[SSL] Let's Encrypt免費的SSL憑證(三個月)
分享完整連結 //n.sfs.tw/m10373
分享連結 [SSL] Let's Encrypt免費的SSL憑證(三個月)@精讚(文章歡迎轉載,請尊重版權註明連結來源)
2017-09-26 11:00:31 By 張○○
能找到有上下游都授權正確的憑證中心而且是免費的,雖然只有免費三個月,但還是值得推薦,設定和操作上很容易,對經驗不夠的人來說也很快能上手。
安裝及設定
安裝設定很簡單
[CENTOS7]
# yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
# yum install certbot python2-certbot-apache
# certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Which names would you like to activate HTTPS for?
-------------------------------------------------------------------------------
1: n.sfs.tw
-------------------------------------------------------------------------------
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for n.sfs.tw
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/httpd/conf.d/wildfly-le-ssl.conf
Deploying Certificate for n.sfs.tw to VirtualHost /etc/httpd/conf.d/wildfly-le-ssl.conf
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for <== 原本的http會導轉到https
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Redirecting vhost in /etc/httpd/conf.d/wildfly.conf to ssl vhost in /etc/httpd/conf.d/wildfly-le-ssl.conf
-------------------------------------------------------------------------------
Congratulations! You have successfully enabled https://n.sfs.tw
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=n.sfs.tw
-------------------------------------------------------------------------------
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/oidc.boe.ttct.edu.tw/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/oidc.boe.ttct.edu.tw/privkey.pem
Your cert will expire on 2017-12-25. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
這樣就好了
重啟APACHE,打開你的https://exampe.com 網站吧
三個月到期刷新你的憑證
# certbot renew
[CENTOS6]
centos6 沒辦法像centos7一樣安裝
# yum install certbot-apache
Loaded plugins: fastestmirror
Setting up Install Process
Loading mirror speeds from cached hostfile
* base: ftp.tc.edu.tw
* epel: mirror01.idc.hinet.net
* extras: ftp.tc.edu.tw
* updates: ftp.tc.edu.tw
No package certbot-apache available.
Error: Nothing to do
還好[1]這裡有解決方法:
# ./certbot-auto --apache
cancel): user@example.com
Please read the Terms of Service at ...
(A)gree/(C)ancel: a
share your email ...
(Y)es/(N)o: n
Which names would you like to activate HTTPS for?
-------------------------------------------------------------------------------
1: n.sfs.tw
2: ...
你的網域會列在這裡,如果沒有列出,就是你的apache沒設定好
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1 你的網域號碼
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
重啟apache即可
參考資料
[1] https://bobcares.com/blog/setup-lets-encrypt-centos-6-centos-7/
[2] Epel https://fedoraproject.org/wiki/EPEL#Quickstart
相關連結
https://letsencrypt.org/
check-host 從世界各地檢查你的網站能不能連線?
檢測你的網站能不能暢通?這個網站可讓你知道你的網站是不是「網際網路」還是「區域網路」?
[Smarty4] 出現 modifiers 函式不能用的問題
當我把smarty由3版更新到4.5.1版的時候,出現了Using unregistered function xx in a template這樣的錯誤,該如何解決?
[Docker] docker中要怎麼修改影像的名稱,rename image
透過 build來的image如果沒有指定名稱,事後要怎麼修改影像的名稱?
[Rocky9] 安裝node.js 18, node.js 20
原本的nodejs16在使用 quasar dev時出現錯誤,得升級成18版以上
[SSL] Could not read certificate from server.cer 的錯誤排除
在轉換ssl憑證時,出現無法讀取的錯誤,可是怎麼看憑證都很正常,該怎麼解決?
[Linux] 如何能知道我是什麼時候安裝系統的?
linux想知道什麼時候裝系統的?什麼時候建置的?不必憑記憶。