728x90
반응형
Could not find ssl_module; not installing certificate.
CentOS 8에서 certbot 설치 후 수동으로 와일드카드 인증서를 발급받았는데...사이트가 열리지 않는다. 웹브라우저에서 ERR_CONNECTION_REFUSED 오류만 발생할 뿐...
다시 certbot을 실행하여 자동으로 인증서 발급을 시도했더니 아래와 같은 오류가 발생한다.
| # certbot ... 설치과정 생략 ... 마침내 아래의 오류 발생~ Could not find ssl_module; not installing certificate. |
인증서를 설치할 수 없다는 오류를 보여주면서 축하해주는...이런 감동을 선사하다니~
IMPORTANT NOTES: - Unable to install the certificate - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/yourdomain.net/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/yourdomain.net/privkey.pem Your cert will expire on 2021-02-08. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew" |
let's Encrypt 사이트에서 CentOS 8 / Apache 환경에서의 certbot 설치안내서를 그대로 따랐는데...아마도 snapd 설치 후에 이를 통해서 certbot을 설치하는 과정에서 SSL 모듈이 누락된 듯 하다. 일단 서버에 설치한 snap은 무시하고 apache환경에 필요한 모듈을 아래와 같이 설치했다. 설치 후에 웹서버를 재시작하니 이제야 사이트가 정상적으로 열린다.
[root@localhost etc]# dnf install certbot python3-certbot-apache mod_ssl
Last metadata expiration check: 2:02:18 ago on Tue 10 Nov 2020 05:31:44 PM UTC.
Dependencies resolved.
=======================================================================================================================================================
Package Architecture Version Repository Size
=======================================================================================================================================================
Installing:
certbot noarch 1.9.0-1.el8 epel 48 k
mod_ssl x86_64 1:2.4.37-21.module_el8.2.0+494+1df74eae AppStream 132 k
python3-certbot-apache noarch 1.9.0-1.el8 epel 143 k
Installing dependencies:
augeas-libs x86_64 1.12.0-5.el8 BaseOS 436 k
python3-acme noarch 1.9.0-1.el8 epel 88 k
python3-augeas noarch 0.5.0-12.el8 AppStream 31 k
python3-certbot noarch 1.9.0-1.el8 epel 382 k
python3-chardet noarch 3.0.4-7.el8 BaseOS 195 k
python3-configargparse noarch 0.14.0-6.el8 epel 36 k
python3-distro noarch 1.4.0-2.module_el8.1.0+245+c39af44f AppStream 37 k
python3-josepy noarch 1.2.0-5.el8 epel 95 k
python3-ndg_httpsclient noarch 0.5.1-4.el8 epel 53 k
python3-parsedatetime noarch 2.5-1.el8 epel 79 k
python3-pyasn1 noarch 0.3.7-6.el8 AppStream 126 k
python3-pyrfc3339 noarch 1.1-1.el8 epel 19 k
python3-pysocks noarch 1.6.8-3.el8 BaseOS 34 k
python3-pytz noarch 2017.2-9.el8 AppStream 54 k
python3-requests noarch 2.20.0-2.1.el8_1 BaseOS 123 k
python3-requests-toolbelt noarch 0.9.1-4.el8 epel 91 k
python3-urllib3 noarch 1.24.2-4.el8 BaseOS 176 k
python3-zope-component noarch 4.3.0-8.el8 epel 313 k
python3-zope-event noarch 4.2.0-12.el8 epel 210 k
python3-zope-interface x86_64 4.6.0-1.el8 epel 158 k
Installing weak dependencies:
python-josepy-doc noarch 1.2.0-5.el8 epel 21 k
Transaction Summary
=======================================================================================================================================================
Install 24 Packages
Total download size: 3.0 M
Installed size: 11 M
Is this ok [y/N]: y
Downloading Packages:
(1/24): python3-augeas-0.5.0-12.el8.noarch.rpm 149 kB/s | 31 kB 00:00
(2/24): python3-distro-1.4.0-2.module_el8.1.0+245+c39af44f.noarch.rpm 148 kB/s | 37 kB 00:00
(3/24): mod_ssl-2.4.37-21.module_el8.2.0+494+1df74eae.x86_64.rpm 446 kB/s | 132 kB 00:00
(4/24): python3-pytz-2017.2-9.el8.noarch.rpm 548 kB/s | 54 kB 00:00
(5/24): python3-pyasn1-0.3.7-6.el8.noarch.rpm 621 kB/s | 126 kB 00:00
(6/24): python3-pysocks-1.6.8-3.el8.noarch.rpm 289 kB/s | 34 kB 00:00
(7/24): python3-chardet-3.0.4-7.el8.noarch.rpm 652 kB/s | 195 kB 00:00
(8/24): python3-requests-2.20.0-2.1.el8_1.noarch.rpm 1.0 MB/s | 123 kB 00:00
(9/24): augeas-libs-1.12.0-5.el8.x86_64.rpm 1.2 MB/s | 436 kB 00:00
(10/24): python3-urllib3-1.24.2-4.el8.noarch.rpm 1.3 MB/s | 176 kB 00:00
(11/24): python-josepy-doc-1.2.0-5.el8.noarch.rpm 23 kB/s | 21 kB 00:00
(12/24): certbot-1.9.0-1.el8.noarch.rpm 46 kB/s | 48 kB 00:01
(13/24): python3-acme-1.9.0-1.el8.noarch.rpm 66 kB/s | 88 kB 00:01
(14/24): python3-certbot-apache-1.9.0-1.el8.noarch.rpm 254 kB/s | 143 kB 00:00
(15/24): python3-configargparse-0.14.0-6.el8.noarch.rpm 176 kB/s | 36 kB 00:00
(16/24): python3-certbot-1.9.0-1.el8.noarch.rpm 469 kB/s | 382 kB 00:00
(17/24): python3-josepy-1.2.0-5.el8.noarch.rpm 330 kB/s | 95 kB 00:00
(18/24): python3-ndg_httpsclient-0.5.1-4.el8.noarch.rpm 228 kB/s | 53 kB 00:00
(19/24): python3-parsedatetime-2.5-1.el8.noarch.rpm 396 kB/s | 79 kB 00:00
(20/24): python3-pyrfc3339-1.1-1.el8.noarch.rpm 87 kB/s | 19 kB 00:00
(21/24): python3-zope-component-4.3.0-8.el8.noarch.rpm 1.1 MB/s | 313 kB 00:00
(22/24): python3-requests-toolbelt-0.9.1-4.el8.noarch.rpm 272 kB/s | 91 kB 00:00
(23/24): python3-zope-interface-4.6.0-1.el8.x86_64.rpm 697 kB/s | 158 kB 00:00
(24/24): python3-zope-event-4.2.0-12.el8.noarch.rpm 497 kB/s | 210 kB 00:00
-------------------------------------------------------------------------------------------------------------------------------------------------------
Total 598 kB/s | 3.0 MB 00:05
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : python3-zope-event-4.2.0-12.el8.noarch 1/24
Installing : python3-zope-interface-4.6.0-1.el8.x86_64 2/24
Installing : python3-zope-component-4.3.0-8.el8.noarch 3/24
Installing : python3-pyrfc3339-1.1-1.el8.noarch 4/24
Installing : python3-pytz-2017.2-9.el8.noarch 5/24
Installing : python3-parsedatetime-2.5-1.el8.noarch 6/24
Installing : python3-ndg_httpsclient-0.5.1-4.el8.noarch 7/24
Installing : python3-configargparse-0.14.0-6.el8.noarch 8/24
Installing : python-josepy-doc-1.2.0-5.el8.noarch 9/24
Installing : python3-josepy-1.2.0-5.el8.noarch 10/24
Installing : python3-pysocks-1.6.8-3.el8.noarch 11/24
Installing : python3-urllib3-1.24.2-4.el8.noarch 12/24
Installing : python3-chardet-3.0.4-7.el8.noarch 13/24
Installing : python3-requests-2.20.0-2.1.el8_1.noarch 14/24
Installing : python3-requests-toolbelt-0.9.1-4.el8.noarch 15/24
Installing : augeas-libs-1.12.0-5.el8.x86_64 16/24
Running scriptlet: augeas-libs-1.12.0-5.el8.x86_64 16/24
Installing : python3-augeas-0.5.0-12.el8.noarch 17/24
Installing : python3-pyasn1-0.3.7-6.el8.noarch 18/24
Installing : python3-acme-1.9.0-1.el8.noarch 19/24
Installing : python3-distro-1.4.0-2.module_el8.1.0+245+c39af44f.noarch 20/24
Installing : python3-certbot-1.9.0-1.el8.noarch 21/24
Installing : certbot-1.9.0-1.el8.noarch 22/24
Running scriptlet: certbot-1.9.0-1.el8.noarch 22/24
Installing : mod_ssl-1:2.4.37-21.module_el8.2.0+494+1df74eae.x86_64 23/24
Installing : python3-certbot-apache-1.9.0-1.el8.noarch 24/24
Running scriptlet: python3-certbot-apache-1.9.0-1.el8.noarch 24/24
Verifying : mod_ssl-1:2.4.37-21.module_el8.2.0+494+1df74eae.x86_64 1/24
Verifying : python3-augeas-0.5.0-12.el8.noarch 2/24
Verifying : python3-distro-1.4.0-2.module_el8.1.0+245+c39af44f.noarch 3/24
Verifying : python3-pyasn1-0.3.7-6.el8.noarch 4/24
Verifying : python3-pytz-2017.2-9.el8.noarch 5/24
Verifying : augeas-libs-1.12.0-5.el8.x86_64 6/24
Verifying : python3-chardet-3.0.4-7.el8.noarch 7/24
Verifying : python3-pysocks-1.6.8-3.el8.noarch 8/24
Verifying : python3-requests-2.20.0-2.1.el8_1.noarch 9/24
Verifying : python3-urllib3-1.24.2-4.el8.noarch 10/24
Verifying : certbot-1.9.0-1.el8.noarch 11/24
Verifying : python-josepy-doc-1.2.0-5.el8.noarch 12/24
Verifying : python3-acme-1.9.0-1.el8.noarch 13/24
Verifying : python3-certbot-1.9.0-1.el8.noarch 14/24
Verifying : python3-certbot-apache-1.9.0-1.el8.noarch 15/24
Verifying : python3-configargparse-0.14.0-6.el8.noarch 16/24
Verifying : python3-josepy-1.2.0-5.el8.noarch 17/24
Verifying : python3-ndg_httpsclient-0.5.1-4.el8.noarch 18/24
Verifying : python3-parsedatetime-2.5-1.el8.noarch 19/24
Verifying : python3-pyrfc3339-1.1-1.el8.noarch 20/24
Verifying : python3-requests-toolbelt-0.9.1-4.el8.noarch 21/24
Verifying : python3-zope-component-4.3.0-8.el8.noarch 22/24
Verifying : python3-zope-event-4.2.0-12.el8.noarch 23/24
Verifying : python3-zope-interface-4.6.0-1.el8.x86_64 24/24
Installed products updated.
Installed:
augeas-libs-1.12.0-5.el8.x86_64 certbot-1.9.0-1.el8.noarch
mod_ssl-1:2.4.37-21.module_el8.2.0+494+1df74eae.x86_64 python-josepy-doc-1.2.0-5.el8.noarch
python3-acme-1.9.0-1.el8.noarch python3-augeas-0.5.0-12.el8.noarch
python3-certbot-1.9.0-1.el8.noarch python3-certbot-apache-1.9.0-1.el8.noarch
python3-chardet-3.0.4-7.el8.noarch python3-configargparse-0.14.0-6.el8.noarch
python3-distro-1.4.0-2.module_el8.1.0+245+c39af44f.noarch python3-josepy-1.2.0-5.el8.noarch
python3-ndg_httpsclient-0.5.1-4.el8.noarch python3-parsedatetime-2.5-1.el8.noarch
python3-pyasn1-0.3.7-6.el8.noarch python3-pyrfc3339-1.1-1.el8.noarch
python3-pysocks-1.6.8-3.el8.noarch python3-pytz-2017.2-9.el8.noarch
python3-requests-2.20.0-2.1.el8_1.noarch python3-requests-toolbelt-0.9.1-4.el8.noarch
python3-urllib3-1.24.2-4.el8.noarch python3-zope-component-4.3.0-8.el8.noarch
python3-zope-event-4.2.0-12.el8.noarch python3-zope-interface-4.6.0-1.el8.x86_64
Complete!
[root@vultrguest etc]# systemctl restart httpd
CentOS7을 사용하는 이전 서버에 설치되어 있는 버전은 certbot.noarch 0.31.0-2.el7이며, 지금 설치한 certbot의 버전은 1.9.0-1.el8 이다. 설치 옵션만 살짝 바뀌었을 뿐 인증서를 적용하는 방법이나 아파치 웹서버에서 SSL 모듈을 불러오는 방식은 이전버전과 차이가 없는 듯 하다.
certbot.eff.org의 문서를 참고하여 snap 없이 설치하는 방법은 아래와 같다. - How to install certbot without snap - snap을 이용한 설치는 certbot.eff.org의 첫페이지 부터 설명하고 있으니 참고하자.
CentOS8, apache 환경에서 Let's Encrypt의 SSL 인증서를 위한 certbot의 설치는
(1) epel-release-8을 설치한 후에 (# dny install epel-release [or] # yum install epel-release)
(2) apache용 모듈을 설치하자 ( # dnf install certbot python3-certbot-apache mod_ssl )
dnf가 아직 낯설다 -_-;
CentOS7에 apache를 사용한다면
(1) epel-release-7을 설치하고 (# yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm)
(2) certbot을 설치하자 (# yum install python2-certbot-apache)
728x90
반응형
'Linux > SSL(보안서버)' 카테고리의 다른 글
| Network-based Origin Confusion Attacks (1) | 2021.05.25 |
|---|---|
| Let's Encrypt SSL 인증서의 서버이전 (0) | 2021.04.26 |
| 보안서버 구축 - Let's Encrypt의 와일드카드 인증서 (0) | 2020.03.17 |
| let's encrypt SSL 와일드카드 인증서의 갱신 (0) | 2020.02.22 |
댓글