Certbot

From IT위키
Revision as of 00:11, 19 April 2021 by 웹개발자 (talk | contribs) (웹개발자 (토론)의 26403판 편집을 되돌림)

분류:인터넷분류:보안

Let's Encrypt에서 제공하는 인증서를 손쉽게 설치하고 갱신하는 등 관리할 수 있도롬 만들어진 ACME 도구
  • 개발사: Electronic Frontier Foundation (EFF)[1]

사용법

설치

확인

발급된 인증서 확인 

[ec2-user@ip-172-9-3-9~]$ sudo certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: ooo.kr
    Serial Number: asd123456...
    Key Type: RSA
    Domains: ooo.kr *.ooo.kr
    Expiry Date: 2021-05-01 13:37:04+00:00 (VALID: 13 days)
    Certificate Path: /etc/letsencrypt/live/ooo.kr/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/ooo.kr/privkey.pem
  Certificate Name: ooo.ooo.kr
    Serial Number: fnklnl12345...
    Key Type: RSA
    Domains: ooo.ooo.kr
    Expiry Date: 2021-05-01 09:10:37+00:00 (VALID: 13 days)
    Certificate Path: /etc/letsencrypt/live/ooo.ooo.kr/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/ooo.ooo.kr/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  • 유효기간 등 확인 가능능

갱신

$ sudo certbot renew

삭제

[ec2-user@ip-172-9-3-9 ~]$ sudo certbot delete
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Which certificate(s) would you like to delete?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: ooo.kr
2: ooo.ooo.kr
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 2

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The following certificate(s) are selected for deletion:

  * ooo.ooo.kr

Are you sure you want to delete the above certificate(s)?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
Deleted all files relating to certificate ooo.ooo.kr.

트러블 슈팅

  • 인증서 자동 갱신 시도 시 아래와 같은 에러 발생[2]
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.',).

각주

  1. 샌프란시스코의 비영리 단체
  2. 이 외 기본적인 에러 메시지 템플릿도 출력되지만, 주요한 내용만 발췌
Retrieved from "https://new.itwiki.kr/index.php?title=Certbot&oldid=26404"