add-apt-repository ppa : certbot / certbot
apt-get 업데이트
apt-get install python-certbot-nginx
certbot certonly –nginx -d bong9.kr, www.bong9.kr // www있거나 없어도 작동
ls /etc/ letsencrypt / live /
cd /etc/ nginx / sites-available /
vi bong9.kr
도메인 변경 : certbot certonly –cert-name bong9.kr -d bong9.com, www.bong9.com
도메인 지우기 : certbot delete –cert-name [지울도메인명] // ls /etc/letsencrypt/live/ 해서 나오는 폴더명을 적어야함
cat /etc/nginx/sites-available/bong9.kr
server {
listen 80;
#listen [::]:80;
server_name www.bong9.kr bong9.kr;
if ( $host ~ ^www.(.+)$ ) {
set $without_www $1;
#rewrite ^(.) $scheme://$without_www$uri permanent; rewrite ^(.) https://$without_www$uri permanent;
}
if ($scheme = http) {
#if ( $https = on ) {
rewrite ^(.) https://$host$1 permanent; #rewrite ^(.) https://$server_name$1 permanent;
}
#location /wd {
# rewrite ^ https://$host$request_uri?permanent;
#}
# location / {
# return 301 http://$host$request_uri; ### http://www.9networks.kr로 리다이렉팅
# try_files $uri $uri/ =404;
# }
#
# SSL configuration
#
listen 443 ssl;
#listen [::]:443 ssl default_server;
#server_name bong9.kr www.bong9.kr;
ssl on;
ssl_certificate /etc/letsencrypt/live/bong9.kr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/bong9.kr/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /home/bong9/public_html;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm;
# pass PHP scripts to FastCGI server
#
location ~ \.(php|html|htm)$ {
include snippets/fastcgi-php.conf;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#
# # With php-fpm (or other unix sockets):
fastcgi_pass unix:/run/php/php7.3-fpm.sock;
include fastcgi_params;
fastcgi_read_timeout 300;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}}
www.bong9.kr;
ssl on;
ssl_certificate /etc/letsencrypt/live/bong9.kr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/bong9.kr/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;