1. 설치
# cd /usr/local
# yum install epel-release
# rpm -ivh https://rhel6.iuscommunity.org/ius-release.rpm
# yum install git python27 python27-devel python27-pip python27-setuptools python27-virtualenv python27-libs
# git clone https://github.com/certbot/certbot
# chattr -i /usr/bin/gcc /usr/bin/g++
# cd /usr/local/certbot
# /usr/local/certbot/certbot-auto certonly
# chmod 700 /usr/bin/gcc /usr/bin/g++;chattr +i /usr/bin/gcc /usr/bin/g++
# cd /usr/local/certbot
# ./certbot-auto certonly --server https://acme-v01.api.letsencrypt.org/directory \
                   --rsa-key-size 4096 --agree-tos --email enteroa.j@gmail.com \
                   --webroot -w /free/home/enteroa/html/ \
                   -d wp.enteroa.kr
 
2. 아파치 설정(/extra/httpd-ssl.conf)
SSLProtocol            ALL -SSLv2 -SSLv3
SSLCipherSuite         ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
SSLHonorCipherOrder    on
 
Listen 443
<VirtualHost *:443>
DocumentRoot /free/home/enteroa/html
ServerName wp.enteroa.kr
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/wp.enteroa.kr/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/wp.enteroa.kr/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/wp.enteroa.kr/chain.pem
SSLCACertificateFile /etc/letsencrypt/live/wp.enteroa.kr/fullchain.pem
Header always set Strict-Transport-Security "max-age=15552000"
</VirtualHost>

 

블로그 이미지

디츠

“말은 쉽지, 코드를 보여줘.” “Talk is cheap. Show me the code.” – 리누스 토르발스(Linus Torvalds)

,