{"id":823,"date":"2020-05-03T16:17:03","date_gmt":"2020-05-03T07:17:03","guid":{"rendered":"https:\/\/www.skyer9.pe.kr\/wordpress\/?p=823"},"modified":"2022-05-02T11:55:40","modified_gmt":"2022-05-02T02:55:40","slug":"lets-encrypt-%ec%99%80%ec%9d%bc%eb%93%9c%ec%b9%b4%eb%93%9c-%ec%9d%b8%ec%a6%9d%ec%84%9c-%eb%b0%9c%ea%b8%89%eb%b0%9b%ea%b8%b0","status":"publish","type":"post","link":"https:\/\/www.skyer9.pe.kr\/wordpress\/?p=823","title":{"rendered":"Let’s encrypt wild \uc778\uc99d\uc11c \ubc1c\uae09\ubc1b\uae30(with Route53)"},"content":{"rendered":"

Let’s encrypt wild \uc778\uc99d\uc11c \ubc1c\uae09\ubc1b\uae30(with Route53)<\/h1>\n

\ucc38\uc870<\/a><\/p>\n

\ud328\ud0a4\uc9c0 \uc124\uce58<\/h2>\n
sudo add-apt-repository ppa:certbot\/certbot\nsudo apt install python-certbot-nginx\nsudo apt install python3-certbot-dns-route53<\/code><\/pre>\n
DNS TXT \uc790\ub3d9\ud654 \uc124\uc815\ucd94\uac00<\/h2>\n
\uc544\ub798\uc5d0 \ucd94\uac00\ud560 \uc778\uc99d\ud0a4\ub294 \uae30\uc874\uc5d0 \uc4f0\uace0 \uc788\ub294 \uc778\uc99d\ud0a4\uac00 \uc544\ub2c8\ub77c, \uc544\ub798\uc5d0\uc11c \uc0c8\ub85c \uc0dd\uc131\ud560 \uc778\uc99d\ud0a4\uc785\ub2c8\ub2e4.<\/p>\n
sudo mkdir -p \/root\/.aws\nsudo vi \/root\/.aws\/credentials\n\n[letsencrypt]\naws_access_key_id={AWS_Access_ID}\naws_secret_access_key={AWS_Secret_Key}<\/code><\/pre>\n
sudo chmod 640 \/root\/.aws\/credentials<\/code><\/pre>\n
IAM \uacc4\uc815\ucd94\uac00<\/h2>\n
aws.route53.letsencrypt<\/code> \uc774\ub77c\ub294 \uc774\ub984\uc73c\ub85c IAM<\/code> \uacc4\uc815\uc744 \ucd94\uac00\ud569\ub2c8\ub2e4.(\uad8c\ud55c\ubd80\uc5ec X)<\/p>\n
\ubc1c\uae09\ubc1b\uc740 \uc778\uc99d\ud0a4\ub97c \uc704 \ud30c\uc77c\uc5d0 \uc785\ub825\ud574\uc90d\ub2c8\ub2e4.<\/p>\n
sudo vi \/root\/.aws\/credentials<\/code><\/pre>\n
\ud638\uc2a4\ud305\uc874\uc544\uc774\ub514\ub97c \ucc3e\uc2b5\ub2c8\ub2e4.<\/p>\n
aws route53 list-hosted-zones-by-name |\n    jq --arg name "skyer9.pe.kr." \\\n    -r '.HostedZones | .[] | select(.Name=="\\($name)") | .Id'<\/code><\/pre>\n
\uc815\ucc45\uc0dd\uc131\uc744 \ud558\uace0 \uc544\ub798 \ub0b4\uc6a9\uc744 \uc785\ub825\ud569\ub2c8\ub2e4.
\n\uc704\uc5d0\uc11c \ucc3e\uc740 \ud638\uc2a4\ud305\uc874\uc544\uc774\ub514<\/code> \ub97c \uc785\ub825\ud574 \uc90d\ub2c8\ub2e4.<\/p>\n
{\n    "Version": "2012-10-17",\n\n    "Statement": [\n        {\n            "Effect": "Allow",\n            "Action": [\n                "route53:ListHostedZones",\n                "route53:GetChange"\n            ],\n            "Resource": [\n                "*"\n            ]\n        },\n        {\n            "Effect" : "Allow",\n            "Action" : [\n                "route53:ChangeResourceRecordSets"\n            ],\n            "Resource" : [\n                "arn:aws:route53:::hostedzone\/\ud638\uc2a4\ud305\uc874\uc544\uc774\ub514"\n            ]\n        }\n    ]\n}<\/code><\/pre>\n
\uc815\ucc45\uc744 \uc704\uc5d0\uc11c \uc0dd\uc131\ud55c \uacc4\uc815\uc5d0 \ubd80\uc5ec\ud569\ub2c8\ub2e4.<\/p>\n
\uc778\uc99d\uc11c \uc0dd\uc131<\/h2>\n
\uae30\uc874\uc5d0 \ub2e4\ub978 IAM \uc778\uc99d\ud0a4\uac00 \uc788\ub2e4\uba74 \uc7a0\uc2dc \uc62e\uaca8\uc90d\ub2c8\ub2e4.<\/p>\n
mv ~\/.aws\/credentials ~\/.aws\/credentials.bak<\/code><\/pre>\n
\uc544\ub798 \uba85\ub839\uc73c\ub85c \uc778\uc99d\uc11c\ub97c \uc0dd\uc131\ud569\ub2c8\ub2e4.<\/p>\n
sudo certbot certonly --dns-route53 -n \\\n  -d *.skyer9.pe.kr \\\n  -d skyer9.pe.kr \\\n  --server https:\/\/acme-v02.api.letsencrypt.org\/directory<\/code><\/pre>\n
mv ~\/.aws\/credentials.bak ~\/.aws\/credentials<\/code><\/pre>\n
\uc778\uc99d\uc11c \uc790\ub3d9 \uac31\uc2e0<\/h2>\n
sudo crontab -e\n# \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500 min (0 - 59)\n# \u2502 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500 hour (0 - 23)\n# \u2502 \u2502 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500 day of month (1 - 31)\n# \u2502 \u2502 \u2502 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500 month (1 - 12)\n# \u2502 \u2502 \u2502 \u2502 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500 day of week (0 - 6) (0 to 6 are Sunday to\n# \u2502 \u2502 \u2502 \u2502 \u2502                  Saturday, or use names; 7 is also Sunday)\n# \u2502 \u2502 \u2502 \u2502 \u2502\n# \u2502 \u2502 \u2502 \u2502 \u2502\n# * * * * *  command to execute\n30 6 22 * * \/usr\/bin\/certbot renew --renew-hook="systemctl reload nginx"<\/code><\/pre>\n
\uc778\uc99d\uc11c \uc0c1\ud0dc \ud655\uc778<\/h2>\n
sudo certbot certificates<\/code><\/pre>\n
Route53 \uc744 \uc774\uc6a9\ud55c \uc5c5\ub370\uc774\ud2b8 \uc2e4\ud328\uc2dc \uc784\uc2dc\uc870\uce58<\/h2>\n
\uc218\ub3d9\ubaa8\ub4dc\ub85c \uc5c5\ub370\uc774\ud2b8\ud55c\ub2e4.<\/p>\n
sudo certbot certonly --manual  --preferred-challenges=dns \\\n  -d *.skyer9.pe.kr \\\n  -d skyer9.pe.kr \\\n  --server https:\/\/acme-v02.api.letsencrypt.org\/directory<\/code><\/pre>\n
\uc911\uac04\uc5d0 Route53 \uc5d0 _acme-challenge.skyer9.pe.kr \uc11c\ube0c\ub3c4\uba54\uc778\uc744 \ucd94\uac00\ud558\ub77c\uace0 \ud55c\ub2e4.
\nTXT \uc720\ud615\uc73c\ub85c \ud558\uace0 \uac12\uc744 \uc785\ub825\ud558\ub77c\uace0 \ud558\ub294 \ub79c\ub364\ubb38\uc790\uc5f4\uc744 \uc785\ub825\ud574\uc900\ub2e4.
\n2022-04-30 \uae30\uc900\uc73c\ub85c \ub530\uc634\ud45c\ub294 \uc790\ub3d9\uc73c\ub85c \uc785\ub825\ub418\ubbc0\ub85c \uc785\ub825\ud574\uc8fc\uc9c0 \uc54a\ub294\ub2e4.<\/p>\n","protected":false},"excerpt":{"rendered":"
Let’s encrypt wild \uc778\uc99d\uc11c \ubc1c\uae09\ubc1b\uae30(with Route53) \ucc38\uc870 \ud328\ud0a4\uc9c0 \uc124\uce58 sudo add-apt-repository ppa:certbot\/certbot sudo apt install python-certbot-nginx sudo apt install python3-certbot-dns-route53 DNS TXT \uc790\ub3d9\ud654 \uc124\uc815\ucd94\uac00 \uc544\ub798\uc5d0 \ucd94\uac00\ud560 \uc778\uc99d\ud0a4\ub294 \uae30\uc874\uc5d0 \uc4f0\uace0 \uc788\ub294 \uc778\uc99d\ud0a4\uac00 \uc544\ub2c8\ub77c, \uc544\ub798\uc5d0\uc11c \uc0c8\ub85c \uc0dd\uc131\ud560 \uc778\uc99d\ud0a4\uc785\ub2c8\ub2e4. sudo mkdir -p \/root\/.aws sudo vi \/root\/.aws\/credentials [letsencrypt] aws_access_key_id={AWS_Access_ID} aws_secret_access_key={AWS_Secret_Key} sudo chmod 640 \/root\/.aws\/credentials IAM \uacc4\uc815\ucd94\uac00 aws.route53.letsencrypt \uc774\ub77c\ub294 \uc774\ub984\uc73c\ub85c\u2026 Read More »<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7,12],"tags":[],"class_list":["post-823","post","type-post","status-publish","format-standard","hentry","category-aws","category-devops"],"_links":{"self":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/823","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=823"}],"version-history":[{"count":9,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/823\/revisions"}],"predecessor-version":[{"id":5347,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/823\/revisions\/5347"}],"wp:attachment":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=823"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=823"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=823"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}