1. 설치
# cd /usr/local
# yum install epel-release
# rpm -ivh https://rhel6.iuscommunity.org/ius-release.rpm
# yum install git python27 python27-devel python27-pip python27-setuptools python27-virtualenv python27-libs
# git clone https://github.com/certbot/certbot
# chattr -i /usr/bin/gcc /usr/bin/g++
# cd /usr/local/certbot
# /usr/local/certbot/certbot-auto certonly
# chmod 700 /usr/bin/gcc /usr/bin/g++;chattr +i /usr/bin/gcc /usr/bin/g++
# cd /usr/local/certbot
# ./certbot-auto certonly --server https://acme-v01.api.letsencrypt.org/directory \
--rsa-key-size 4096 --agree-tos --email enteroa.j@gmail.com \
--webroot -w /free/home/enteroa/html/ \
-d wp.enteroa.kr
2. 아파치 설정(/extra/httpd-ssl.conf)
SSLProtocol ALL -SSLv2 -SSLv3
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
SSLHonorCipherOrder on
Listen 443
<VirtualHost *:443>
DocumentRoot /free/home/enteroa/html
ServerName wp.enteroa.kr
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/wp.enteroa.kr/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/wp.enteroa.kr/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/wp.enteroa.kr/chain.pem
SSLCACertificateFile /etc/letsencrypt/live/wp.enteroa.kr/fullchain.pem
Header always set Strict-Transport-Security "max-age=15552000"
</VirtualHost>
'linux, windows' 카테고리의 다른 글
윈도우 스케쥴러 설정 (0) | 2017.10.25 |
---|---|
svn 체크아웃 (0) | 2017.10.11 |
CentOS - CPU 점유율이 80% 이상일때 (0) | 2015.06.19 |
IIS 용량 업로드 / 다운로드 용량 늘이기 (0) | 2015.04.24 |
apache에서 한글파일명 인식 안될때 조치 (0) | 2015.03.23 |