Let’s Encrypt SSL 인증서

Let’s Encrypt SSL 인증서
https://happist.com/561215/lets-encrypt-ssl-%EC%9D%B8%EC%A6%9D%EC%84%9C-%EC%84%A4%EC%B9%98-%EB%B0%8F-%ED%99%9C%EC%9A%A9-%ED%8C%81-6%EA%B0%80%EC%A7%80/



Let’s Encrypt SSL 인증을 받는 방법에는 standalone 방식과 webroot방식이 있는데요.
standalone 방식은 서버 자체에서 인증을 시도하는 방식이고 
webroot 방식은 외부 웹에서 사이트에 접속해 문제가 없는지를 확인해 이증을 주는 방식입니다.


갱신 시 nginx 등을 중단시킬 필요없이 계속 서버가 작동하는 가운데 갱신 가능
외부 웹을 통한 인증이므로 서버 정보가 노출될 가능성이 적다.
다만 이 방식은 직접 운영하는 도메인을 확인하므로 여러개의 도메인을 한 서버, 사이트에서 등록시키기는 어렵습니다. happist.com, www.happist.com과 같이 한가지 도메인 적용시만 안정적으로 작동합니다. ABC.com과 DEF.com을 동시에 인증이 어렵습니다.


How to install Let’s Encrypt on CentOS 7 with Apache
https://linuxhostsupport.com/blog/how-to-install-lets-encrypt-on-centos-7-with-apache/

VirtualHost 설정 방법

# certbot-apache

동작 안 함

# certbot

----------------------------

TLS 인증서를 Webroot 도메인 인증 방식으로 발급받아 tuwlab-cert라는 이름으로 저장


SSL 적용 사이트 테스트
https://www.ssllabs.com/ssltest/analyze.html?d=www.edison.re.kr&latest


-------------------------

How to Secure Apache with Let's Encrypt on CentOS 7
https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-centos-7



자체 제작 인증서 방식 (안 됨)
https://www.digitalocean.com/community/tutorials/how-to-create-an-ssl-certificate-on-apache-for-centos-7


openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /var/www/certbot/apache-selfsigned.key -out /var/www/certbot/apache-selfsigned.crt

openssl dhparam -out /var/www/certbot/dhparam.pem 2048

cat /var/www/certbot/dhparam.pem | tee -a /var/www/certbot/apache-selfsigned.crt



https://www.tuwlab.com/28563

Let's Encrypt에서도 역시 DV(Domain Validation)급의 TLS 인증서를 무료로 발급해 줍니다.

인증서 유효기간이 3개월(90일)로 매우 짧다는 점