{"id":236,"date":"2024-03-01T12:46:13","date_gmt":"2024-03-01T12:46:13","guid":{"rendered":"http:\/\/www.freelifemakers.org\/wordpress\/?p=236"},"modified":"2025-05-03T11:52:39","modified_gmt":"2025-05-03T11:52:39","slug":"enginx-setting-up-ssl-lets-encrypt","status":"publish","type":"post","link":"https:\/\/www.freelifemakers.org\/wordpress\/index.php\/2024\/03\/01\/enginx-setting-up-ssl-lets-encrypt\/","title":{"rendered":"Nginx \uc5d0\uc11c SSL\uc124\uc815 \ud558\uae30(Setting up SSL for Nginx )-Let’s Encrypt"},"content":{"rendered":"\n

Let’s Encrypt\ub294 \ubb34\ub8cc\ub85c \uc0ac\uc6a9\uac00\ub2a5\ud55c SSL \uc778\uc99d\uc11c \uc785\ub2c8\ub2e4.
SSL\uc778\uc99d\uc774\ub780 \uc6f9\uc0ac\uc774\ud2b8\uc640 \uc6f9\uc11c\ubc84 \uc0ac\uc774\uc758 \ub370\uc774\ud130\ub97c \uc554\ud638\ud654 \ud558\ub294 \uae30\uc220\uc785\ub2c8\ub2e4.
\uc27d\uac8c \uc598\uae30\ud574\uc11c \uc6b0\ub9ac\uac00 \uc778\ud130\ub137\uc5d0 \uc811\uc18d\ud560\ub54c http:\/\/\ud504\ub85c\ud1a0\ucf5c\uc744 https:\/\/\ud504\ub85c\ud1a0\ucf5c\ub85c \ubc14\uafd4\uc11c \uc0ac\uc6a9\ud560 \uc218 \uc788\uac8c \ud574\uc8fc\ub294 \uac83\uc774\ub77c\uace0 \uc0dd\uac01\ud558\uc2dc\uba74 \ub429\ub2c8\ub2e4.
\uba3c\uc800 Nginx\ub294 \uc124\uce58\ub418\uc5b4 \uc788\uc5b4\uc57c \ud569\ub2c8\ub2e4.

Let’s Encrypt is a free SSL certificate.
SSL authentication is a technology that encrypts data between a website and a web server.
To put it simply, you can think of it as something that allows us to change the “http:\/\/” protocol to “https:\/\/” protocol when we access the Internet.
First, Nginx must be installed.

\uc124\uc815 \uc21c\uc11c\ub294 \ub2e4\uc74c\uacfc \uac19\uc2b5\ub2c8\ub2e4.The setup sequence is as follows:<\/p>\n\n\n\n

1.Certbot\uc124\uce58
(Certbot instatll)
2.\uc6f9\uc11c\ubc84 \uc124\uc815 \ubc0f \uc7ac\uc2dc\uc791
(Set up and restart web server)
3.\uc778\uc99d\uc11c\ubc1b\uae30
(Get a certificate)
4.\uc124\uc815\ud655\uc778
(Check settings)<\/p><\/blockquote><\/figure>\n\n\n\n

1.Certbot\uc124\uce58<\/strong> (Certbot install)
-SSL\uc778\uc99d\uc744 \uc704\ud55c certbot\uc124\uce58
#sudo apt-get update
#sudo apt-get install certbot<\/strong>

2.\uc6f9\uc11c\ubc84 \uc124\uc815 \ubc0f \uc7ac\uc2dc\uc791<\/strong>(Set up and restart web server)
\/etc\/nginx\/conf.d \ub514\ub809\ud1a0\ub9ac\uc5d0 domain name \ud30c\uc77c\uc744 \ub9cc\ub4ed\ub2c8\ub2e4
\uc800 \uac19\uc740 \uacbd\uc6b0\ub294 \/etc\/nginx\/conf.d\ub514\ub809\ud1a0\ub9ac \ubc11\uc5d0 media.freelifemakers.org\ud30c\uc77c\uc744 \ub9cc\ub4ed\ub2c8\ub2e4.

Create a domain name file in the \/etc\/nginx\/conf.d directory.
In my case, I create a media.freelifemakers.org file under the \/etc\/nginx\/conf.d directory.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

1)media.freelifemakers.org\ud30c\uc77c \uc124\uc815<\/p>\n\n\n\n

server {\n    listen 80 default_server;\n    listen [::]:80 default_server;\n    root \/var\/www\/html;\n    server_name media.freelifemakers.com;\n}<\/pre>\n\n\n\n
2)Nginx\ub97c \uc7ac\uc2dc\uc791\ud569\ub2c8\ub2e4.(restart nginx)
#service nginx restart<\/p>\n\n\n\n
3.\uc778\uc99d\uc11c \ubc1b\uae30(Get a certificate)<\/strong>
-\uc544\ub798\uc758 \uba85\ub839\uc5b4\ub97c \uc2e4\ud589\ud558\uba74 \ub2e4\uc74c\uacfc \uac19\uc774 \uc2e4\ud589 \ub418\uba70 \uc801\uc808\ud55c \ub2f5\ubcc0\uc744 \ud558\uc2dc\uba74 \ub429\ub2c8\ub2e4.
If you run the command below, it will run as follows and you can respond appropriately.

#sudo certbot —nginx<\/strong><\/p>\n\n\n\n
Saving debug log to \/var\/log\/letsencrypt\/letsencrypt.log\nEnter email address (used for urgent renewal and security notices)\n (Enter 'c' to cancel): ID@your-domain.com<\/mark>\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nPlease read the Terms of Service at\nhttps:\/\/letsencrypt.org\/documents\/LE-SA-v1.3-September-21-2022.pdf. You must\nagree in order to register with the ACME server. Do you agree?\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n(Y)es\/(N)o: Y<\/mark>\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nWould you be willing, once your first certificate is successfully issued, to\nshare your email address with the Electronic Frontier Foundation, a founding\npartner of the Let's Encrypt project and the non-profit organization that\ndevelops Certbot? We'd like to send you email about our work encrypting the web,\nEFF news, campaigns, and ways to support digital freedom.\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n(Y)es\/(N)o: N<\/mark>\n\nAccount registered.\n\nWhich names would you like to activate HTTPS for?\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n1: your-domain.com\n2: www.your-domain.com\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nSelect the appropriate numbers separated by commas and\/or spaces, or leave input\nblank to select all options shown (Enter 'c' to cancel):1 or 2<\/mark>\n\n<\/pre>\n\n\n\n
4.\uc124\uc815\ud655\uc778(Check settings)<\/strong><\/p>\n\n\n\n
1)\uc124\uce58 \uc644\ub8cc \uba54\uc138\uc9c0(Installation completion message)
\uc544\ub798\ub294 freelifemakers.org\uc758 \uba54\uc138\uc9c0\uc785\ub2c8\ub2e4.
Below is a message from freelifemakers.org.<\/p>\n\n\n\n
IMPORTANT NOTES:\n - Congratulations! Your certificate and chain have been saved at:\n   \/etc\/letsencrypt\/live\/freelifemakers.org\/fullchain.pem\n\n   Your key file has been saved at:\n   \/etc\/letsencrypt\/live\/freelifemakers.org\/privkey.pem\n\n   Your cert will expire on 2024-05-11. To obtain a new or tweaked\n   version of this certificate in the future, simply run certbot again\n   with the \"certonly\" option. To non-interactively renew *all* of\n   your certificates, run \"certbot renew\"\n\n - Your account credentials have been saved in your Certbot\n   configuration directory at \/etc\/letsencrypt. You should make a\n   secure backup of this folder now. This configuration directory will\n   also contain certificates and private keys obtained by Certbot so\n   making regular backups of this folder is ideal.\n\n - If you like Certbot, please consider supporting our work by:<\/pre>\n\n\n\n
2)\uc218\uc815\ub41c \ud30c\uc77c \ub0b4\uc6a9 \ud655\uc778(Check modified file contents)
– \uc815\uc0c1\uc801\uc73c\ub85c \uc124\uce58\uac00 \ub418\uba74 \/etc\/nginx\/sites-available\/ \ub514\ub809\ud1a0\ub9ac\uc5d0 \uc788\ub294 default\ud30c\uc77c\uc5d0 \ub2e4\uc74c\uc758 \ub0b4\uc6a9\uc774 \ucd94\uac00\ub41c \uac83\uc744 \ubcf4\uc2e4 \uc218 \uc788\uc2b5\ub2c8\ub2e4.(If installed properly, you will see the following content added to the default file in the \/etc\/nginx\/sites-available\/ directory.)
<\/p>\n\n\n\n
server {\n\n        # SSL configuration\n        #\n        # listen 443 ssl default_server;\n        # listen [::]:443 ssl default_server;\n        #\n        # Note: You should disable gzip for SSL traffic.\n        # See: https:\/\/bugs.debian.org\/773332\n        #\n        # Read up on ssl_ciphers to ensure a secure configuration.\n        # See: https:\/\/bugs.debian.org\/765782\n        #\n        # Self signed certs generated by the ssl-cert package\n        # Don't use them in a production server!\n        #\n        # include snippets\/snakeoil.conf;\n\n        root \/var\/www\/html;\n\n        # Add index.php to the list if you are using PHP\n        index index.html index.htm index.nginx-debian.html;\n    server_name media.freelifemakers.org; # managed by Certbot\n\n\n        location \/ {\n                # First attempt to serve request as file, then\n                # as directory, then fall back to displaying a 404.\n                try_files $uri $uri\/ =404;\n        }\n\n        # pass PHP scripts to FastCGI server\n        #\n        #location ~ \\.php$ {\n        #       include snippets\/fastcgi-php.conf;\n        #\n        #       # With php-fpm (or other unix sockets):\n        #       fastcgi_pass unix:\/run\/php\/php7.4-fpm.sock;\n        #       # With php-cgi (or other tcp sockets):\n        #       fastcgi_pass 127.0.0.1:9000;\n        #}\n\n        # deny access to .htaccess files, if Apache's document root\n        # concurs with nginx's one\n        #\n        #location ~ \/\\.ht {\n        #       deny all;\n        #}\n\n\n    listen [::]:443 ssl ipv6only=on; # managed by Certbot\n    listen 443 ssl; # managed by Certbot\n    ssl_certificate \/etc\/letsencrypt\/live\/media.freelifemakers.org\/fullchain.pem; # managed by Certbot\n    ssl_certificate_key \/etc\/letsencrypt\/live\/media.freelifemakers.org\/privkey.pem; # managed by Certbot\n    include \/etc\/letsencrypt\/options-ssl-nginx.conf; # managed by Certbot\n    ssl_dhparam \/etc\/letsencrypt\/ssl-dhparams.pem; # managed by Certbot<\/mark>\n\n\n\n}\nserver {\n    if ($host = media.freelifemakers.org) {\n        return 301 https:\/\/$host$request_uri;\n    } # managed by Certbot\n\n\n        listen 80 ;\n        listen [::]:80 ;\n    server_name media.freelifemakers.org;\n    return 404; # managed by Certbot\n\n\n}<\/mark><\/pre>\n\n\n\n
3)\uc811\uc18d\ud655\uc778(Check connection)
https:\/\/yourdomain.com\uc73c\ub85c \uc811\uc18d\uc774 \ub418\ub294\uc9c0 \ud655\uc778 \ud569\ub2c8\ub2e4.
Check if you can access https:\/\/yourdomain.com.

\u203b\ud2b8\ub7ec\ube14\uc288\ud305(troubleshooting)<\/p>\n\n\n\n
1.\uc544\ub798\uc640 \uac19\uc740 \uba54\uc138\uc9c0\uac00 \ubc1c\uc0dd\uc2dc(When the following message occurs:)\nThe requested nginx plugin does not appear to be installed <\/strong>\n\npython3-certbot-nginx\ub97c \uc124\uce58 \ud569\ub2c8\ub2e4.\n(Install python3-certbot-nginx.)\n#apt-get install python3-certbot-nginx\n<\/pre>\n\n\n\n
<\/p>\n\n\n\n
 <\/p>\n","protected":false},"excerpt":{"rendered":"
Let’s Encrypt\ub294 \ubb34\ub8cc\ub85c \uc0ac\uc6a9\uac00\ub2a5\ud55c SSL \uc778\uc99d\uc11c \uc785\ub2c8\ub2e4.SSL\uc778\uc99d\uc774\ub780 \uc6f9\uc0ac\uc774\ud2b8\uc640 \uc6f9\uc11c\ubc84 \uc0ac\uc774\uc758 \ub370\uc774\ud130\ub97c \uc554\ud638\ud654 \ud558\ub294 \uae30\uc220\uc785\ub2c8\ub2e4. \uc27d\uac8c \uc598\uae30\ud574\uc11c \uc6b0\ub9ac\uac00 \uc778\ud130\ub137\uc5d0 \uc811\uc18d\ud560\ub54c http:\/\/\ud504\ub85c\ud1a0\ucf5c\uc744 https:\/\/\ud504\ub85c\ud1a0\ucf5c\ub85c \ubc14\uafd4\uc11c \uc0ac\uc6a9\ud560 \uc218 \uc788\uac8c \ud574\uc8fc\ub294 \uac83\uc774\ub77c\uace0 \uc0dd\uac01\ud558\uc2dc\uba74 \ub429\ub2c8\ub2e4.\uba3c\uc800 Nginx\ub294 \uc124\uce58\ub418\uc5b4 \uc788\uc5b4\uc57c \ud569\ub2c8\ub2e4. Let’s Encrypt is a free SSL certificate. SSL authentication is a technology that encrypts data between a website and a web server.To […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[],"class_list":["post-236","post","type-post","status-publish","format-standard","hentry","category-linux","missing-thumbnail"],"_links":{"self":[{"href":"https:\/\/www.freelifemakers.org\/wordpress\/index.php\/wp-json\/wp\/v2\/posts\/236","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.freelifemakers.org\/wordpress\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.freelifemakers.org\/wordpress\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.freelifemakers.org\/wordpress\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.freelifemakers.org\/wordpress\/index.php\/wp-json\/wp\/v2\/comments?post=236"}],"version-history":[{"count":12,"href":"https:\/\/www.freelifemakers.org\/wordpress\/index.php\/wp-json\/wp\/v2\/posts\/236\/revisions"}],"predecessor-version":[{"id":1419,"href":"https:\/\/www.freelifemakers.org\/wordpress\/index.php\/wp-json\/wp\/v2\/posts\/236\/revisions\/1419"}],"wp:attachment":[{"href":"https:\/\/www.freelifemakers.org\/wordpress\/index.php\/wp-json\/wp\/v2\/media?parent=236"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.freelifemakers.org\/wordpress\/index.php\/wp-json\/wp\/v2\/categories?post=236"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.freelifemakers.org\/wordpress\/index.php\/wp-json\/wp\/v2\/tags?post=236"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}