20211118 - Let's Encrypt SSL, certbot renewal

1. Let's Encrypt 무료 SSL을 사용하고 있고 조만간 만료가 예정되어 있음

2. 보안을 위해서 package 들을 최신 상태로 업데이트하고 certbot certonly 실행

아니면 certbot renew 로 하면 물어보는 창 없이 바로 실행됨

-- Let's Encrypt

-----------------

sudo su -

yum update -y

certbot certonly

pip install -U pip

pip install cryptography --upgrade

certbot certonly

nginx -t

nginx -s reload

-------------------

certbot renew

systemctl stop nginx

systemctl start nginx

systemctl status nginx

별개의 추가 설정 사항

vi /etc/nginx/conf.d/jkincloud.com.conf

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

Cron Job

vi /root/othermonthrenew.sh

certbot renew --force-renewal

systemctl stop nginx

systemctl start nginx

systemctl status nginx

crontab -e

1 0 1 2,4,6,8,10,12 * /root/othermonthrenew.sh >> /tmp/othermonthrenew.log 2>&1

chmod +x /root/othermonthrenew.sh

ex)

1 11 3 * * <SHELL_PATH>

분 시 일 월 요일 쉘스크립트경로

매월 첫째주 일요일 새벽 1시

0 1 * * 0 [ "$(date +\%d)" -le 07 ] && /path/to/your/script.sh

------------------

timedatectl

sudo timedatectl set-timezone Asia/Seoul

timedatectl

sudo systemctl restart chronyd

date

sudo shutdown -r

------------------

sudo timedatectl set-timezone Asia/Kuala_Lumpur

참고1

certbot certificates

certbot update_account --email yourname+1@example.com

https://eff-certbot.readthedocs.io/en/stable/using.html#automated-renewals

참고2

http://dgielis.blogspot.com/2019/12/free-oracle-cloud-16-renewing-lets.html

https://docs.oracle.com/en/learn/oracle-linux-crontab/index.html#check-your-cron-entry-output

https://jdm.kr/blog/2

https://velog.io/@jay2u8809/Crontab%ED%81%AC%EB%A1%A0%ED%83%AD-%EC%8B%9C%EA%B0%84-%EC%84%A4%EC%A0%95