뻔뻔한 개발자

CertBot 인증서 갱신

1. Dry run

[root@web03]# sudo certbot renew --dry-run

(해당 명령어는 서버에 등록된 인증서 체크 인증서 적용 이 가능한지 확인 하는 명령어)

Saving debug log to /var/log/letsencrypt/letsencrypt.log
 
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/web03.mydomain.com.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for web03.mydomain.com
Waiting for verification...
Cleaning up challenges
 
-------------------------------------------------------------------------------
new certificate deployed with reload of apache server; fullchain is
/etc/letsencrypt/live/web03.mydomain.com/fullchain.pem
-------------------------------------------------------------------------------
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates below have not been saved.)
 
Congratulations, all renewals succeeded. The following certs have been renewed:
  /etc/letsencrypt/live/web03.mydomain.com/fullchain.pem (success)
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates above have not been saved.)

성공 여부 확인 후, 실제 갱신 작업 수행...

2. run

[root@web03]# certbot renew

(해당 명령어는 인증서 갱신하는 명령어 이고, 실행시 서비스 재시작 없이 즉시 인증서 갱신이 진행된다.)

Saving debug log to /var/log/letsencrypt/letsencrypt.log
 
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/web03.mydomain.com.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for web03.mydomain.com
Waiting for verification...
Cleaning up challenges
 
-------------------------------------------------------------------------------
new certificate deployed with reload of apache server; fullchain is
/etc/letsencrypt/live/web03.mydomain.com/fullchain.pem
-------------------------------------------------------------------------------
 
Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/web03.mydomain.com/fullchain.pem (success) 

-끝-