Let's Encrypt SSL 证书配置

系统环境:
OS: centos 7.4
http server: apache 2.4


Let's Encrypt 下载安装



git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto


会弹窗选择,并要求输入恢复证书的时候的邮箱,这里就不一一说明了。

当看到以下内容的时候,表明安装成功。



经过对比发现(非本人),国内的DNSPOD、阿里云DNS、CloudXNS等都会出现Let's Encrypt 验证域名超时的情况,国外的Namecheap DNS、Linode DNS、Domain.com DNS等都是没有问题。

除了DNS的问题外,还有如果你用CDN加速,比如cloudflare的CDN加速,最后也会导致失败。


配置



见Apache配置

更新证书



Let's Encrypt免费SSL证书有效期是90天,也就是每三个月你就得续期一次。采用官方的方法获取到的免费SSL证书,你不需要更改Apache和Nginx配置代码,执行以下代码即可自动替换证书为新的(注意修改域名和邮箱):

./letsencrypt-auto certonly --renew-by-default --email yeniugo@gmail.com -d yeniugo.com -d www.yeniugo.com


添加自动化脚本,运行crontab -e,进入文本编辑器,添加如下内容即可。

00 00 01 */2 * ./root/letsencrypt/letsencrypt-auto –renew certonly –email yeniugo@gmail.com -d www.yeniugo.com -d yeniugo.com && systemctl restart httpd


参考:
1. 免费SSL证书Let’s Encrypt安装使用教程:Apache和Nginx配置SSL

评论

  1. Unfortunately, like every thing on-line, these discussions can involve as much dangerous or incorrect information as they do wholesome or constructive ideas and material. Master-slave relationships are rare, but do exist, and have been studied in 2013 by Dancer, Kleinplatz, and Moser. Though there was a perception and perfect of “total submission,” “slaves” who had negotiated consensual nonconsent still exercised free will once they needed Raised Toilet Seats to for his or her finest pursuits. About half of the "slaves" in this examine described that that they had foregone any capacity to refuse orders from their master, once as} they entered into their relationship. Seventy-four percent of "slaves" reported that they'd engaged in behaviors that had beforehand appeared inconceivable to them, as they'd been “pushed beyond their limits” by their master.

    回复删除

发表评论

此博客中的热门博文

certbot cloudflare申请通用域名证书