免费SSL证书

给网站加HTTPS访问需要添加与域名同名的证书。 SSL证书正常是要收费的,以下是常见的免费SSL证书获取方法。 via
https://certbot.eff.org/

1 登陆网站Server,有Internet access, 命令行有sudo 权限. 先stop http server
2 运行以下命令

git clone https://github.com/certbot/certbot
cd certbot
pip install virtualen

./certbot-auto certonly –standalone –no-bootstrap

3 按提示输入域名, 比如xxx.com,也可能要求你输入邮箱地址。

[root@centos-s-1vcpu-1gb-sgp1-02 certbot]# ./certbot-auto certonly –standalone –no-bootstrap
Upgrading certbot-auto 0.40.1 to 1.0.0…
Replacing certbot-auto…
Creating virtual environment…
Installing Python packages…
DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won’t be maintained after that date. A future version of pip will drop support for Python 2.7. More details about Python 2 support in pip, can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support
Installation succeeded.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Please enter in your domain name(s) (comma and/or space separated) (Enter ‘c’
to cancel): xxx.com
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for xxx.com
Waiting for verification…
Cleaning up challenges

IMPORTANT NOTES:
– Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/xxx.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/xxx.com/privkey.pem
Your cert will expire on 2020-03-30. To obtain a new or tweaked
version of this certificate in the future, simply run certbot-auto
again. To non-interactively renew *all* of your certificates, run
“certbot-auto renew”
– If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

4 查看保存的证书。
certificate在 /etc/letsencrypt/live/xxx.com/fullchain.pem 中的第一部分
—–BEGIN CERTIFICATE—–
….
—–END CERTIFICATE—–

fullchain 在 /etc/letsencrypt/live/xxx.com/fullchain.pem 中的第二部分

PrivateKey在 /etc/letsencrypt/live/xxx.com/privkey.pem

5 导入证书, 重启http server

发表评论

电子邮件地址不会被公开。 必填项已用*标注