摘要:使用的官方文档,可以选择系统,切换对应的使用方法,我选择的是安装安装过程中,若出现错误,可使用解决,注意后面的要替换为提示错误中的申请证书
Certbot使用的官方文档,可以选择系统,切换对应的使用方法,我选择的是Ubuntu16.04+Nginx
1、安装Cerbot$ sudo apt-get update $ sudo apt-get install software-properties-common $ sudo add-apt-repository ppa:certbot/certbot $ sudo apt-get update $ sudo apt-get install python-certbot-nginx
安装过程中,若出现 W: GPG error: http://ppa.launchpad.net/ondrej/php/ubuntu xenial InRelease: The following signatures couldn"t be verified because the public key is not available: NO_PUBKEY 4F4EA0AAE5267A6C 错误,可使用 sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 4F4EA0AAE5267A6C 解决,注意后面的key要替换为提示错误中的PUBKEY2、申请证书
sudo certbot --nginx --nginx-server-root /etc/nginx/ -d xxx.j2do.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator nginx, Installer nginx Enter email address (used for urgent renewal and security notices) (Enter "c" to cancel): xxxxx@126.com Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org ------------------------------------------------------------------------------- Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v01.api.letsencrypt.org/directory ------------------------------------------------------------------------------- (A)gree/(C)ancel: A ------------------------------------------------------------------------------- Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let"s Encrypt project and the non-profit organization that develops Certbot? We"d like to send you email about EFF and our work to encrypt the web, protect its users and defend digital rights. ------------------------------------------------------------------------------- (Y)es/(N)o: N Obtaining a new certificate Performing the following challenges: http-01 challenge for ddy.j2do.com nginx: [warn] conflicting server name "" on 0.0.0.0:80, ignored nginx: [warn] conflicting server name "" on [::]:80, ignored Waiting for verification... Cleaning up challenges nginx: [warn] conflicting server name "" on 0.0.0.0:80, ignored nginx: [warn] conflicting server name "" on [::]:80, ignored Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/ddy nginx: [warn] conflicting server name "" on 0.0.0.0:80, ignored nginx: [warn] conflicting server name "" on [::]:80, ignored Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access. ------------------------------------------------------------------------------- 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you"re confident your site works on HTTPS. You can undo this change by editing your web server"s configuration. ------------------------------------------------------------------------------- Select the appropriate number [1-2] then [enter] (press "c" to cancel): 1 ------------------------------------------------------------------------------- Congratulations! You have successfully enabled https://ddy.j2do.com You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=ddy.j2do.com ------------------------------------------------------------------------------- IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/xxx.j2do.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/xxx.j2do.com/privkey.pem Your cert will expire on 2018-09-16. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew" - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let"s Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
第一项必须是选择同意(A),第二项无所谓,是将记得邮件地址添加到EFF邮件列表中,发送一些邮件给你,可以选择否(N),这时候证书会自动生成,并根据你的域名,去查找nginx配置,自动修改nginx配置支持https,最后询问你,是否要将http的请求全部重置到https上,配置完成后告诉你一些信息,证书存放在/etc/letsencrypt位置3、重启nignx即可
sudo service nginx restart4、Let"s Encrypt推荐使用ACME v2证书,此证书支持通配符,使证书更容易管理,稍后补充申请方法 5、自动定时申请更新证书
无论如何要记得更新证书这个事情还是很麻烦,那么certbot提供了一个自动为所有证书重新申请的命令,而且它是智能的,只申请七天内到期的证书
#设置crontab命令 0 2 * * * certbot renew
文章版权归作者所有,未经允许请勿转载,若此文章存在违规行为,您可以联系管理员删除。
转载请注明本文地址:https://www.ucloud.cn/yun/39990.html
摘要:甚至和百度的搜索结果也正在给予的网站更高的排名和优先收录权。由于预设的解码器是,所以就不能识别中文。那理解了这个错误原因后,我这边首先想到的就是网站的配置文件中是否含有中文。打开一看,确实存在中文注释。 相关知识 HTTP/HTTPS 是什么? 简单来说,HTTP 是一个传输网页内容的协议,比如我们浏览一个网页,网页上的文字、图片、 CSS 、 JS 等文件都是通过 HTTP 协议传输...
摘要:在上使用免费的如果你使用来做负载均衡,在上可以很方便的使用。提供期限为三个月的免费证书,到期之后需要,官方还提供自动的工具是一个自动申请和续期证书的工具。在官网可以找到各种和服务器下的安装方法。常见的和安装起来十分方便。 在Amazon Linux 上 使用 Lets encrypt 免费的SSL 如果你使用ELB来做负载均衡,在AWS上可以很方便的使用SSL。如果不使用ELB就需要自...
摘要:为了推广协议,电子前哨基金会成立了,提供免费证书。部署,包含申请域名部署应用,并开启服务。安装使用获取证书对于,使用的插件获取。 为了推广HTTPS协议,电子前哨基金会EFF成立了 Lets Encrypt,提供免费证书。 Lets Encrypt一个于2015年三季度推出的数字证书认证机构,将通过旨在消除当前手动创建和安装证书的复杂过程的自动化流程,为安全网站提供免费的SSL/TLS...
阅读 3234·2021-11-24 11:17
阅读 1982·2021-11-15 11:38
阅读 3181·2021-10-14 09:42
阅读 2763·2019-08-30 15:54
阅读 1700·2019-08-28 18:09
阅读 432·2019-08-26 11:48
阅读 1517·2019-08-26 10:48
阅读 2039·2019-08-26 10:45
