์ปค๋ฎค๋ํฐ ํฌ๋ผ์ ๋ง์ ์ฌ์ฉ์๊ฐ ๊ธฐ์กด ์ธ์ฆ์๋ฅผ ํ์ฅํ๋ ๋ฐ ์ด๋ ค์์ ๊ฒช๊ณ ์๋ค๊ณ ๋ณด๊ณ ํ์ต๋๋ค. certbot
0.10.0์ ์ฌ์ฉํ์ฌ ๊นจ๋ํ Ubuntu 16.04 ์ค์น์์ ์ฌํ ํ ์์์์ต๋๋ค. ๋๋ ๋
๋ฆฝ ์คํ ํ๊ณผ ์ํ์น๋ฅผ ํ
์คํธํ๊ธฐ ๋๋ฌธ์ ์๋ง๋ ํ๋ฌ๊ทธ์ธ๊ณผ ๊ด๋ จ์ด ์์ ๊ฒ์
๋๋ค.
์ถ๋ ฅ์ ํฌํจํ์ฌ ์ฌํ ํ ๋ช ๋ น :
root<strong i="8">@debug</strong>:~# ./certbot-auto certonly --standalone -d 1.debug.le.pf.vc -d 2.debug.le.pf.vc --staging --register-unsafely-without-email
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for 1.debug.le.pf.vc
tls-sni-01 challenge for 2.debug.le.pf.vc
Waiting for verification...
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0000_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0000_csr-certbot.pem
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/1.debug.le.pf.vc/fullchain.pem. Your cert
will expire on 2017-04-13. To obtain a new or tweaked version of
this certificate in the future, simply run certbot-auto again. To
non-interactively renew *all* of your certificates, run
"certbot-auto renew"
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
root<strong i="9">@debug</strong>:~# ./certbot-auto certonly --standalone -d 1.debug.le.pf.vc -d 2.debug.le.pf.vc -d 3.debug.le.pf.vc --staging --register-unsafely-without-email
Saving debug log to /var/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/1.debug.le.pf.vc.conf)
It contains these names: 1.debug.le.pf.vc, 2.debug.le.pf.vc
You requested these names for the new certificate: 1.debug.le.pf.vc,
2.debug.le.pf.vc, 3.debug.le.pf.vc.
Do you want to expand and replace this existing certificate with the new
certificate?
-------------------------------------------------------------------------------
(E)xpand/(C)ancel: e
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for 1.debug.le.pf.vc
tls-sni-01 challenge for 2.debug.le.pf.vc
Waiting for verification...
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0001_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0001_csr-certbot.pem
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/1.debug.le.pf.vc/fullchain.pem. Your cert
will expire on 2017-04-13. To obtain a new or tweaked version of
this certificate in the future, simply run certbot-auto again. To
non-interactively renew *all* of your certificates, run
"certbot-auto renew"
root<strong i="10">@debug</strong>:~# openssl x509 -text -noout -in /etc/letsencrypt/live/1.debug.le.pf.vc/cert.pem | grep DNS
DNS:1.debug.le.pf.vc, DNS:2.debug.le.pf.vc
์๋ณธ ๋ณด๊ณ ์ :
https://community.letsencrypt.org/t/expands-not-working-on-pre-existing-cert-requests/25605?u=pfg
https://community.letsencrypt.org/t/workaround-for-5-domain-limit/25651?u=pfg
@patf ๋ฒ๊ทธ ๋ณด๊ณ ์์ ๊ฐ์ฌ๋๋ฆฝ๋๋ค. ์ค๋์ด ๋ฌธ์ ๊ฐ ํด๊ฒฐ๋๊ธฐ๋ฅผ ๋ฐ๋๋๋ค.
certbot 0.17.0์ ์ฌ์ฉํ๋ Ubuntu 17.04์์ ์ฌ์ ํ ์ ํํ ๋ฌธ์ ๊ฐ ๋ฐ์ํฉ๋๋ค. ์น ๋ธ๋ผ์ฐ์ ์์ ํ์ ๋๋ฉ์ธ์ ์๋ ํ ๋๊น์ง certbot ๋ก๊ทธ์์ ๋ชจ๋ ์ ๋ณด์ ๋๋ค.์ด ๊ฒฝ์ฐ ์ด๋ฆ์ด ์ผ์นํ์ง ์์ต๋๋ค.
@BadassOverlord ,์ด ์ ํํ ๋ฒ๊ทธ๋ ๋ซํ์ผ๋ฏ๋ก ๋น์ทํ ํจ๊ณผ๊ฐ์๋ ๋ค๋ฅธ ๋ฌธ์ ์ธ ๊ฒ ๊ฐ์ต๋๋ค. ๋ฌธ์ ๋ฅผ ๋๋ฒ๊น ํ๋ ๋ฐ ๋์์ ๋ฐ๊ธฐ ์ํด "์ ์ฃผ์ "ํ์ด์ง์์ ๊ถ์ฅํ๋ ๋ชจ๋ ์ ๋ณด๋ฅผ ํฌํจํ์ฌ ์ปค๋ฎค๋ํฐ ํฌ๋ผ ์ ์ด์ ๋ํด ๊ฒ์ํ๋ ๊ฒ์ด ์ข์ต๋๋ค.
๊ฐ์ฅ ์ ์ฉํ ๋๊ธ
@patf ๋ฒ๊ทธ ๋ณด๊ณ ์์ ๊ฐ์ฌ๋๋ฆฝ๋๋ค. ์ค๋์ด ๋ฌธ์ ๊ฐ ํด๊ฒฐ๋๊ธฐ๋ฅผ ๋ฐ๋๋๋ค.