Oracle Linux Server 7.6에 Let's Encrypt 인증서를 설치하려고 합니다. 서버에 공인 IP가 없기 때문에 DNS를 통해 인증해야 합니다. 나는 여기의 지시를 따랐다.https://github.com/joohoi/acme-dns-certbot-joohoi인증이 성공하여 인증서를 받았습니다. 지금 인증서를 어떻게 설치하나요?
온라인 지침에 따라 인증서를 etc/ssl/certs로 이동하고 이전 인증서를 삭제했습니다. 그런데 컴퓨터를 다시 시작한 후 홈페이지가 제대로 작동하지 않고 오류가 발생하여 홈페이지에 접속할 수 없었습니다.
SSH를 통해서만 서버와 상호 작용할 수 있습니다.
답변1
저는 이것이 CentOS 7.6과 비슷하다고 생각합니다. 경로는 etc/ssl/certs에 대한 심볼릭 링크일 뿐입니다 /etc/pki/tls/certs/. 인증서는 두 부분으로 나누어집니다. 첫 번째 부분은 이미 언급한 *.crt 파일로 공개 키가 포함되어 있으며 /etc/pki/tls/certs/제 경우에는 여기에 배치되어야 하며 certificate.crt다른 부분은 /etc/pki/tls/private/일반적으로 여기에 배치되어야 하는 개인 키입니다. *.key 확장자, 제 경우에는 private.key.
redmine.confApache 웹 서버를 사용하는 경우 다음은 안내하기에 충분할 실제 작업 예제입니다 .
<VirtualHost *:80>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
</VirtualHost>
<VirtualHost *:443>
ServerName www.example.com
ServerAlias 192.0.2.37
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/certificate.crt
SSLCertificateKeyFile /etc/pki/tls/private/private.key
SSLCertificateChainFile /etc/pki/tls/certs/ca_bundle.crt
DocumentRoot /var/www/html/redmine/public
<Directory /var/www/html/redmine/public>
Allow from all
Options -MultiViews
Require all granted
</Directory>
</VirtualHost>
언급하는 것을 거의 잊어버릴 뻔했습니다. 이렇게 하면 문제가 해결될 수도 있습니다. 다음과 같이 방화벽 규칙이 있고 영구적인지 확인해야 합니다.
firewall-cmd --permanent --add-service=http --add-service=https --zone=public
firewall-cmd --reload
또한 웹 서비스에 대한 규칙을 변경하지 않은 경우 SeLinux를 비활성화하십시오.
답변2
이것이 내가 구현한 방법입니다.
서버에 연결:
[email protected]'s password:
Welcome to Ubuntu 18.04.2 LTS (GNU/Linux 4.15.0-52-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
System information as of Tue Jun 18 03:51:19 UTC 2019
System load: 0.01 Processes: 86
Usage of /: 16.9% of 19.21GB Users logged in: 0
Memory usage: 25% IP address for eth0: 138.197.165.222
Swap usage: 0%
Get cloud support with Ubuntu Advantage Cloud Guest:
http://www.ubuntu.com/business/services/cloud
0 packages can be updated.
0 updates are security updates.
Last login: Tue Jun 18 01:45:08 2019 from 168.243.226.113
저장소 추가:
root@jaimemontoya:~# add-apt-repository ppa:certbot/certbot
This is the PPA for packages prepared by Debian Let's Encrypt Team and backported for Ubuntu(s).
More info: https://launchpad.net/~certbot/+archive/ubuntu/certbot
Press [ENTER] to continue or Ctrl-c to cancel adding it.
gpg: keybox '/tmp/tmp_u4kdj9u/pubring.gpg' created
gpg: /tmp/tmp_u4kdj9u/trustdb.gpg: trustdb created
gpg: key 8C47BE8E75BCA694: public key "Launchpad PPA for certbot" imported
gpg: Total number processed: 1
gpg: imported: 1
OK
새 저장소에 대한 패키지 정보를 얻으려면 패키지 목록을 업데이트하세요.
root@jaimemontoya:~# apt-get update
Hit:1 http://us.archive.ubuntu.com/ubuntu bionic InRelease
Hit:2 http://ppa.launchpad.net/certbot/certbot/ubuntu bionic InRelease
Hit:3 http://us.archive.ubuntu.com/ubuntu bionic-updates InRelease
Hit:4 http://us.archive.ubuntu.com/ubuntu bionic-security InRelease
Hit:5 http://archive.ubuntu.com/ubuntu bionic InRelease
Reading package lists... Done
apt-get을 사용하여 새 저장소에서 Certbot을 설치합니다.
root@jaimemontoya:~# apt-get install python-certbot-apache
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
linux-headers-4.13.0-45 linux-headers-4.13.0-45-generic
linux-image-4.13.0-45-generic linux-image-extra-4.13.0-45-generic
Use 'apt autoremove' to remove them.
The following additional packages will be installed:
augeas-lenses certbot libaugeas0 python3-acme python3-augeas python3-certbot
python3-certbot-apache python3-configargparse python3-future python3-icu
python3-josepy python3-mock python3-ndg-httpsclient python3-parsedatetime
python3-pbr python3-requests-toolbelt python3-rfc3339 python3-tz
python3-zope.component python3-zope.event python3-zope.hookable
Suggested packages:
augeas-doc python3-certbot-nginx python-certbot-doc augeas-tools
python-acme-doc python-certbot-apache-doc python-future-doc python-mock-doc
The following NEW packages will be installed:
augeas-lenses certbot libaugeas0 python-certbot-apache python3-acme
python3-augeas python3-certbot python3-certbot-apache python3-configargparse
python3-future python3-icu python3-josepy python3-mock
python3-ndg-httpsclient python3-parsedatetime python3-pbr
python3-requests-toolbelt python3-rfc3339 python3-tz python3-zope.component
python3-zope.event python3-zope.hookable
0 upgraded, 22 newly installed, 0 to remove and 2 not upgraded.
Need to get 1,654 kB of archives.
After this operation, 8,585 kB of additional disk space will be used.
Do you want to continue? [Y/n] Y
Get:1 http://us.archive.ubuntu.com/ubuntu bionic/main amd64 augeas-lenses all 1.10.1-2 [300 kB]
Get:2 http://ppa.launchpad.net/certbot/certbot/ubuntu bionic/main amd64 python3-josepy all 1.1.0-2+ubuntu18.04.1+certbot+1 [27.8 kB]
Get:3 http://us.archive.ubuntu.com/ubuntu bionic/main amd64 python3-pbr all 3.1.1-3ubuntu3 [53.8 kB]
Get:4 http://us.archive.ubuntu.com/ubuntu bionic/universe amd64 python3-mock all 2.0.0-3 [47.5 kB]
Get:5 http://us.archive.ubuntu.com/ubuntu bionic/main amd64 python3-tz all 2018.3-2 [25.1 kB]
Get:6 http://us.archive.ubuntu.com/ubuntu bionic/main amd64 python3-rfc3339 all 1.0-4 [6,356 B]
Get:7 http://us.archive.ubuntu.com/ubuntu bionic/universe amd64 python3-ndg-httpsclient all 0.4.4-1 [23.5 kB]
Get:8 http://us.archive.ubuntu.com/ubuntu bionic/universe amd64 python3-configargparse all 0.11.0-1 [22.4 kB]
Get:9 http://us.archive.ubuntu.com/ubuntu bionic/universe amd64 python3-zope.event all 4.2.0-1 [7,402 B]
Get:10 http://us.archive.ubuntu.com/ubuntu bionic/main amd64 libaugeas0 amd64 1.10.1-2 [159 kB]
Get:11 http://us.archive.ubuntu.com/ubuntu bionic/main amd64 python3-icu amd64 1.9.8-0ubuntu1 [173 kB]
Get:12 http://ppa.launchpad.net/certbot/certbot/ubuntu bionic/main amd64 python3-requests-toolbelt all 0.8.0-1+ubuntu18.04.1+certbot+1 [38.3 kB]
Get:13 http://ppa.launchpad.net/certbot/certbot/ubuntu bionic/main amd64 python3-acme all 0.31.0-1+ubuntu18.04.1+certbot+1 [49.8 kB]
Get:14 http://ppa.launchpad.net/certbot/certbot/ubuntu bionic/main amd64 python3-future all 0.15.2-4+ubuntu18.04.1+certbot+3 [333 kB]
Get:15 http://ppa.launchpad.net/certbot/certbot/ubuntu bionic/main amd64 python3-parsedatetime all 2.4-3+ubuntu18.04.1+certbot+3 [32.4 kB]
Get:16 http://ppa.launchpad.net/certbot/certbot/ubuntu bionic/main amd64 python3-zope.hookable amd64 4.0.4-4+ubuntu18.04.1+certbot+1 [9,532 B]
Get:17 http://ppa.launchpad.net/certbot/certbot/ubuntu bionic/main amd64 python3-zope.component all 4.3.0-1+ubuntu18.04.1+certbot+3 [43.1 kB]
Get:18 http://ppa.launchpad.net/certbot/certbot/ubuntu bionic/main amd64 python3-certbot all 0.31.0-1+ubuntu18.04.1+certbot+1 [208 kB]
Get:19 http://ppa.launchpad.net/certbot/certbot/ubuntu bionic/main amd64 certbot all 0.31.0-1+ubuntu18.04.1+certbot+1 [11.0 kB]
Get:20 http://ppa.launchpad.net/certbot/certbot/ubuntu bionic/main amd64 python3-augeas all 0.5.0-1+ubuntu18.04.1+certbot+1 [9,288 B]
Get:21 http://ppa.launchpad.net/certbot/certbot/ubuntu bionic/main amd64 python3-certbot-apache all 0.31.0-1+ubuntu18.04.1+certbot+1 [69.7 kB]
Get:22 http://ppa.launchpad.net/certbot/certbot/ubuntu bionic/main amd64 python-certbot-apache all 0.31.0-1+ubuntu18.04.1+certbot+1 [3,964 B]
Fetched 1,654 kB in 4s (422 kB/s)
Selecting previously unselected package augeas-lenses.
(Reading database ... 173513 files and directories currently installed.)
Preparing to unpack .../00-augeas-lenses_1.10.1-2_all.deb ...
Unpacking augeas-lenses (1.10.1-2) ...
Selecting previously unselected package python3-josepy.
Preparing to unpack .../01-python3-josepy_1.1.0-2+ubuntu18.04.1+certbot+1_all.deb ...
Unpacking python3-josepy (1.1.0-2+ubuntu18.04.1+certbot+1) ...
Selecting previously unselected package python3-pbr.
Preparing to unpack .../02-python3-pbr_3.1.1-3ubuntu3_all.deb ...
Unpacking python3-pbr (3.1.1-3ubuntu3) ...
Selecting previously unselected package python3-mock.
Preparing to unpack .../03-python3-mock_2.0.0-3_all.deb ...
Unpacking python3-mock (2.0.0-3) ...
Selecting previously unselected package python3-requests-toolbelt.
Preparing to unpack .../04-python3-requests-toolbelt_0.8.0-1+ubuntu18.04.1+certbot+1_all.deb ...
Unpacking python3-requests-toolbelt (0.8.0-1+ubuntu18.04.1+certbot+1) ...
Selecting previously unselected package python3-tz.
Preparing to unpack .../05-python3-tz_2018.3-2_all.deb ...
Unpacking python3-tz (2018.3-2) ...
Selecting previously unselected package python3-rfc3339.
Preparing to unpack .../06-python3-rfc3339_1.0-4_all.deb ...
Unpacking python3-rfc3339 (1.0-4) ...
Selecting previously unselected package python3-acme.
Preparing to unpack .../07-python3-acme_0.31.0-1+ubuntu18.04.1+certbot+1_all.deb ...
Unpacking python3-acme (0.31.0-1+ubuntu18.04.1+certbot+1) ...
Selecting previously unselected package python3-ndg-httpsclient.
Preparing to unpack .../08-python3-ndg-httpsclient_0.4.4-1_all.deb ...
Unpacking python3-ndg-httpsclient (0.4.4-1) ...
Selecting previously unselected package python3-configargparse.
Preparing to unpack .../09-python3-configargparse_0.11.0-1_all.deb ...
Unpacking python3-configargparse (0.11.0-1) ...
Selecting previously unselected package python3-future.
Preparing to unpack .../10-python3-future_0.15.2-4+ubuntu18.04.1+certbot+3_all.deb ...
Unpacking python3-future (0.15.2-4+ubuntu18.04.1+certbot+3) ...
Selecting previously unselected package python3-parsedatetime.
Preparing to unpack .../11-python3-parsedatetime_2.4-3+ubuntu18.04.1+certbot+3_all.deb ...
Unpacking python3-parsedatetime (2.4-3+ubuntu18.04.1+certbot+3) ...
Selecting previously unselected package python3-zope.hookable.
Preparing to unpack .../12-python3-zope.hookable_4.0.4-4+ubuntu18.04.1+certbot+1_amd64.deb ...
Unpacking python3-zope.hookable (4.0.4-4+ubuntu18.04.1+certbot+1) ...
Selecting previously unselected package python3-zope.event.
Preparing to unpack .../13-python3-zope.event_4.2.0-1_all.deb ...
Unpacking python3-zope.event (4.2.0-1) ...
Selecting previously unselected package python3-zope.component.
Preparing to unpack .../14-python3-zope.component_4.3.0-1+ubuntu18.04.1+certbot+3_all.deb ...
Unpacking python3-zope.component (4.3.0-1+ubuntu18.04.1+certbot+3) ...
Selecting previously unselected package python3-certbot.
Preparing to unpack .../15-python3-certbot_0.31.0-1+ubuntu18.04.1+certbot+1_all.deb ...
Unpacking python3-certbot (0.31.0-1+ubuntu18.04.1+certbot+1) ...
Selecting previously unselected package certbot.
Preparing to unpack .../16-certbot_0.31.0-1+ubuntu18.04.1+certbot+1_all.deb ...
Unpacking certbot (0.31.0-1+ubuntu18.04.1+certbot+1) ...
Selecting previously unselected package libaugeas0:amd64.
Preparing to unpack .../17-libaugeas0_1.10.1-2_amd64.deb ...
Unpacking libaugeas0:amd64 (1.10.1-2) ...
Selecting previously unselected package python3-augeas.
Preparing to unpack .../18-python3-augeas_0.5.0-1+ubuntu18.04.1+certbot+1_all.deb ...
Unpacking python3-augeas (0.5.0-1+ubuntu18.04.1+certbot+1) ...
Selecting previously unselected package python3-certbot-apache.
Preparing to unpack .../19-python3-certbot-apache_0.31.0-1+ubuntu18.04.1+certbot+1_all.deb ...
Unpacking python3-certbot-apache (0.31.0-1+ubuntu18.04.1+certbot+1) ...
Selecting previously unselected package python-certbot-apache.
Preparing to unpack .../20-python-certbot-apache_0.31.0-1+ubuntu18.04.1+certbot+1_all.deb ...
Unpacking python-certbot-apache (0.31.0-1+ubuntu18.04.1+certbot+1) ...
Selecting previously unselected package python3-icu.
Preparing to unpack .../21-python3-icu_1.9.8-0ubuntu1_amd64.deb ...
Unpacking python3-icu (1.9.8-0ubuntu1) ...
Setting up python3-requests-toolbelt (0.8.0-1+ubuntu18.04.1+certbot+1) ...
Setting up python3-pbr (3.1.1-3ubuntu3) ...
update-alternatives: using /usr/bin/python3-pbr to provide /usr/bin/pbr (pbr) in auto mode
Setting up python3-mock (2.0.0-3) ...
Setting up python3-zope.event (4.2.0-1) ...
Setting up python3-icu (1.9.8-0ubuntu1) ...
Setting up python3-configargparse (0.11.0-1) ...
Setting up python3-zope.hookable (4.0.4-4+ubuntu18.04.1+certbot+1) ...
Setting up python3-future (0.15.2-4+ubuntu18.04.1+certbot+3) ...
update-alternatives: using /usr/bin/python3-futurize to provide /usr/bin/futurize (futurize) in auto mode
update-alternatives: using /usr/bin/python3-pasteurize to provide /usr/bin/pasteurize (pasteurize) in auto mode
Processing triggers for libc-bin (2.27-3ubuntu1) ...
Setting up augeas-lenses (1.10.1-2) ...
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...
Setting up python3-ndg-httpsclient (0.4.4-1) ...
Setting up python3-josepy (1.1.0-2+ubuntu18.04.1+certbot+1) ...
Setting up python3-tz (2018.3-2) ...
Setting up python3-parsedatetime (2.4-3+ubuntu18.04.1+certbot+3) ...
Setting up python3-rfc3339 (1.0-4) ...
Setting up python3-zope.component (4.3.0-1+ubuntu18.04.1+certbot+3) ...
Setting up libaugeas0:amd64 (1.10.1-2) ...
Setting up python3-augeas (0.5.0-1+ubuntu18.04.1+certbot+1) ...
Setting up python3-acme (0.31.0-1+ubuntu18.04.1+certbot+1) ...
Setting up python3-certbot (0.31.0-1+ubuntu18.04.1+certbot+1) ...
Setting up certbot (0.31.0-1+ubuntu18.04.1+certbot+1) ...
Created symlink /etc/systemd/system/timers.target.wants/certbot.timer → /lib/systemd/system/certbot.timer.
certbot.service is a disabled or a static unit, not starting it.
Setting up python3-certbot-apache (0.31.0-1+ubuntu18.04.1+certbot+1) ...
Setting up python-certbot-apache (0.31.0-1+ubuntu18.04.1+certbot+1) ...
Processing triggers for libc-bin (2.27-3ubuntu1) ...
root@jaimemontoya:~#
jaimemontoya.com에 대한 인증서를 받으세요:
root@jaimemontoya:~# certbot --apache -d jaimemontoya.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): [email protected]
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for jaimemontoya.com
Enabled Apache rewrite module
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/apache2/sites-available/000-default-le-ssl.conf
Enabled Apache socache_shmcb module
Enabled Apache ssl module
Deploying Certificate to VirtualHost /etc/apache2/sites-available/000-default-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/000-default-le-ssl.conf
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Enabled Apache rewrite module
Redirecting vhost in /etc/apache2/sites-enabled/000-default.conf to ssl vhost in /etc/apache2/sites-available/000-default-le-ssl.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://jaimemontoya.com
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=jaimemontoya.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/jaimemontoya.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/jaimemontoya.com/privkey.pem
Your cert will expire on 2019-09-16. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
www URL을 www가 아닌 URL로 리디렉션하려면 /etc/apache2/sites-available/000-default.conf다음 행으로 이동하여 추가하세요 Redirect permanent / https://jaimemontoya.com/. 이제 파일에는 다음이 포함됩니다.
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/books
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
RewriteEngine on
RewriteCond %{SERVER_NAME} =jaimemontoya.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
Redirect permanent / https://jaimemontoya.com/
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
마지막으로 서버를 다시 시작합니다.
root@jaimemontoya:~# service apache2 restart
인용하다:https://jaimemontoya.com/secure-php-apps/#20190618124343