To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. 해결하기

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.

ubuntu:~$ sudo certbot certonly --manual --email [your email] -d [your domain]
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for yunamom.duckdns.org

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.

Are you OK with your IP being logged?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Create a file containing just this data:

BzO0D9-Kkj1JueCT4iwAp81wuQiQH4Qo888_6liB4-Q.0Tc284K9HV1X9hq8oXsrv6Xy9c1aiwswFuGgGzK0F2o

And make it available on your web server at this URL:

http://yunamom.duckdns.org/.well-known/acme-challenge/BzO0D9-Kkj1JueCT4iwAp81wuQiQH4Qo888_6liB4-Q

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue

 도메인 소유권확인을 위한 작업 (check domain ownership) 

기존 터미널 창을 그대로 두고 새창을 열어서 파일생성 (open new terminal and create data)

ubuntu:~$ sudo vi /var/lib/tomcat9/webapps/ROOT/.well-known/acme-challenge/BzO0D9-Kkj1JueCT4iwAp81wuQiQH4Qo888_6liB4-Qsudo vi /var/lib/tomcat9/webapps/ROOT/.well-known/acme-challenge/BzO0D9-Kkj1JueCT4iwAp81wuQiQH4Qo888_6liB4-Q

Create a file containing just this data:

BzO0D9-Kkj1JueCT4iwAp81wuQiQH4Qo888_6liB4-Q.0Tc284K9HV1X9hq8oXsrv6Xy9c1aiwswFuGgGzK0F2o

ESC → :wq (save) 

 

기존 터미널로 돌아가서 엔터를 눌러주면 완료 :D

Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/yunamom.duckdns.org/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/yunamom.duckdns.org/privkey.pem
   Your cert will expire on 2022-10-18. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

 

NginX에 SSL 연결하기

NginX의 site-available에 있는 site conf에서 아래와 같이 443번 포트를 개방해주고, ssl 인증서를 넣어준다.

server {
        listen 80;
        listen [::]:80;
        
        # HTTPS 443 포트 개방
        listen 443 ssl;
        listen [::]:443 ssl;

        root /var/www/html;

        server_name yunamom.duckdns.org;
        
        #SSL 인증서
        ssl_certificate /etc/letsencrypt/live/yunamom.duckdns.org/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/yunamom.duckdns.org/privkey.pem;

        location / {
                proxy_pass http://127.0.0.1:5555;
        }
}

 

 NginX Reload 및 확인

 NginX 리로딩 후, https으로 페이지가 열리게 된다.

$ sudo service nginx reload