์๋ ํ์ธ์,
์ผ๋ถ ๋ฐฐ๊ฒฝ:
๊ทธ๋์, InterWorx๋ฅผ ์ฌ์ฉํ๊ณ ์๋๋ฐ ๋๋์ด ๋ฌธ์ ๊ฐ ๋ฐ์ํ๊ณ ์์ด ./certbot-auto --hsts
์ผ์ํ์ง ์์ต๋๋ค๋ ์๋ ./certbot-auto certonly --standalone
์ผ์์ ์ผ๋ก ์ค์ง ํ ํ httpd
์ CentOS 7 x64
. ๋ํ ํ๋ก์๋์ง ์์ต๋๋ค. ์ด๊ฒ์ Xen VPS์ ์์ต๋๋ค. ๋ํ ํฌํธ 443์ ๋ํ telnet
๊ฐ ์ด ์๋ฒ์์ ์๋ํจ์ ํ์ธํ์ผ๋ฏ๋ก ์ฐ๊ฒฐ ๋ฌธ์ ๊ฐ ์์ด์ผ ํฉ๋๋ค...
IW dev/support๋ eidolonhost.com์ด HSTS ์ฌ์ ๋ก๋ ๋ชฉ๋ก์ ํตํด ์ฌ์ ๋ก๋๋๊ธฐ ๋๋ฌธ์ HSTS๋ก ์ธํด helmsgate.eidolonhost.com์์ Certbot-auto๊ฐ ์คํจํ ์ ์๋ค๊ณ ์ธ๊ธํ์ต๋๋ค. .) ํ์ง๋ง LE ์ธ์ฆ์๋ฅผ ํตํด ๊ฐ์ ๋ก ์ค์นํ ์ ์๋ ๋ต๋ณ์ด ์๊ธฐ๋ฅผ ๋ฐ๋์ต๋๋ค.
๊ด๋ จ ๋ก๊ทธ:
[root<strong i="15">@helmsgate</strong> letsencrypt]# cat letsencrypt.log
2016-07-08 00:32:50,790:DEBUG:certbot.main:Root logging level set at 30
2016-07-08 00:32:50,791:INFO:certbot.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2016-07-08 00:32:50,791:DEBUG:certbot.main:certbot version: 0.8.1
2016-07-08 00:32:50,791:DEBUG:certbot.main:Arguments: ['--hsts']
2016-07-08 00:32:50,791:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
2016-07-08 00:32:50,801:DEBUG:certbot.plugins.selection:Requested authenticator None and installer None
2016-07-08 00:32:54,292:DEBUG:certbot.plugins.selection:Multiple candidate plugins: * apache
Description: Apache Web Server - Alpha
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.configurator:ApacheConfigurator
Initialized: <certbot_apache.configurator.ApacheConfigurator object at 0x1fe7750>
Prep: True
* webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x28da690>
Prep: True
* standalone
Description: Automatically use a temporary webserver
Interfaces: IAuthenticator, IPlugin
Entry point: standalone = certbot.plugins.standalone:Authenticator
Initialized: <certbot.plugins.standalone.Authenticator object at 0x28da390>
Prep: True
2016-07-08 00:33:15,830:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.standalone.Authenticator object at 0x28da390> and installer None
2016-07-08 00:33:22,034:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/directory. args: (), kwargs: {}
2016-07-08 00:33:22,038:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2016-07-08 00:33:33,034:DEBUG:certbot.main:Exiting abnormally:
Traceback (most recent call last):
File "/root/.local/share/letsencrypt/bin/letsencrypt", line 11, in <module>
sys.exit(main())
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/main.py", line 744, in main
return config.func(config, plugins)
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/main.py", line 550, in obtain_cert
le_client = _init_le_client(config, auth, installer)
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/main.py", line 360, in _init_le_client
acc, acme = _determine_account(config)
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/main.py", line 345, in _determine_account
config, account_storage, tos_cb=_tos_cb)
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/client.py", line 118, in register
acme = acme_from_config_key(config, key)
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/client.py", line 42, in acme_from_config_key
return acme_client.Client(config.server, key=key, net=net)
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/acme/client.py", line 63, in __init__
self.net.get(directory).json())
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/acme/client.py", line 631, in get
self._send_request('GET', url, **kwargs), content_type=content_type)
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/acme/client.py", line 613, in _send_request
response = self.session.request(method, url, *args, **kwargs)
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/requests/sessions.py", line 468, in request
resp = self.send(prep, **send_kwargs)
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/requests/sessions.py", line 576, in send
r = adapter.send(request, **kwargs)
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/requests/adapters.py", line 437, in send
raise ConnectionError(e, request=request)
ConnectionError: HTTPSConnectionPool(host='acme-v01.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x3303e10>: Failed to establish a new connection: [Errno -2] Name or service not known',))
ํธ์ง: helmsgate.eidolonhost.com์ ์ด์ Comodo์ ์ ํจํ SSL ์ธ์ฆ์๋ฅผ ์ฌ์ฉํ๊ณ ์์ต๋๋ค. ์ ์ด๋ SSL ์ธ์ฆ์๋ฅผ ์์ผ๋ก Let's Encrypt๋ก ๊ต์ฒดํ ์ ์์ต๋๋ค.
Edit2: ๊ณ ๊ฐ ๋๋ฉ์ธ(์ด ๊ฒฝ์ฐ dragonfox.net
์ ๋ํด ๋์ผํ ์ค๋ฅ๊ฐ ๊ณ์ ๋ฐ์ํ๋ ๊ฒ์ผ๋ก ๋ณด์
๋๋ค. ์ด ๊ฒฝ์ฐ ๊ณ ๊ฐ์ CloudFlare๋ฅผ ์ฌ์ฉํ๊ณ ์์ง๋ง ์ด๊ฒ์ด ํด๋ผ์ด์ธํธ๊ฐ ์ SSL ์ธ์ฆ์๋ฅผ ์ค์นํ ์ ์๋ ๊ฒ๊ณผ ๊ด๋ จ์ด ์๋์ง ๋ชจ๋ฅด๊ฒ ์ต๋๋ค.
๋ฐ๋ผ์ ์ฌ๊ธฐ์ ๋ฌธ์ ๋ Let's Encrypt CA๊ฐ ์๋ฒ์ ์ฐ๊ฒฐํ ์ ์๋ค๋ ๊ฒ์ด ์๋๋ผ Certbot์ด Let's Encrypt์ ์ฐ๊ฒฐํ ์ ์๋ค๋ ๊ฒ์ ๋๋ค. ํด๋ผ์ด์ธํธ๊ฐ ์คํจํ๋ ๊ฒฝ์ฐ๋ ๋จผ์ CA์์ ์ฐ๊ฒฐ์ ์ค์ ํ๋ ค๊ณ ์๋ํ๋ ๊ฒ์ ๋๋ค.
์ด ๋ฌธ์ ๊ฐ ์๋ ์์คํ
์์ curl https://acme-v01.api.letsencrypt.org/directory
๋ฅผ ์คํํ๋ฉด ์ด๋ป๊ฒ ๋ฉ๋๊น?
@bmw ,
๋ฌธ์ ์ ๊ธธ์ ์๋ ค์ฃผ์ ์ ๊ฐ์ฌํฉ๋๋ค.
์๋ฒ๋ acme-v01.api.letsencrypt.org
๊ฐ ๋๊ตฌ์ธ์ง ๋ชฐ๋์ต๋๋ค.
[root<strong i="10">@helmsgate</strong> ~]# curl https://acme-v01.api.letsencrypt.org/directory
curl: (6) Could not resolve host: acme-v01.api.letsencrypt.org; Name or service not known
[root<strong i="11">@helmsgate</strong> ~]# nano /etc/resolv.conf
[root<strong i="12">@helmsgate</strong> ~]# curl https://acme-v01.api.letsencrypt.org/directory
{
"new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",
"new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",
"new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",
"revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"
}[root<strong i="13">@helmsgate</strong> ~]# ^C
[root<strong i="14">@helmsgate</strong> ~]#
ํธ์ง: ๋ฌผ๋ก ์
๋๋ค. nameserver 8.8.8.8
์ /etc/resolv.conf
๋ฅผ ์ถ๊ฐํ์๋ง์ Let's Encrypt์ DNS ์ค์ ์ ์ฆ์ ์ ํํ๊ณ ์ด์ SSL ์ธ์ฆ์๋ฅผ ๋ฐ๊ธํ ์ ์์ต๋๋ค.
๋์์ด ๋ ์ ์์ด์ ๊ธฐ์ฉ๋๋ค! ๊ทธ๋ฌ๋ฉด ์ด ๋ฌธ์ ๊ฐ ํด๊ฒฐ๋์์ต๋๊น?
์! ์ด์ IW LE ํ๋ฌ๊ทธ์ธ์ ์ฌ์ฉํ์ฌ ๊ณ ๊ฐ ๋๋ฉ์ธ์ ๋ํ ์ธ์ฆ์๋ฅผ ๋ฐ๊ธํ ์ ์์ต๋๋ค. ์ฌ๋ฌ ๊ณ ๊ฐ ๋๋ฉ์ธ์ ๋ํด ์ด ๋์์ ์ฌํํ์ผ๋ฉฐ ๋ชจ๋ ๊ฒฝ์ฐ์ ์์ ๋์์ต๋๋ค.
์ด ๋ฌธ์ ๋ฅผ ์ข ๋ฃํ๊ณ ์งํํ๊ฒ ์ต๋๋ค. ๊ธธ์ ์๋ ค์ฃผ์ ์ ๋ค์ ํ ๋ฒ ๊ฐ์ฌ๋๋ฆฝ๋๋ค. :)
๊ฐ์ฅ ์ ์ฉํ ๋๊ธ
@bmw ,
๋ฌธ์ ์ ๊ธธ์ ์๋ ค์ฃผ์ ์ ๊ฐ์ฌํฉ๋๋ค.
์๋ฒ๋
acme-v01.api.letsencrypt.org
๊ฐ ๋๊ตฌ์ธ์ง ๋ชฐ๋์ต๋๋ค.ํธ์ง: ๋ฌผ๋ก ์ ๋๋ค.
nameserver 8.8.8.8
์/etc/resolv.conf
๋ฅผ ์ถ๊ฐํ์๋ง์ Let's Encrypt์ DNS ์ค์ ์ ์ฆ์ ์ ํํ๊ณ ์ด์ SSL ์ธ์ฆ์๋ฅผ ๋ฐ๊ธํ ์ ์์ต๋๋ค.