ubuntu의 nginx의 ssl 인증서 설치

Let’s Encrypt를 사용하여 HTTPS 자동 구성

Certbot, Let’s Encrypt 및 ACME(자동 인증서 관리 환경) 프로토콜의 목적은 HTTPS 서버를 설정하고 사람의 개입 없이 브라우저에서 신뢰할 수 있는 인증서를 자동으로 얻을 수 있도록 하는 것입니다. 이는 웹 서버에서 인증서 관리 에이전트를 실행하여 수행됩니다.

설치 & 설정 & 실행 명령어

# 설치
$ sudo snap install --classic certbot
certbot 2.10.0 from Certbot Project (certbot-eff✓) installed

$ sudo ln -s /snap/bin/certbot /usr/bin/certbot

# 설정
$ sudo certbot --nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel): lahuman@daum.net

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf. You must agree in
order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y
Account registered.

Which names would you like to activate HTTPS for?
We recommend selecting either all domains, or all domains in a VirtualHost/server block.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: lahuman.zapto.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
Requesting a certificate for lahuman.zapto.org

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/lahuman.zapto.org/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/lahuman.zapto.org/privkey.pem
This certificate expires on 2024-07-07.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate
Successfully deployed certificate for lahuman.zapto.org to /etc/nginx/sites-enabled/default
Congratulations! You have successfully enabled HTTPS on https://lahuman.zapto.org

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

# nginx 설정 확인 및 재실행
$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

$ sudo nginx -r reload

마치며

생각보다 설정이 쉬워서 이렇게만 하면 된다고 하고 놀랐네요. :)

참고 자료

• Install certbot on Ubuntu