Using acme.sh to generate LetsEncrypt certificates on AWS (Route53)

acme.sh를 이용하여 AWS (Route53)에서 LetsEncrypt 인증서 생성방법

 

참고 URL

https://github.com/Neilpang/acme.sh

 

의존성 패키지 설치

[root@172-16-11-5 /]# yum install -y socat

acme.sh 설치

[root@172-16-11-5 /]# curl https://get.acme.sh | sh
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   705  100   705    0     0    839      0 --:--:-- --:--:-- --:--:--   839
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  166k  100  166k    0     0   389k      0 --:--:-- --:--:-- --:--:--  390k
[Tue Jan  8 17:49:08 KST 2019] Installing from online archive.
[Tue Jan  8 17:49:08 KST 2019] Downloading https://github.com/Neilpang/acme.sh/archive/master.tar.gz
[Tue Jan  8 17:49:10 KST 2019] Extracting master.tar.gz
[Tue Jan  8 17:49:10 KST 2019] Installing to /root/.acme.sh
[Tue Jan  8 17:49:10 KST 2019] Installed to /root/.acme.sh/acme.sh
[Tue Jan  8 17:49:10 KST 2019] Installing alias to '/root/.bashrc'
[Tue Jan  8 17:49:10 KST 2019] OK, Close and reopen your terminal to start using acme.sh
[Tue Jan  8 17:49:10 KST 2019] Installing alias to '/root/.cshrc'
[Tue Jan  8 17:49:10 KST 2019] Installing alias to '/root/.tcshrc'
[Tue Jan  8 17:49:10 KST 2019] Installing cron job
14 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
[Tue Jan  8 17:49:10 KST 2019] Good, bash is found, so change the shebang to use bash as preferred.
[Tue Jan  8 17:49:10 KST 2019] OK
[Tue Jan  8 17:49:10 KST 2019] Install success!

aws access key 추가

[root@172-16-11-5 /]# export AWS_ACCESS_KEY_ID=YOUR_AWS_ACCESS_KEY_ID
[root@172-16-11-5 /]# export AWS_SECRET_ACCESS_KEY=YOUR_AWS_SECRET_ACCESS_KEY

acme.sh 실행

[root@172-16-11-5 /]# /root/.acme.sh/acme.sh --issue -d umount.net -d *.umount.net --dns dns_aws
[Tue Jan  8 18:36:53 KST 2019] ===Starting cron===
..
..
[Tue Jan  8 18:36:59 KST 2019] ===End cron===

crontab 확인 및 편집

crontab -e
0 0 * * * /root/.acme.sh/acme.sh --cron --home /root/.acme.sh > /dev/null && systemctl restart nginx

You may also like...