使用Certbot来配置网站的HTTPS
简介在前面我们介绍过可以使用阿里云获取免费证书,其实获取免费证书的方式非常多,最近又找到了一个非常好用的生成HTTPS证书的工具。
官网地址:https://certbot.eff.org/
本文主要是介绍配置Nignx的证书,做了一些关键步骤的记录,其实官网已经非常详细,所以大家最好参考官网。
1、安装相关工具
[root@online nginx]# yum -y install yum-utils
2、安装certbot
[root@online nginx]# yum install certbot python2-certbot-nginx
3、如果第二步安装成功,就跳过下面,下面主要是介绍Python报的一些问题,需要用下面两条命令解决
[root@online nginx]# pip install requests urllib3 pyOpenSSL --force --upgrade [root@online nginx]# pip install --upgrade --force-reinstall 'requests==2.6.0'
4、生成证书过程
[root@online nginx]# certbot --nginx --nginx-server-root=/usr/local/nginx/conf/ Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator nginx, Installer nginx Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): xxxxx@qq.com #填写自己邮箱地址 Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v02.api.letsencrypt.org/directory - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (A)gree/(C)ancel: A #同意 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y #Yes Starting new HTTPS connection (1): supporters.eff.org Which names would you like to activate HTTPS for? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: www.xxxx.com 2: www.yyyy.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter 'c' to cancel): 1 #选项对应域名的编号 Obtaining a new certificate Performing the following challenges: http-01 challenge for dev.online.qsyuwen.cn Waiting for verification... Cleaning up challenges Resetting dropped connection: acme-v02.api.letsencrypt.org Deploying Certificate to VirtualHost /usr/local/nginx/conf/vhost/dev.online.api.conf Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1 #是否跳转 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations! You have successfully enabled https://dev.online.qsyuwen.cn You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=dev.online.qsyuwen.cn - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/dev.online.qsyuwen.cn/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/dev.online.qsyuwen.cn/privkey.pem Your cert will expire on 2019-08-19. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew" - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
热门标签
每日一句
-
巧言不如直到。
——郑德辉
今日排行
- VSCode插件 - 快速生成表格并格式化
快速生成表格 - Electron页面跳转、浏览器打开链接和打开新窗口
Electron页面跳转、浏览器打开链接和打开新窗口 - Electron的第一个程序Hello World!
学习任何语言的第一个程序都是“Hello World!”,这里我们也遵循下,开启第一程序,Hello World!
- 网址收藏
平时在工作中会用到很多技术和工具,有时候确实会遗忘,所以这里将这些收藏该文中,便于以后进行查找。也希望查看到该文章的朋友对你们有一定的帮助,后期还会加入更多的信息进来。 - Python修改Windows桌面壁纸
为了实现能定时修改桌面背景,又不想使用其他的软件,所以自己就通过了Python实现了更换桌面背景的程序,后期通过执行定时任务来修改自己的桌面背景。
点击排行
- VSCode插件 - 快速生成表格并格式化
快速生成表格
- Electron页面跳转、浏览器打开链接和打开新窗口
Electron页面跳转、浏览器打开链接和打开新窗口
- Electron打包错误“Error: Application entry file ..”解决方案
打包出现如下错误:Error: Application entry file "dist\electron\main.js" in the "D:\gui\demo2\build\win-unpacked\resources\app.asar" does not exist. Seems like a wrong configuration.
- Git保存和清除用户名、密码
在使用Git的过程中,不想每次都输入用户名和密码去拉取代码,所以就需要保存这些信息,那么既然有保存了,就必须有清除功能。 - Docker编译出现:temporary error (try again later)
Docker编译镜像出现:fetch http://dl-cdn.alpinelinux.org/alpine/v3.12/main/x86_64/APKINDEX.tar.gz
ERROR: http://dl-cdn.alpinelinux.org/alpine/v3.12/main: temporary error (try again later)
WARNING: Ignoring APKINDEX.2c4ac24e.tar.gz: No such file or directory问题 - mac git用户名和密码修改
在Mac电脑中,如何对Git的用户名和密码进行修改呢?起初不懂Mac,所以整了很久,本文将记录如何对这个进行操作,以便后期使用。