by: testuserPosted on:

Apache에서 SSL설정 하기(Setting up SSL for Apache )-Let’s Encrypt

Let’s Encrypt는 무료로 사용가능한 SSL 인증서 입니다.
SSL인증이란 웹사이트와 웹서버 사이의 데이터를 암호화 하는 기술입니다.
쉽게 얘기해서 우리가 인터넷에 접속할때 http://프로토콜을 https://프로토콜로 바꿔서 사용할 수 있게 해주는 것이라고 생각하시면 됩니다.
먼저 Apache는 설치되어 있어야 합니다.

Let’s Encrypt is a free SSL certificate.
SSL authentication is a technology that encrypts data between a website and a web server.
To put it simply, you can think of it as something that allows us to change the “http://” protocol to “https://” protocol when we access the Internet.
First, Apache must be installed.

설정 순서는 다음과 같습니다.The setup sequence is as follows:

1.Certbot설치
(Certbot instatll)
2.웹서버 설정 및 재시작
(Set up and restart web server)
3.인증서받기
(Get a certificate)
4.설정확인
(Check settings)


1.Certbot설치 (Certbot install)
-SSL인증을 위한 certbot설치
#sudo apt-get update
#sudo apt-get install certbot

2.웹서버 설정 및 재시작(Set up and restart web server)
/etc/apache2/sites-available/ 디렉토리에 domain name 파일을 만듭니다
저 같은 경우는 /etc/apache2/sites-available디렉토리 밑에 freelifemakers.org.conf파일을 만듭니다.

Create a domain name file in the /etc/apache2/sites-available/ directory.
In my case, I create a freelifemakers.org.conf file under the /etc/apache2/sites-available directory.

1)freelifemakers.org.conf파일 설정(freelifemakers.org.conf file settings)

<VirtualHost *:80>

ServerAdmin ubuntu@freelifemakers.org

ServerName freelifemakers.org
ServerAlias www.freelifemakers.org
DocumentRoot /var/www/html/

<Directory /var/www/html/>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
</Directory>

ErrorLog ${APACHE_LOG_DIR}/freelifemakers.org_error.log
CustomLog ${APACHE_LOG_DIR}/freelifemakers.org_access.log combined

</VirtualHost>

2)Apache를 재시작합니다.(restart apache)
#service apache2 restart

3.인증서 받기(Get a certificate)
-아래의 명령어를 실행하면 다음과 같이 실행 되며 적절한 답변을 하시면 됩니다.
If you run the command below, it will run as follows and you can respond appropriately.

#sudo certbot —apache

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel): ID@your-domain.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N

Account registered.

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: your-domain.com
2: www.your-domain.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):1 or 2

4.설정확인(Check settings)

1)설치 완료 메세지(Installation completion message)
아래는 freelifemakers.org의 메세지입니다.
Below is a message from freelifemakers.org

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/freelifemakers.org/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/freelifemakers.org/privkey.pem
   Your cert will expire on 2024-05-30. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

2)접속확인(Check connection)
https://yourdomain.com으로 접속이 되는지 확인 합니다.
Check if you can access https://yourdomain.com.

※트러블슈팅(troubleshooting)

1.아래와 같은 메세지가 발생시(When the following message occurs:)
The requested apache plugin does not appear to be installed 

python3-certbot-apache를 설치 합니다.
(Install python3-certbot-apache.)
#apt-get install python3-certbot-apache

Leave a Reply

Your email address will not be published. Required fields are marked *