Let's Encrypt (๋ฌด๋ฃŒ SSL ์ธ์ฆ์„œ) ์„ค์น˜์™€ ํ™œ์šฉ

๋ฐ˜์‘ํ˜•

3๊ฐœ์›” ์ „, Mozilla์—์„œ ์‹œ์ž‘๋œ ๋ฌด๋ฃŒ SSL ์ธ์ฆ์„œ ๋ฐœ๊ธ‰ ํ”„๋กœ์ ํŠธ๊ฐ€ ์žˆ์—ˆ๋Š”๋ฐ, ๊ทธ ํ”„๋กœ์ ํŠธ์˜ ์ด๋ฆ„์€ Let's Encrypt๋ผ๊ณ  ํ•˜๋Š” ํ”„๋กœ์ ํŠธ์˜€์Šต๋‹ˆ๋‹ค.


์‚ฌ์‹ค SSL์„ ์‚ฌ์šฉํ•œ HTTPS ๋ณด์•ˆ ํ”„๋กœํ† ์ฝœ์˜ ๋“ฑ์žฅ์€ ํŒจํ‚ท ์Šค๋‹ˆํ•‘์œผ๋กœ ๋†€์ดํ„ฐ๊ฐ€ ์›น ํ™˜๊ฒฝ์„ ํ•ดํ‚น์œผ๋กœ๋ถ€ํ„ฐ ๋ฌด๋ ฅํ™” ์‹œํ‚ค๋Š” ๊ฐ€์žฅ ํ•ต์‹ฌ์ ์ธ ๊ธฐ์ˆ ์ž…๋‹ˆ๋‹ค. ํ•˜์ง€๋งŒ ์ด SSL์€ ๊ธฐ์ˆ  ํŠน์„ฑ์ƒ ์ œ3์ž ์„œ๋ฒ„์˜ ์ธ์ฆ์„ ๋ฐ›์•„์•ผ ํ•˜๋Š”๋ฐ, ๊ทธ ๋•Œ๋ฌธ์— SSL ์ธ์ฆ์„œ ๋น„์šฉ์ด ๋ถ€๊ณผ๋˜์–ด ์ฃผ๋ณ€ ์‚ฌ์ดํŠธ๋“ค์ด ๋น„์šฉ๋ฌธ์ œ๋กœ ์ ์šฉํ•˜์ง€ ์•Š๋Š” ์‚ฌ์ดํŠธ๋“ค์ด ๋งŽ์Šต๋‹ˆ๋‹ค.(ํŠนํžˆ ๊ตญ๋‚ด๊ถŒ ์‚ฌ์ดํŠธ)


๊ทธ๋Ÿฐ๋ฐ, ์ด๋ฅผ ๋ฌด๋ฃŒํ™” ์‹œํ‚ค๋Š” ํ”„๋กœ์ ํŠธ๊ฐ€ ๋ฐ”๋กœ Let's Encrypt์ธ๋ฐ, ํ˜„์žฌ ๊ณต๊ฐœ ๋ฒ ํƒ€ ์„œ๋น„์Šค๊ฐ€ ์ง„ํ–‰ ์ค‘์— ์žˆ์œผ๋ฉฐ Python์„ ์„ค์น˜ํ•  ์ˆ˜ ์žˆ๋Š” ์šด์˜์ฒด์ œ๋ผ๋ฉด ์–ด๋””์„œ๋“ ์ง€ ์‚ฌ์šฉ์ด ๊ฐ€๋Šฅํ•ฉ๋‹ˆ๋‹ค.


Let's Encrypt !  




ํ˜„์žฌ๋Š” mozilla ๋ฟ๋งŒ ์•„๋‹ˆ๋ผ Google, Facebook๊ณผ ๊ฐ™์€ ์„ธ๊ณ„ ๋Œ€ํ‘œ ๊ธฐ์—…๋“ค๋„ ์ด ํ”„๋กœ์ ํŠธ์— ๊ต‰์žฅํ•œ ์Šคํฐ์„œ๋กœ ์ง€์›ํ•˜๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค.



Let's Encrypt ์„ค์น˜

Let's Encrypt ์„ค์น˜๋ฅผ ์œ„ํ•ด์„œ๋Š” ์•„๋ž˜์˜ ์ค€๋น„๋ฌผ์ด ํ•„์š”ํ•ฉ๋‹ˆ๋‹ค.

 

    - git

    - python (2.7 ๊ถŒ์žฅ)

 

Python์€ 3.0์ด์–ด๋„ ์ƒ๊ด€์—†์ง€๋งŒ ํ™ˆํŽ˜์ด์ง€์—์„œ๋Š” 2.7์„ ๊ถŒ์žฅํ•˜๊ณ  ์žˆ๋‹ค. ๊ฐœ๋ฐœ ํ™˜๊ฒฝ๋„ 2.7์—์„œ ํ•œ ๋“ฏํ–‡์Šต๋‹ˆ๋‹ค.


๋จผ์ € git๊ณผ Python์„ ์„ค์น˜ํ•ฉ๋‹ˆ๋‹ค. 

(์„ค์น˜๊ฐ€ ๋œ ์‚ฌ๋žŒ์€ ์ด ๊ณผ์ •์„ ์ƒ๋žต...)


Debian Linux

$ sudo apt-get install git python2.7

(# apt-get install git python2.7)


RedHat Linux (CentOS)

$ sudo yum install git python2.7

(# yum install git python2.7)


git๊ณผ python2.7 ์„ค์น˜๊ฐ€ ๋๋‚ฌ์œผ๋ฉด git์„ ์ด์šฉํ•ด์„œ letsencrypt ํŒจํ‚ค์ง€๋ฅผ ๋ฐ›์•„์•ผ ํ•ฉ๋‹ˆ๋‹ค.

๊ทธ ์ „์—, ์„ ํ–‰ํ•ด์•ผํ•  ๊ฒƒ์ด ์žˆ์Šต๋‹ˆ๋‹ค.


์ผ๋‹จ ๋ณธ ํฌ์ŠคํŠธ์—์„œ๋Š” letsencrypt๋ฅผ ์ €์˜ ์„œ๋ฒ„์— ๋งž์ถฐ ํ™ˆ ๋””๋ ‰ํ† ๋ฆฌ ๋‚ด์— ์„ค์น˜ํ•  ๊ฒƒ์ž…๋‹ˆ๋‹ค. ํ•˜์ง€๋งŒ ์—ฌ๊ธฐ์„œ ๊ถŒ๊ณ ๋“œ๋ฆด ๊ฒƒ์€ letsencrypt๋ฅผ ์‚ฌ์šฉํ•ด์„œ SSL ์ธ์ฆ์„œ๋ฅผ ๋ฐœ๊ธ‰๋ฐ›์„ ๋•Œ, ์—ฌ๋Ÿฌ๊ฐ€์ง€ ๊ถŒํ•œ์— ์ œ์•ฝ์„ ๋ฐ›์Šต๋‹ˆ๋‹ค. ๊ทธ๋Ÿฌ๋ฏ€๋กœ ๋ฐ˜๋“œ์‹œ "๊ด€๋ฆฌ์ž" ๊ถŒํ•œ(root)์„ ๊ฐ€์ง€๊ณ  ์žˆ๋Š” ์‚ฌ์šฉ์ž์˜ ๋””๋ ‰ํ† ๋ฆฌ ์‚ฌ์šฉ์„ ๊ถŒ์žฅํ•ฉ๋‹ˆ๋‹ค.


๋Œ€ํ‘œ์ ์œผ๋กœ /root ๋””๋ ‰ํ† ๋ฆฌ๊ฐ€ ๊ฐ€์žฅ ๋ฌด๋‚œํ•ฉ๋‹ˆ๋‹ค. ํ•˜์ง€๋งŒ ๊ฐ„ํ˜น ์šฐ๋ถ„ํˆฌ ๋ฆฌ๋ˆ…์Šค ์„œ๋ฒ„๋ฅผ ์‚ฌ์šฉํ•˜๊ณ  ๊ณ„์‹  ๊ด€๋ฆฌ์ž ๋ถ„๋“ค์ด sudo ๋ฅผ ์‚ฌ์šฉํ•˜๋ฉด์„œ ๊ด€๋ฆฌ์ž๊ฐ€ root ๊ณ„์ •์ด ์•„๋‹Œ ๋‹ค๋ฅธ ๊ณ„์ •์œผ๋กœ ์‚ฌ์šฉํ•˜๋Š” ๊ฒฝ์šฐ๊ฐ€ ๊ฐ„ํ˜น ์žˆ์Šต๋‹ˆ๋‹ค. (ํ•„์ž๋„ ๊ทธ๋ ‡๊ฒŒ ์‚ฌ์šฉํ•ฉ๋‹ˆ๋‹ค.) ์ด๋Ÿฐ ๊ฒฝ์šฐ, sudo ๊ถŒํ•œ์„ ๊ฐ€์ง€๊ณ  ์žˆ๋Š” ์‚ฌ์šฉ์ž ํ™ˆ ๋””๋ ‰ํ† ๋ฆฌ ๋‚ด๋ถ€์— ๋„ฃ๋Š” ๊ฒƒ์„ ์ถ”์ฒœํ•ฉ๋‹ˆ๋‹ค. 


$ git clone https://github.com/letsencrypt/letsencrypt


# git clone https://github.com/letsencrypt/letsencrypt


์ ๋‹นํ•œ ๋””๋ ‰ํ† ๋ฆฌ๋ฅผ ์„ ์ •ํ•˜๊ณ  ๋‚œ ํ›„, ์œ„ ๋ช…๋ น์–ด๋ฅผ ์ž…๋ ฅํ•ด์ฃผ์„ธ์š”. ์ž˜๋ชป๋œ ๋””๋ ‰ํ† ๋ฆฌ ์„ ์ •์œผ๋กœ ์ธํ•˜์—ฌ ์ธ์ฆ์„œ ๋ฐœ๊ธ‰์ด ์ œ๋Œ€๋กœ ๋˜์ง€ ์•Š์„ ์ˆ˜ ์žˆ์Œ์„ ๊ผญ ์ฐธ๊ณ ํ•˜์‹œ๊ธฐ ๋ฐ”๋ž๋‹ˆ๋‹ค.


$ cd letsencrypt/

$ ./letsencrypt-auto


# cd letsencrypt/

# ./letsencrypt-auto


cd ๋ช…๋ น์–ด๋ฅผ ์‚ฌ์šฉํ•ด์„œ letsencrypt ๋””๋ ‰ํ† ๋ฆฌ๋กœ ์ด๋™ํ•œ ํ›„, Python Script ์ฝ”๋“œ๋ฅผ ์‹คํ–‰ํ•ด์ค๋‹ˆ๋‹ค.. 


์‹คํ–‰ํ•  ๋•Œ, root ์‚ฌ์šฉ์ž์ธ ๊ฒฝ์šฐ, ๋ฐ”๋กœ ์ง„ํ–‰๋˜๊ณ , sudo ๋ฅผ ์‚ฌ์šฉํ•˜๋ฉด, ๋น„๋ฐ€๋ฒˆํ˜ธ๋ฅผ ๋ฌป์Šต๋‹ˆ๋‹ค.



์œ„ ํ™”๋ฉด์€ ์ œ๊ฐ€ ํ˜„์žฌ ์‚ฌ์šฉํ•˜๊ณ  ์žˆ๋Š” sudo ๊ณ„์ •์ผ ๊ฒฝ์šฐ์˜ ํ™”๋ฉด์ž…๋‹ˆ๋‹ค. ๋˜ํ•œ ์ด ์Šคํฌ๋ฆฝํŠธ๋Š” $HOME(ํ™ˆ ๋””๋ ‰ํ† ๋ฆฌ ๋ณ€์ˆ˜)๋ฅผ ์‚ฌ์šฉํ•˜๊ธฐ ๋•Œ๋ฌธ์— sudo -s๋ฅผ ์‚ฌ์šฉํ•ด์„œ root๋กœ ๊ณ„์ •์ด ์ „ํ™˜๋˜์—ˆ๋‹ค ํ•˜๋”๋ผ๋„ /root๋ฅผ ๊ฐ€๋ฆฌํ‚ค์ง€ ์•Š์Œ์„ ์œ ์˜ํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค.





์Šคํฌ๋ฆฝํŠธ๊ฐ€ ์„œ๋ฒ„์— ํ˜„์žฌ ๊ตฌ๋™ ์ค‘์ธ ๋„๋ฉ”์ธ ์ฃผ์†Œ๋ฅผ ์ˆ˜์ง‘ํ–ˆ๋‹ค๋ฉด ์œ„ ํ™”๋ฉด์ฒ˜๋Ÿผ ์‚ฌ์šฉํ•˜๊ณ  ์žˆ๋Š” ๋„๋ฉ”์ธ์„ ๋ฆฌ์ŠคํŠธ๋กœ ๋ฟŒ๋ ค์ค๋‹ˆ๋‹ค. ๋ฟŒ๋ ค์ง„ ๋„๋ฉ”์ธ ์ค‘์—์„œ ์›ํ•˜๋Š” ๋„๋ฉ”์ธ์— Space Bar๋ฅผ ๋ˆ„๋ฅด๊ณ  OK๋ฅผ ํด๋ฆญํ•˜๋ฉด SSL ์ธ์ฆ์„œ ๋ฐœ๊ธ‰๊ณผ ํ•จ๊ป˜ ์ž๋™์œผ๋กœ ํ•ด๋‹น ๋„๋ฉ”์ธ์— HTTPS ํ”„๋กœํ† ์ฝœ์„ ์ ์šฉ์‹œ์ผœ์ค๋‹ˆ๋‹ค.





์—ฌ๊ธฐ์„œ ํ•ญ๋ชฉ์ด ๋‘ ๋ถ„๋ฅ˜๋กœ ๋‚˜๋‰˜๊ฒŒ ๋˜๋Š”๋ฐ, EASY์˜ ๊ฒฝ์šฐ, ํŽ˜์ด์ง€ ํ•˜๋‚˜๋งŒ HTTPS๋กœ ์•”ํ˜ธํ™” ํ•˜์ง€๋งŒ Secure์˜ ๊ฒฝ์šฐ, ํŽ˜์ด์ง€ ์ „ํ™˜ํ•˜๋Š” ์‹œ์  ๋ชจ๋‘๋ฅผ ์•”ํ˜ธํ™” ์‹œํ‚จ๋‹ค๋Š” ์ ์— ์ฐจ์ด๊ฐ€ ์žˆ์Šต๋‹ˆ๋‹ค. 




์ ์šฉ์ด ์™„๋ฃŒ๋˜๋ฉด, ์œ„ ํ™”๋ฉด์ด ๋‚˜ํƒ€๋‚˜๊ฒŒ ๋ฉ๋‹ˆ๋‹ค.



Let's Encrypt ํ™œ์šฉ

์ ์šฉ์€ ๋˜์—ˆ๋Š”๋ฐ, ์–ด๋–ป๊ฒŒ ์ ์šฉ๋˜์—ˆ๋Š”์ง€ ๊ถ๊ธˆํ•˜์‹  ๋ถ„๋“ค์„ ์œ„ํ•ด์„œ ์กฐ๊ธˆ ์ •๋ฆฌ๋ฅผ ํ•ด๋ณด๊ฒ ์Šต๋‹ˆ๋‹ค.



์ผ๋‹จ ์ผ๋ฐ˜ HTTP๋กœ ์„ค์ •ํ–ˆ๋˜ ํŒŒ์ผ์ด first.xyz.neonkid.conf ํŒŒ์ผ์ด๊ณ , LetsEncrypt-auto๊ฐ€ ์ž๋™์œผ๋กœ SSL์„ ์ ์šฉ์‹œ์ผœ์ค€ ํŒŒ์ผ์€ ๋’ค์— le-ssl์ด ๋ถ™์–ด ์žˆ์Šต๋‹ˆ๋‹ค. 



๊ธฐ๋ณธ์ ์œผ๋กœ ๊ฐ€์ง€๊ณ  ์žˆ์—ˆ๋˜ first.xyz.neonkid.conf ํŒŒ์ผ์— ์œ„์— ๋‘ ์ค„์ด ์ถ”๊ฐ€๋˜์–ด ์žˆ์Šต๋‹ˆ๋‹ค. ์œ„์— ๋‘ ์ค„์€ ํด๋ผ์ด์–ธํŠธ๊ฐ€ 80๋ฒˆ ํฌํŠธ๋กœ ์ ‘์†ํ–ˆ์„ ๋•Œ, ์ž๋™์œผ๋กœ HTTPS ์ฃผ์†Œ๋กœ ๋ฐ”๊ฟ”์ฃผ๋„๋ก Redirecting ํ•˜๋Š” ์ž‘์—…์„ ํ•ด์ฃผ๋„๋ก ํ•ฉ๋‹ˆ๋‹ค.



first.xyz.neonkid-le-ssl.conf ํŒŒ์ผ์—๋Š” ๊ธฐ๋ณธ ์„ค์ •๊ฐ’๊ณผ ๋™์‹œ์— ์œ„ 4์ค„์ด ์ถ”๊ฐ€๋ฉ๋‹ˆ๋‹ค. ์œ„ 4์ค„์€ ์„œ๋ฒ„์˜ ๊ณต๊ฐœํ‚ค์™€ ๊ฐœ์ธํ‚ค๊ฐ€ ์ƒ์„ฑ๋˜๊ณ , ์‚ฌ์šฉ๋˜๋Š” ๊ฒฝ๋กœ์ž…๋‹ˆ๋‹ค. ์‚ฌ์‹ค letsencrypt ์„ค์น˜ ๊ฒฝ๋กœ/live์— ์ €์žฅ๋˜๋ฏ€๋กœ ๋ฐœ๊ธ‰ ์ดํ›„ ์œ„ ๊ฒฝ๋กœ๋ฅผ ์ˆ˜๋™์œผ๋กœ ์ง€์ •ํ•ด์ฃผ๊ณ , ์„ค์ •๊ฐ’์„ include ์‹œ์ผœ์ฃผ๋ฉด SSL์ด ์ ์šฉ๋˜๋Š” ์…ˆ์ž…๋‹ˆ๋‹ค.


๋ฐœ๊ธ‰๋œ ํ‚ค์˜ ์œ ํšจ๊ธฐ๊ฐ„์€ 3๊ฐœ์›”์œผ๋กœ, 3๊ฐœ์›”์ด ์ง€๋‚˜๋ฉด ์ž๋™ ๊ฐฑ์‹ ์ด ๋˜์ง€ ์•Š๊ณ , ์ˆ˜์‹œ๋กœ ๊ฐฑ์‹ ์„ ํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค.




์œ„์™€ ๊ฐ™์€ ํ™œ์šฉ๋ฐฉ๋ฒ•์„ ์ ์šฉํ•ด๋ณด๋ฉด, SSL ์ธ์ฆ์„œ๋ฅผ ์‚ญ์ œ/์ ์šฉํ•˜๋Š” ๋ฒ•๋„ ๊ฐ„๋‹จํ•˜๊ฒŒ ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.


๋จผ์ €, first.xyz.neonkid.conf ํŒŒ์ผ์— ์ ํ˜€์žˆ๋Š” ์œ„์—  ๋‘ ์ค„๋งŒ์„ ์ง€์›Œ์ฃผ๊ณ , ์ €์žฅํ•ฉ๋‹ˆ๋‹ค.


$ sudo vim first.xyz.neonkid.conf 


# vim first.xyz.neonkid.conf


๋‘ ๋ฒˆ์งธ๋กœ, first.xyz.neonkid-le-ssl.conf ํŒŒ์ผ์„ ์‚ญ์ œํ•ฉ๋‹ˆ๋‹ค.


$ sudo rm -rf first.xyz.neonkid-le-ssl.conf 


# rm -rf first.xyz.neonkid-le-ssl.conf

โ€ป sites-enabled/ ๋‚ด์— ์žˆ๋Š” first.xyz.neonkid-le-ssl.conf๋„ ์‚ญ์ œํ•˜์…”์•ผ ํ•ฉ๋‹ˆ๋‹ค.


$ sudo service apache2 reload


# service apache2 reload


Apache ์„œ๋ฒ„๋ฅผ Reload ์‹œ์ผœ์ค๋‹ˆ๋‹ค. 

์ด ๋•Œ, ERROR๊ฐ€ ๋ฐœ์ƒํ•œ๋‹ค๋ฉด, sites-enabled/ ๋””๋ ‰ํ† ๋ฆฌ๋ฅผ ๋ฐ˜๋“œ์‹œ ํ™•์ธ๋ฐ”๋ž๋‹ˆ๋‹ค.


์ด ๊ฒƒ์œผ๋กœ SSL ์ธ์ฆ์„œ๋ฅผ ํ•ด๋‹น ๋„๋ฉ”์ธ์—์„œ ํ•ด์ œํ•˜๋Š” ๊ฒƒ์€ ์„ฑ๊ณตํ•˜์˜€์Šต๋‹ˆ๋‹ค.

๋‹ค์‹œ ์ ์šฉํ•˜๋ ค๋ฉด ์œ„ ์‚ญ์ œํ•œ ํŒŒ์ผ๊ณผ ์ง€์›Œ์ง„ ๋‘ ์ค„์„ ๋ณต๊ตฌํ•˜์‹œ๊ณ , reload ํ•˜์‹œ๋ฉด ๋ฉ๋‹ˆ๋‹ค.



ํ•˜์ง€๋งŒ ๋ฐœ๊ธ‰๋œ SSL ์ธ์ฆ์„œ๊ฐ€ ์‚ญ์ œ๋œ ๊ฒƒ์€ ์•„๋‹™๋‹ˆ๋‹ค.

์˜๊ตฌ์ ์œผ๋กœ ํ•ด๋‹น ๋„๋ฉ”์ธ์˜ ๋ฐœ๊ธ‰๋œ ์ธ์ฆ์„œ๋ฅผ ์ง€์›Œ๋ณด๋„๋ก ํ•˜๊ฒ ์Šต๋‹ˆ๋‹ค.

๋ฐœ๊ธ‰๋œ ์ธ์ฆ์„œ๋ฅผ ์‚ญ์ œํ•  ๊ฒฝ์šฐ, ๋‹ค์‹œ ํ•ด๋‹น ์ธ์ฆ์„œ๋กœ SSL ์‚ฌ์ดํŠธ๋ฅผ ๊ตฌ์ถ•ํ•  ์ˆ˜ ์—†์Œ์„ ์ฐธ๊ณ ํ•˜์‹œ๊ธฐ ๋ฐ”๋ž๋‹ˆ๋‹ค.


๋จผ์ €, letsencrypt๊ฐ€ ์„ค์น˜๋œ ๊ฒฝ๋กœ๋กœ ์ด๋™ํ•ฉ๋‹ˆ๋‹ค (๊ธฐ๋ณธ: /etc/letsencrypt)


$ cd live/

$ sudo rm -rf "domain"


$ cd archive/

$ sudo rm -rf "domain"


$ cd renewal/

$ sudo rm -rf "domain.conf*"


# cd live/

# rm -rf "domain"


# cd archive/

# rm -rf "domain"


# cd renewal/

# rm -rf "domain.conf*"


์‚ญ์ œํ•ด์•ผํ•  ํŒŒ์ผ๊ณผ ํด๋”๋Š” ์ด 3๊ฐœ์ด๋ฉฐ, ์ด 3๊ฐœ๊ฐ€ ๋ชจ๋‘ ์‚ญ์ œ๋˜์–ด์•ผ ์™„๋ฒฝํžˆ ์ธ์ฆ์„œ์˜ ํšจ๋ ฅ์„ ์žƒ๊ฒŒ ๋˜๊ณ , ์ฐจํ›„ ์ƒˆ๋กœ์ด ์ธ์ฆ์„œ๋ฅผ ์ƒ์„ฑํ•  ๋•Œ, ์˜ค๋ฅ˜๋ฅผ ๋ฟœ์ง€ ์•Š์œผ๋ฏ€๋กœ ํ™•์‹คํ•˜๊ฒŒ ์ฐธ๊ณ ํ•˜์‹œ๊ธฐ ๋ฐ”๋ž๋‹ˆ๋‹ค.

๋ฐ˜์‘ํ˜•
TAGS.

Tistory Comments