์ฆ์„œ๋งŒ โ””โ”€โ”€ chain.pem โ† ์ฒด์ธ ์ธ์ฆ์„œ๋งŒ
Plain Text
๋ณต์‚ฌ
ํŒŒ์ผ
์—ญํ• 
Nginx ์„ค์ •
fullchain.pem
์ธ์ฆ์„œ ์ „์ฒด ์ฒด์ธ
ssl_certificate
privkey.pem
๊ฐœ์ธ ํ‚ค
ssl_certificate_key

5๋‹จ๊ณ„: Nginx ์„ค์ • ํ™•์ธ (certonly ์‚ฌ์šฉ ์‹œ ์ˆ˜๋™ ์„ค์ •)

certbot --nginx๋ฅผ ์‚ฌ์šฉํ–ˆ๋‹ค๋ฉด ์ž๋™ ์„ค์ •์ด ์™„๋ฃŒ๋ผ์š”. certonly๋ฅผ ์‚ฌ์šฉํ–ˆ๋‹ค๋ฉด Nginx ์„ค์ •์„ ์ง์ ‘ ์ˆ˜์ •ํ•ด์•ผ ํ•ด์š”.
sudo nano /etc/nginx/conf.d/krules.conf
Bash
๋ณต์‚ฌ
# ============================================ # HTTP โ†’ HTTPS ๋ฆฌ๋‹ค์ด๋ ‰ํŠธ # ============================================ server { listen 80; server_name ๊ตญ๋ฃฐ.com www.๊ตญ๋ฃฐ.com; return 301 https://$server_name$request_uri; } # ============================================ # HTTPS ์„œ๋ฒ„ # ============================================ server { listen 443 ssl http2; server_name ๊ตญ๋ฃฐ.com www.๊ตญ๋ฃฐ.com; # ์ธ์ฆ์„œ ๊ฒฝ๋กœ ssl_certificate /etc/letsencrypt/live/๊ตญ๋ฃฐ.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/๊ตญ๋ฃฐ.com/privkey.pem; # SSL ๋ณด์•ˆ ์„ค์ • ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256; ssl_prefer_server_ciphers off; ssl_session_cache shared:SSL:10m; ssl_session_timeout 1d; # ์‚ฌ์ดํŠธ ๋ฃจํŠธ root /var/www/krules; index index.html; location / { try_files $uri $uri/ =404; } # ์ •์  ํŒŒ์ผ ์บ์‹ฑ location ~* \\.(jpg|jpeg|png|gif|ico|css|js|woff|woff2|svg)$ { expires 30d; add_header Cache-Control "public, no-transform"; } # ๋กœ๊ทธ access_log /var/log/nginx/krules_access.log; error_log /var/log/nginx/krules_error.log warn; }
Plain Text
๋ณต์‚ฌ
# ์„ค์ • ํ…Œ์ŠคํŠธ ํ›„ ์ ์šฉ sudo nginx -t sudo systemctl reload nginx
Bash
๋ณต์‚ฌ

6๋‹จ๊ณ„: ์ž๋™ ๊ฐฑ์‹  ์„ค์ •

Let's Encrypt ์ธ์ฆ์„œ ์œ ํšจ๊ธฐ๊ฐ„์€ 90์ผ์ด์—์š”. ๋งŒ๋ฃŒ ์ „์— ์ž๋™์œผ๋กœ ๊ฐฑ์‹ ๋˜๋„๋ก ์„ค์ •ํ•ด์•ผ ํ•ด์š”!
graph LR
    A["โฐ cron/systemd timer<br/>ํ•˜๋ฃจ 2๋ฒˆ ์‹คํ–‰"] --> B["certbot renew ๋ช…๋ น ์‹คํ–‰"]
    B --> C{"๋งŒ๋ฃŒ 30์ผ ์ด๋‚ด?"}
    C -->|"Yes"| D["์ธ์ฆ์„œ ์ž๋™ ๊ฐฑ์‹ "]
    C -->|"No"| E["๊ฐฑ์‹  ๋ถˆํ•„์š”, ๊ฑด๋„ˆ๋œ€"]
    D --> F["Nginx ์ž๋™ ๋ฆฌ๋กœ๋“œ"]

    style D fill:#90EE90
    style E fill:#E0E0E0
Mermaid
๋ณต์‚ฌ

Certbot ์ž๋™ ๊ฐฑ์‹  ํ™•์ธ

# snap์œผ๋กœ ์„ค์น˜ํ–ˆ๋‹ค๋ฉด ์ž๋™ ํƒ€์ด๋จธ๊ฐ€ ์ด๋ฏธ ๋“ฑ๋ก๋ผ ์žˆ์–ด์š”! systemctl status snap.certbot.renew.timer # ๊ฒฐ๊ณผ ์˜ˆ์‹œ # โ— snap.certbot.renew.timer # Active: active (waiting) โ† ์ •์ƒ!
Bash
๋ณต์‚ฌ

์ž๋™ ๊ฐฑ์‹  ํ…Œ์ŠคํŠธ (์‹ค์ œ ๊ฐฑ์‹  ์—†์ด ํ…Œ์ŠคํŠธ๋งŒ)

sudo certbot renew --dry-run # ๊ฒฐ๊ณผ ์˜ˆ์‹œ # Congratulations, all simulated renewals succeeded: # /etc/letsencrypt/live/๊ตญ๋ฃฐ.com/fullchain.pem (success)
Bash
๋ณต์‚ฌ

cron์œผ๋กœ ์ˆ˜๋™ ๋“ฑ๋ก (snap ํƒ€์ด๋จธ๊ฐ€ ์—†๋Š” ๊ฒฝ์šฐ)

sudo crontab -e # ์•„๋ž˜ ์ค„ ์ถ”๊ฐ€ (๋งค์ผ ์ƒˆ๋ฒฝ 3์‹œ์— ๊ฐฑ์‹  ์‹œ๋„) 0 3 * * * certbot renew --quiet && systemctl reload nginx
Bash
๋ณต์‚ฌ

์‹ค์Šต: ๊ตญ๋ฃฐ.com HTTPS ์ ์šฉ

flowchart TD
    A["๐Ÿ“‹ ์‹ค์Šต ์‹œ์ž‘<br/>(HTTP ์—ฐ๊ฒฐ ์™„๋ฃŒ ์ƒํƒœ)"] --> B["1. snap certbot ์„ค์น˜"]
    B --> C["2. ufw allow 443"]
    C --> D["3. certbot --nginx<br/>-d ๊ตญ๋ฃฐ.com -d www.๊ตญ๋ฃฐ.com"]
    D --> E{"๋ฐœ๊ธ‰ ์„ฑ๊ณต?"}
    E -->|"No"| F["์˜ค๋ฅ˜ ํ™•์ธ<br/>(DNS, ๋ฐฉํ™”๋ฒฝ ์ ๊ฒ€)"]
    E -->|"Yes"| G["4. nginx -t ํ™•์ธ"]
    F --> D
    G --> H["5. systemctl reload nginx"]
    H --> I["6. ๋ธŒ๋ผ์šฐ์ €์—์„œ<br/><https://๊ตญ๋ฃฐ.com> ์ ‘์†"]
    I --> J["7. certbot renew --dry-run<br/>์ž๋™ ๊ฐฑ์‹  ํ…Œ์ŠคํŠธ"]
    J --> K["โœ… HTTPS ์™„๋ฃŒ! ๐Ÿ”’"]

    style K fill:#90EE90
    style F fill:#FFB366
Mermaid
๋ณต์‚ฌ

์‹ค์Šต ํ™˜๊ฒฝ

ํ•ญ๋ชฉ
๊ฐ’
๋„๋ฉ”์ธ
๊ตญ๋ฃฐ.com, www.๊ตญ๋ฃฐ.com
์‚ฌ์ดํŠธ ๋ฃจํŠธ
/var/www/krules
์ธ์ฆ์„œ ๊ฒฝ๋กœ
/etc/letsencrypt/live/๊ตญ๋ฃฐ.com/
HTTP ํฌํŠธ
80 (443์œผ๋กœ ๋ฆฌ๋‹ค์ด๋ ‰ํŠธ)
HTTPS ํฌํŠธ
443

ํŠธ๋Ÿฌ๋ธ”์ŠˆํŒ…

์ฆ์ƒ
์›์ธ
ํ•ด๊ฒฐ
Challenge failed for domain
DNS๊ฐ€ ์•„์ง ์„œ๋ฒ„๋ฅผ ํ–ฅํ•˜์ง€ ์•Š์Œ
nslookup ๊ตญ๋ฃฐ.com์œผ๋กœ IP ํ™•์ธ
Connection refused
๋ฐฉํ™”๋ฒฝ 443 ํฌํŠธ ๋ฏธ๊ฐœ๋ฐฉ
ufw allow 443
Too many certificates already issued
๋‹จ๊ธฐ๊ฐ„ ๋„ˆ๋ฌด ๋งŽ์ด ๋ฐœ๊ธ‰
1์ฃผ์ผ ํ›„ ์žฌ์‹œ๋„ (์ฃผ 5ํšŒ ์ œํ•œ)
์ธ์ฆ์„œ ๊ฐฑ์‹  ์‹คํŒจ
ํฌํŠธ 80์ด ๋ง‰ํ˜€์žˆ์Œ
๊ฐฑ์‹  ์‹œ 80 ํฌํŠธ ํ•„์š”
ssl_certificate ์˜ค๋ฅ˜
ํŒŒ์ผ ๊ฒฝ๋กœ ์˜คํƒ€
ls /etc/letsencrypt/live/ ํ™•์ธ

์ฒดํฌ๋ฆฌ์ŠคํŠธ

certbot --version ์œผ๋กœ ์„ค์น˜ ํ™•์ธ?
๋ฐฉํ™”๋ฒฝ 443 ํฌํŠธ ์—ด๋ฆผ? (ufw status)
certbot --nginx -d ๊ตญ๋ฃฐ.com -d www.๊ตญ๋ฃฐ.com ๋ฐœ๊ธ‰ ์„ฑ๊ณต?
์ด๋ฉ”์ผ ์ž…๋ ฅ ๋ฐ ์•ฝ๊ด€ ๋™์˜ ์™„๋ฃŒ?
HTTP โ†’ HTTPS ๋ฆฌ๋‹ค์ด๋ ‰ํŠธ ์„ ํƒ (์˜ต์…˜ 2)?
/etc/letsencrypt/live/๊ตญ๋ฃฐ.com/ ๋””๋ ‰ํ† ๋ฆฌ ์กด์žฌ?
nginx -t ํ†ต๊ณผ?
systemctl reload nginx ์™„๋ฃŒ?
๋ธŒ๋ผ์šฐ์ €์—์„œ https://๊ตญ๋ฃฐ.com ์ž๋ฌผ์‡  ํ™•์ธ?
certbot renew --dry-run ์„ฑ๊ณต?
์ž๋™ ๊ฐฑ์‹  ํƒ€์ด๋จธ ํ™œ์„ฑํ™” ํ™•์ธ? (systemctl status snap.certbot.renew.timer)

์‹ค์Šต

# ============================================================ # Let's Encrypt ์ธ์ฆ์„œ ์„ค์น˜ ์‹ค์Šต # ๋„๋ฉ”์ธ: ๊ตญ๋ฃฐ.com / ์‚ฌ์ดํŠธ ๋ฃจํŠธ: /var/www/krules # ============================================================ # [1] certbot ์„ค์น˜ sudo apt update sudo apt install -y certbot python3-certbot-nginx # ์„ค์น˜ ํ™•์ธ certbot --version # ============================================================ # [2] ๋ฐฉํ™”๋ฒฝ 443 ํฌํŠธ ์—ด๊ธฐ sudo ufw allow 443/tcp sudo ufw reload sudo ufw status # ============================================================ # [3] ์ธ์ฆ์„œ ๋ฐœ๊ธ‰ (Nginx ์„ค์ • ์ž๋™ ์ˆ˜์ •) # - ์ด๋ฉ”์ผ ์ž…๋ ฅ โ†’ A(๋™์˜) โ†’ N(๋‰ด์Šค๋ ˆํ„ฐ) โ†’ 2(HTTPโ†’HTTPS ๋ฆฌ๋‹ค์ด๋ ‰ํŠธ) sudo certbot --nginx -d ๊ตญ๋ฃฐ.com -d www.๊ตญ๋ฃฐ.com # ============================================================ # [4] ๋ฐœ๊ธ‰๋œ ์ธ์ฆ์„œ ํ™•์ธ sudo certbot certificates # ๊ฒฐ๊ณผ์—์„œ ์•„๋ž˜ ํ•ญ๋ชฉ ํ™•์ธ: # Domains: ๊ตญ๋ฃฐ.com www.๊ตญ๋ฃฐ.com # Expiry Date: (89์ผ ์ด์ƒ) # Certificate Path: /etc/letsencrypt/live/๊ตญ๋ฃฐ.com/fullchain.pem # ============================================================ # [5] Nginx ์„ค์ • ํ…Œ์ŠคํŠธ ๋ฐ ์ ์šฉ sudo nginx -t sudo systemctl reload nginx # ============================================================ # [6] ์ž๋™ ๊ฐฑ์‹  cron ๋“ฑ๋ก ํ™•์ธ (apt ์„ค์น˜ ์‹œ ์ž๋™ ๋“ฑ๋ก๋จ) cat /etc/cron.d/certbot # ์ž๋™ ๊ฐฑ์‹  ์‹œ๋ฎฌ๋ ˆ์ด์…˜ ํ…Œ์ŠคํŠธ sudo certbot renew --dry-run # "all simulated renewals succeeded" ๋ฉ”์‹œ์ง€๊ฐ€ ๋‚˜์˜ค๋ฉด ์„ฑ๊ณต! # ============================================================ # [7] ์ตœ์ข… ํ™•์ธ โ€” ๋ธŒ๋ผ์šฐ์ €์—์„œ https://๊ตญ๋ฃฐ.com ์ ‘์† ํ›„ # ์ฃผ์†Œ์ฐฝ ์ž๋ฌผ์‡  ๐Ÿ”’ ํ™•์ธ! curl -I https://๊ตญ๋ฃฐ.com # HTTP/2 200 ์ด ๋‚˜์˜ค๋ฉด HTTPS ์ •์ƒ ๋™์ž‘!
Bash
๋ณต์‚ฌ

ํ•ต์‹ฌ ์ •๋ฆฌ

Let's Encrypt = ๋ฌด๋ฃŒ SSL ์ธ์ฆ์„œ. 90์ผ ์œ ํšจ, ์ž๋™ ๊ฐฑ์‹  ๊ฐ€๋Šฅ
Certbot = Let's Encrypt ์ธ์ฆ์„œ๋ฅผ ์‰ฝ๊ฒŒ ๋ฐœ๊ธ‰ยท๊ด€๋ฆฌํ•˜๋Š” ๊ณต์‹ ๋„๊ตฌ
๋ฐœ๊ธ‰ ๋ช…๋ น = certbot --nginx -d ๋„๋ฉ”์ธ ํ•œ ์ค„๋กœ ๋ฐœ๊ธ‰ + Nginx ์„ค์ • ์ž๋™ ์™„๋ฃŒ
์ธ์ฆ์„œ ํŒŒ์ผ = fullchain.pem (์ธ์ฆ์„œ) + privkey.pem (๊ฐœ์ธํ‚ค)
์ž๋™ ๊ฐฑ์‹  = snap ์„ค์น˜ ์‹œ ํƒ€์ด๋จธ ์ž๋™ ๋“ฑ๋ก. --dry-run์œผ๋กœ ํ…Œ์ŠคํŠธ
HTTP โ†’ HTTPS ๋ฆฌ๋‹ค์ด๋ ‰ํŠธ = return 301 https://... ๋˜๋Š” Certbot์ด ์ž๋™ ์„ค์ •