通过Certbot免费申请https证书(Let’s Encrypt)

如果你的网站需要免费的HTTPS证书,教你通过Certbot申请Let’s Encrypt的免费HTTPS证书。

Certbot 的官方网站是 https://certbot.eff.org/

第一步:申请证书,获取certbot

cd /root
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

停止
service httpd stop

生成证书,使用-d追加多个域名
./certbot-auto certonly --standalone --email onexin@qq.com --agree-tos -d onexin.net -d www.onexin.net

查看生成的证书
ls /etc/letsencrypt/live/

第二步:配置证书,在Nginx
#——————-Nginx————————–

listen 443 ssl http2;
ssl_certificate /etc/letsencrypt/live/onexin.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/onexin.net/privkey.pem;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-SHA384:ECDHE-RSA-:ECDHE:!DES:!3DES:!MD5:!DSS:!PKS;
ssl_session_cache builtin:1000 shared:SSL:10m;

#——————-Nginx————————–

在Apache配置证书,最后面加
#——————-Apache————————–

<VirtualHost *:443>
DocumentRoot /home/wwwroot/www.onexin.net
ServerName www.onexin.net:443
ServerAdmin admin@onexin.net
ErrorLog "/home/wwwlogs/www.onexin.net-error_log"
CustomLog "/home/wwwlogs/www.onexin.net-access_log" common
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/www.onexin.net/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.onexin.net/privkey.pem
<Directory "/home/wwwroot/www.onexin.net">
SetOutputFilter DEFLATE
Options FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
DirectoryIndex index.html index.php
</Directory>
</VirtualHost>

#——————-Apache————————–

第三步:更新证书,启动Apache
service httpd start

编写更新脚本renew-cert.sh
################################################

#!/bin/bash

service httpd stop

# --force-renew
/root/certbot-auto renew --force-renew

service httpd start

# end

################################################
chmod a+x renew-cert.sh

自动更新https证书的计划任务

# crontab -e
//每月20号自动更新一次证书
0 0 20 * * /root/renew-cert.sh >> /root/crontab.log 2>&1

到此结束,按esc,输入:wq 并退出。

//——————————————————————-
检查ssl安全:
https://myssl.com/

 

安装中必须关闭443端口:
Problem binding to port 443: Could not bind to IPv4 or IPv6.

[root@iZuf6i4mxt5qb468fga1uaZ ~]#
/root/.local/share/letsencrypt/lib/python2.6/site-packages/cryptography/__init__.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6
DeprecationWarning
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
/root/.local/share/letsencrypt/lib/python2.6/site-packages/acme/jose/jwa.py:110: DeprecationWarning: signer and verifier have been deprecated. Please use sign and verify instead.
signer = key.signer(self.padding, self.hash)
Performing the following challenges:
tls-sni-01 challenge for five.onexin.com
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
– Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/five.onexin.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/five.onexin.com/privkey.pem
Your cert will expire on 2017-11-30. To obtain a new or tweaked
version of this certificate in the future, simply run certbot-auto
again. To non-interactively renew *all* of your certificates, run
“certbot-auto renew”
– If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

转载请注明出处:https://www.onexin.net/certbot-https-lets-encrypt/

随机文章:

1、CSS+DIV:让文本字符环绕在你的图片周围
https://www.onexin.net/css-div-make-text-characters-around-the-picture-around-in-your/

2、CSS的“弹出式”图像浏览器
https://www.onexin.net/css%e7%9a%84%e2%80%9c%e5%bc%b9%e5%87%ba%e5%bc%8f%e2%80%9d%e5%9b%be%e5%83%8f%e6%b5%8f%e8%a7%88%e5%99%a8/

3、UCenter Home常用sql语句入门篇(一)
https://www.onexin.net/used-sql-statement-ucenter-home-getting-started-chapter/

4、[潜意识激发11A]完全的自信及健康有活力,充满精力
https://www.onexin.net/subconscious-inspired-11a-full-self-confidence-and-health-vitality-full-of-energy/

5、创建 PDO 实例请求连接SQL数据库
https://www.onexin.net/pdo-database/

Leave a Reply