
Certbot으로부터 서버인증 받기
sudo certbot certonly --standalone
이메일 입력
agree
Please read the Terms of Service at
<https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf>. You must
agree in order to register with the ACME server at
<https://acme-v01.api.letsencrypt.org/directory>
-------------------------------------------------------------------------------
(A)gree/(C)ancel: A
Yes
-------------------------------------------------------------------------------
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about EFF and
our work to encrypt the web, protect its users and defend digital rights.
-------------------------------------------------------------------------------
(Y)es/(N)o: Y
도메인 입력
/etc/letsencrypt 디렉토리의 생성된 인증서 확인
인증서 형식 PKCS2으로 변경
sudo openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out keystore.p12 -name ttp -CAfile chain.pem -caname root
keystore.p12 옮기기
스프링 프로젝트

main 서버

Tomcat 설정
/opt/tomcat/latest/conf/server.xml
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/etc/letsencrypt/keystore.p12" keystorePass="blind42#Blind42" />
포트포워딩 다시 설정
war파일 업데이트
tomcat 재시작
systemctl restart tomcat