国产xxxx99真实实拍_久久不雅视频_高清韩国a级特黄毛片_嗯老师别我我受不了了小说

資訊專欄INFORMATION COLUMN

利用Certbot全自動安裝Let's Encrypt安全證書,實現全站加密

Dionysus_go / 2496人閱讀

摘要:使用的官方文檔,可以選擇系統,切換對應的使用方法,我選擇的是安裝安裝過程中,若出現錯誤,可使用解決,注意后面的要替換為提示錯誤中的申請證書

Certbot使用的官方文檔,可以選擇系統,切換對應的使用方法,我選擇的是Ubuntu16.04+Nginx

1、安裝Cerbot
$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-nginx 
安裝過程中,若出現 W: GPG error: http://ppa.launchpad.net/ondrej/php/ubuntu xenial InRelease: The following signatures couldn"t be verified because the public key is not available: NO_PUBKEY 4F4EA0AAE5267A6C 錯誤,可使用 sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 4F4EA0AAE5267A6C 解決,注意后面的key要替換為提示錯誤中的PUBKEY
2、申請證書
sudo certbot --nginx --nginx-server-root /etc/nginx/ -d xxx.j2do.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Enter email address (used for urgent renewal and security notices) (Enter "c" to
cancel): xxxxx@126.com
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org

-------------------------------------------------------------------------------
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v01.api.letsencrypt.org/directory
-------------------------------------------------------------------------------
(A)gree/(C)ancel: A

-------------------------------------------------------------------------------
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let"s Encrypt project and the non-profit
organization that develops Certbot? We"d like to send you email about EFF and
our work to encrypt the web, protect its users and defend digital rights.
-------------------------------------------------------------------------------
(Y)es/(N)o: N
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for ddy.j2do.com
nginx: [warn] conflicting server name "" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "" on [::]:80, ignored
Waiting for verification...
Cleaning up challenges
nginx: [warn] conflicting server name "" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "" on [::]:80, ignored
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/ddy
nginx: [warn] conflicting server name "" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "" on [::]:80, ignored

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you"re confident your site works on HTTPS. You can undo this
change by editing your web server"s configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press "c" to cancel): 1

-------------------------------------------------------------------------------
Congratulations! You have successfully enabled https://ddy.j2do.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=ddy.j2do.com
-------------------------------------------------------------------------------

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/xxx.j2do.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/xxx.j2do.com/privkey.pem
   Your cert will expire on 2018-09-16. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let"s Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le
第一項必須是選擇同意(A),第二項無所謂,是將記得郵件地址添加到EFF郵件列表中,發送一些郵件給你,可以選擇否(N),這時候證書會自動生成,并根據你的域名,去查找nginx配置,自動修改nginx配置支持https,最后詢問你,是否要將http的請求全部重置到https上,配置完成后告訴你一些信息,證書存放在/etc/letsencrypt位置
3、重啟nignx即可
sudo service nginx restart
4、Let"s Encrypt推薦使用ACME v2證書,此證書支持通配符,使證書更容易管理,稍后補充申請方法 5、自動定時申請更新證書
無論如何要記得更新證書這個事情還是很麻煩,那么certbot提供了一個自動為所有證書重新申請的命令,而且它是智能的,只申請七天內到期的證書
#設置crontab命令
0 2 * * * certbot renew

文章版權歸作者所有,未經允許請勿轉載,若此文章存在違規行為,您可以聯系管理員刪除。

轉載請注明本文地址:http://specialneedsforspecialkids.com/yun/39990.html

相關文章

  • 通過 Certbot 安裝 Let's Encrypt 證書,來實現全站的 HTTPS

    摘要:甚至和百度的搜索結果也正在給予的網站更高的排名和優先收錄權。由于預設的解碼器是,所以就不能識別中文。那理解了這個錯誤原因后,我這邊首先想到的就是網站的配置文件中是否含有中文。打開一看,確實存在中文注釋。 相關知識 HTTP/HTTPS 是什么? 簡單來說,HTTP 是一個傳輸網頁內容的協議,比如我們瀏覽一個網頁,網頁上的文字、圖片、 CSS 、 JS 等文件都是通過 HTTP 協議傳輸...

    Lsnsh 評論0 收藏0
  • 在Amazon Linux 上使用 Let's encrypt 免費的SSL

    摘要:在上使用免費的如果你使用來做負載均衡,在上可以很方便的使用。提供期限為三個月的免費證書,到期之后需要,官方還提供自動的工具是一個自動申請和續期證書的工具。在官網可以找到各種和服務器下的安裝方法。常見的和安裝起來十分方便。 在Amazon Linux 上 使用 Lets encrypt 免費的SSL 如果你使用ELB來做負載均衡,在AWS上可以很方便的使用SSL。如果不使用ELB就需要自...

    coolpail 評論0 收藏0
  • 使用 Let's Encrypt 證書部署 HTTPS

    摘要:為了推廣協議,電子前哨基金會成立了,提供免費證書。部署,包含申請域名部署應用,并開啟服務。安裝使用獲取證書對于,使用的插件獲取。 為了推廣HTTPS協議,電子前哨基金會EFF成立了 Lets Encrypt,提供免費證書。 Lets Encrypt一個于2015年三季度推出的數字證書認證機構,將通過旨在消除當前手動創建和安裝證書的復雜過程的自動化流程,為安全網站提供免費的SSL/TLS...

    he_xd 評論0 收藏0

發表評論

0條評論

Dionysus_go

|高級講師

TA的文章

閱讀更多
最新活動
閱讀需要支付1元查看
<