let’s encrypt with wildcard cert

let’s encrypt 인증서에 와일드카드 도메인을 적용해보자.

UR_DOMAIN=aaa.com

sudo yum update
sudo yum install epel-release git -y
sudo yum install python-pip -y
sudo yum install python-virtualenv -y

sudo yum install certbot

certbot certonly \
--manual \
--preferred-challenges=dns \
--email UR_EMAIL \
--server https://acme-v02.api.letsencrypt.org/directory \
--agree-tos \
--debug \
--no-bootstrap \
-d *.${UR_DOMAIN} # 이게 중요

_acme-challenge txt 도메인에 등록하라고 나옴

Please deploy a DNS TXT record under the name
_acme-challenge.UR-DOMAIN with the following value:

h1vJeUEv6AYJu5stnwlLy-xxx

Before continuing, verify the record is deployed.

도메인에 txt 레코드 등록하고 조금 기다린후 dns가 업데이트가 되면 커맨드에서 엔터

Press Enter to Continue
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/UR-DOMAIN/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/UR-DOMAIN/privkey.pem
   Your cert will expire on 2019-03-23. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot-auto
   again. To non-interactively renew *all* of your certificates, run
   "certbot-auto renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

발급 위치 : /etc/letsencrypt/live/UR_DOMAIN/

확인

/tmp/certbot/certbot-auto certificates

*로 발급된걸 알수있다.

웹서버에 적용하면된다.

윈도우

https://github.com/PKISharp/win-acme/releases 를 사용하자.

기타 사용법

sudo /tmp/certbot/certbot-auto renew --dry-run
/tmp/certbot/certbot-auto check 
sudo /tmp/certbot/certbot delete --cert-name example.com
teamsmiley's profile image

teamsmiley

2019-02-07 00:00

Read more posts by this author