使用Certbot来配置网站的HTTPS
简介在前面我们介绍过可以使用阿里云获取免费证书,其实获取免费证书的方式非常多,最近又找到了一个非常好用的生成HTTPS证书的工具。
官网地址:https://certbot.eff.org/
本文主要是介绍配置Nignx的证书,做了一些关键步骤的记录,其实官网已经非常详细,所以大家最好参考官网。
1、安装相关工具
[root@online nginx]# yum -y install yum-utils
2、安装certbot
[root@online nginx]# yum install certbot python2-certbot-nginx
3、如果第二步安装成功,就跳过下面,下面主要是介绍Python报的一些问题,需要用下面两条命令解决
[root@online nginx]# pip install requests urllib3 pyOpenSSL --force --upgrade [root@online nginx]# pip install --upgrade --force-reinstall 'requests==2.6.0'
4、生成证书过程
[root@online nginx]# certbot --nginx --nginx-server-root=/usr/local/nginx/conf/ Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator nginx, Installer nginx Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): xxxxx@qq.com #填写自己邮箱地址 Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v02.api.letsencrypt.org/directory - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (A)gree/(C)ancel: A #同意 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y #Yes Starting new HTTPS connection (1): supporters.eff.org Which names would you like to activate HTTPS for? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: www.xxxx.com 2: www.yyyy.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter 'c' to cancel): 1 #选项对应域名的编号 Obtaining a new certificate Performing the following challenges: http-01 challenge for dev.online.qsyuwen.cn Waiting for verification... Cleaning up challenges Resetting dropped connection: acme-v02.api.letsencrypt.org Deploying Certificate to VirtualHost /usr/local/nginx/conf/vhost/dev.online.api.conf Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1 #是否跳转 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations! You have successfully enabled https://dev.online.qsyuwen.cn You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=dev.online.qsyuwen.cn - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/dev.online.qsyuwen.cn/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/dev.online.qsyuwen.cn/privkey.pem Your cert will expire on 2019-08-19. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew" - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
热门标签
每日一句
-
生活果然还是胁迫着要自己妥协下去,一次次地低头示好,一次次的曲意逢迎。
——落落
今日排行
- pwd:显示当所在位置
pwd是Print Working Directory的缩写,其功能是显示当前所在工作目录的全路径。主要用在当不确定当前所在位置时,通过pwd来查看当前目录的绝对路径。 - 《血色湘西》瞿先生独白
《血色湘西》瞿先生临死前的独白,振奋人心。 - 解决Github访问缓慢问题
最近国内访问GitHub特别的慢,那么对于一名程序猿来说,GitHub是多么的重要,本文主要记录如何加快GitHub的访问。 - groupadd:创建新的用户组
groupadd命令用户创建新的用户组。但是groupadd命令一般用途不大,因为在使用useradd命令创建用户的时候同时还会创建与用户同名的用户组。
- Flutter:底部导航栏组件-BottomNavigationBar
底部导航条BottomNavigationBar,可以非常方便的实现tap之间的切换。
点击排行
- VSCode插件 - 快速生成表格并格式化
快速生成表格 - Electron页面跳转、浏览器打开链接和打开新窗口
Electron页面跳转、浏览器打开链接和打开新窗口 - Electron打包错误“Error: Application entry file ..”解决方案
打包出现如下错误:Error: Application entry file "dist\electron\main.js" in the "D:\gui\demo2\build\win-unpacked\resources\app.asar" does not exist. Seems like a wrong configuration.
- Git保存和清除用户名、密码
在使用Git的过程中,不想每次都输入用户名和密码去拉取代码,所以就需要保存这些信息,那么既然有保存了,就必须有清除功能。 - mac git用户名和密码修改
在Mac电脑中,如何对Git的用户名和密码进行修改呢?起初不懂Mac,所以整了很久,本文将记录如何对这个进行操作,以便后期使用。 - Docker编译出现:temporary error (try again later)
Docker编译镜像出现:fetch http://dl-cdn.alpinelinux.org/alpine/v3.12/main/x86_64/APKINDEX.tar.gz
ERROR: http://dl-cdn.alpinelinux.org/alpine/v3.12/main: temporary error (try again later)
WARNING: Ignoring APKINDEX.2c4ac24e.tar.gz: No such file or directory问题