메뉴 건너뛰기

Cloudera, BigData, Semantic IoT, Hadoop, NoSQL

Cloudera CDH/CDP 및 Hadoop EcoSystem, Semantic IoT등의 개발/운영 기술을 정리합니다. gooper@gooper.com로 문의 주세요.


아래와 같이 letsencrypt를 사용해도 되고 sudo certbot를 사용해도됨. 그리고 인증서 갱신후 반드시 sudo service apache2 reload를 수행하여 변경사항을 반영시켜주어야함.



1. 인증서 발급하기

letsencrypt certonly --webroot --webroot-path=/home/gooper/www -d gooper.com -d www.gooper.com

letsencrypt certonly --webroot --webroot-path=/home/gdime/www -d gdime.com -d www.gdime.com


2. 인증서 갱신시 이전 버전인 ACMEv1를 사용하는 경우 오류메세지

gooper@gsda4:~/$ sudo certbot renew

Saving debug log to /var/log/letsencrypt/letsencrypt.log


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Processing /etc/letsencrypt/renewal/gooper.com.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Cert is due for renewal, auto-renewing...

Plugins selected: Authenticator webroot, Installer None

Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org

Attempting to renew cert (gooper.com) from /etc/letsencrypt/renewal/gooper.com.conf produced an unexpected error: urn:acme:error:serverInternal :: The server experienced an internal error :: ACMEv1 is deprecated and you can no longer get certificates from this endpoint. Please use the ACMEv2 endpoint, you may need to update your ACME client software to do so. Visit https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430/27 for more information.. Skipping.


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Processing /etc/letsencrypt/renewal/gdime.com.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Cert is due for renewal, auto-renewing...

Plugins selected: Authenticator webroot, Installer None

Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org

Attempting to renew cert (gdime.com) from /etc/letsencrypt/renewal/gdime.com.conf produced an unexpected error: urn:acme:error:serverInternal :: The server experienced an internal error :: ACMEv1 is deprecated and you can no longer get certificates from this endpoint. Please use the ACMEv2 endpoint, you may need to update your ACME client software to do so. Visit https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430/27 for more information.. Skipping.

All renewal attempts failed. The following certs could not be renewed:

  /etc/letsencrypt/live/gooper.com/fullchain.pem (failure)

  /etc/letsencrypt/live/gdime.com/fullchain.pem (failure)


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


All renewal attempts failed. The following certs could not be renewed:

  /etc/letsencrypt/live/gooper.com/fullchain.pem (failure)

  /etc/letsencrypt/live/gdime.com/fullchain.pem (failure)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2 renew failure(s), 0 parse failure(s)


*버전에 따른 오류가 발생하면 아래 파일의 server = https://acme-v01.api.letsencrypt.org/directory부분을 server = https://acme-v02.api.letsencrypt.org/directory로 바꿔준다. 

(이전 버전의 renewal정보가 설정된 모습

renewal/gooper.com.conf :server = https://acme-v01.api.letsencrypt.org/directory

renewal/gdime.com.conf :server = https://acme-v01.api.letsencrypt.org/directory

)




3. 1개도메인만 버전 정보를 수정후 다시 renew를 수행한 메세지는 아래와 같음(1개는 정상 1개는 실패) 

gooper@gsda4:/etc/letsencrypt$ sudo certbot renew

Saving debug log to /var/log/letsencrypt/letsencrypt.log


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Processing /etc/letsencrypt/renewal/gooper.com.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Cert is due for renewal, auto-renewing...

Plugins selected: Authenticator webroot, Installer None

Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org

Renewing an existing certificate

Performing the following challenges:

http-01 challenge for gooper.com

http-01 challenge for www.gooper.com

Waiting for verification...

Cleaning up challenges


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

new certificate deployed without reload, fullchain is

/etc/letsencrypt/live/gooper.com/fullchain.pem

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Processing /etc/letsencrypt/renewal/gdime.com.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Cert is due for renewal, auto-renewing...

Plugins selected: Authenticator webroot, Installer None

Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org

Attempting to renew cert (gdime.com) from /etc/letsencrypt/renewal/gdime.com.conf produced an unexpected error: urn:acme:error:serverInternal :: The server experienced an internal error :: ACMEv1 is deprecated and you can no longer get certificates from this endpoint. Please use the ACMEv2 endpoint, you may need to update your ACME client software to do so. Visit https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430/27 for more information.. Skipping.

The following certs could not be renewed:

  /etc/letsencrypt/live/gdime.com/fullchain.pem (failure)


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


The following certs were successfully renewed:

  /etc/letsencrypt/live/gooper.com/fullchain.pem (success)


The following certs could not be renewed:

  /etc/letsencrypt/live/gdime.com/fullchain.pem (failure)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

1 renew failure(s), 0 parse failure(s)

번호 제목 날짜 조회 수
» https용 인증서 발급 명령문 예시및 오류 메세지 2018.01.24 295
480 여러 홈페이지를 운영하거나 혹은 서버에 가입한 사용자들에게 홈페이지 계정을 나누어 줄수 있도록 설정/계정 생성방법 2018.01.23 849
479 maven을 이용하여 Hello world 서비스 자동 생성시 HelloServiceImpl.java에서 사용하는 getMessage() 와 getName() 이 정의되지 않은 오류가 발생시 조치방법 2018.01.19 840
478 Lagom에서 제공하는 Maven을 이용한 Hello프로젝트 자동생성 및 실행 2018.01.19 320
477 lagom에서 제공하는 초기 생성기능을 이용하여 생성한 프로젝트의 소스 파악 2018.01.16 830
476 spark stream처리할때 두개의 client프로그램이 동일한 checkpoint로 접근할때 발생하는 오류 내용 2018.01.16 1221
475 shard3가 있는 서버에 문제가 있는 상태에서 solr query를 요청하는 경우 "no servers hosting shard: shard3" 오류가 발생하는 경우 조치사항 2018.01.04 325
474 solr 데몬이 떠있는 동안 hadoop이 다운되는 경우 Index dir 'hdfs://mycluster/user/../core_node2/data/index/' of core 'gc_shard1_replica2' is already locked라논 오류가 발생하는데 이에 대한 조치사항 2018.01.04 1075
473 [Decommission]시 시간이 많이 걸리면서(수일) Decommission이 완료되지 않는 경우 조치 2018.01.03 6550
472 [2.7.2] distribute-exclude.sh사용할때 ssh 포트변경에 따른 오류발생시 조치사항 2018.01.02 861
471 hadoop cluster에 포함된 노드중에서 문제있는 decommission하는 방법및 절차 file 2017.12.28 1337
470 windows7에서 lagom의 hello world를 빌드하여 실행하는 경우의 로그(mvn lagom:runAll -Dscala.binary.version=2.11) 2017.12.22 365
469 Lagom프레임웍에서 제공하는 HelloWorld 테스트를 수행시 [unknown-version]오류가 발생하면서 빌드가 되지 않는 경우 조치사항 2017.12.22 332
468 [DBeaver 4.3.0]import/export시 "Client home is not specified for connection" 오류발생시 조치사항 2017.12.21 1171
467 전체 컨택스트 내용 file 2017.12.19 283
466 [gson]mongodb의 api를 이용하여 데이타를 가져올때 "com.google.gson.stream.MalformedJsonException: Unterminated object at line..." 오류발생시 조치사항 2017.12.11 4945
465 컴퓨터 무한 재부팅 원인및 조치방법 file 2017.12.05 308
464 권한회수 및 권한부여 명령 몇가지 2017.11.16 1071
463 db를 통째로 새로운 이름의 db로 복사하는 방법/절차 2017.11.14 1040
462 oneM2M Specification(Draft Release 3, 2, 1), Draft Technical Reports 2017.10.25 281
위로