使用Certbot来配置网站的HTTPS
简介在前面我们介绍过可以使用阿里云获取免费证书,其实获取免费证书的方式非常多,最近又找到了一个非常好用的生成HTTPS证书的工具。
官网地址:https://certbot.eff.org/
本文主要是介绍配置Nignx的证书,做了一些关键步骤的记录,其实官网已经非常详细,所以大家最好参考官网。
1、安装相关工具
[root@online nginx]# yum -y install yum-utils
2、安装certbot
[root@online nginx]# yum install certbot python2-certbot-nginx
3、如果第二步安装成功,就跳过下面,下面主要是介绍Python报的一些问题,需要用下面两条命令解决
[root@online nginx]# pip install requests urllib3 pyOpenSSL --force --upgrade [root@online nginx]# pip install --upgrade --force-reinstall 'requests==2.6.0'
4、生成证书过程
[root@online nginx]# certbot --nginx --nginx-server-root=/usr/local/nginx/conf/ Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator nginx, Installer nginx Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): xxxxx@qq.com #填写自己邮箱地址 Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v02.api.letsencrypt.org/directory - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (A)gree/(C)ancel: A #同意 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y #Yes Starting new HTTPS connection (1): supporters.eff.org Which names would you like to activate HTTPS for? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: www.xxxx.com 2: www.yyyy.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter 'c' to cancel): 1 #选项对应域名的编号 Obtaining a new certificate Performing the following challenges: http-01 challenge for dev.online.qsyuwen.cn Waiting for verification... Cleaning up challenges Resetting dropped connection: acme-v02.api.letsencrypt.org Deploying Certificate to VirtualHost /usr/local/nginx/conf/vhost/dev.online.api.conf Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1 #是否跳转 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations! You have successfully enabled https://dev.online.qsyuwen.cn You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=dev.online.qsyuwen.cn - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/dev.online.qsyuwen.cn/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/dev.online.qsyuwen.cn/privkey.pem Your cert will expire on 2019-08-19. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew" - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
热门标签
每日一句
-
自春来、惨绿愁红,芳心是事可可。
——柳永
今日排行
- 无向图(Undirected Graph)
无向图(Undirected Graph) - 《血色湘西》瞿先生独白
《血色湘西》瞿先生临死前的独白,振奋人心。 - Python调用WPS把文档转换PDF,并把PDF转图片
Python调用WPS把文档转换PDF,并把PDF转图片,首先需要安装WPS,然后利用pypiwin32把文档转化成PDF,再利用fitz、PyMuPD把PDF转化成图片 - 仓库管理系统之:GitLab
GitLab 是一个用于仓库管理系统的开源项目,使用Git作为代码管理工具,并在此基础上搭建起来的web服务。 - 音乐推荐《追梦赤子心》
《追梦赤子心》是苏朵作词和谱曲,甘虎编曲,GALA乐队演唱的一首歌,收录在2011年发行的同名专辑《追梦赤子心》中。 该曲也是2015年播出的动画《那年那兔那些事儿》的片尾曲和电影《空天猎》的片尾曲。2011年12月10日,该歌曲获得第三届中国摇滚迷笛奖最佳年度摇滚歌曲。
点击排行
- VSCode插件 - 快速生成表格并格式化
快速生成表格 - Electron页面跳转、浏览器打开链接和打开新窗口
Electron页面跳转、浏览器打开链接和打开新窗口 - Electron打包错误“Error: Application entry file ..”解决方案
打包出现如下错误:Error: Application entry file "dist\electron\main.js" in the "D:\gui\demo2\build\win-unpacked\resources\app.asar" does not exist. Seems like a wrong configuration.
- Docker编译出现:temporary error (try again later)
Docker编译镜像出现:fetch http://dl-cdn.alpinelinux.org/alpine/v3.12/main/x86_64/APKINDEX.tar.gz
ERROR: http://dl-cdn.alpinelinux.org/alpine/v3.12/main: temporary error (try again later)
WARNING: Ignoring APKINDEX.2c4ac24e.tar.gz: No such file or directory问题 - Git保存和清除用户名、密码
在使用Git的过程中,不想每次都输入用户名和密码去拉取代码,所以就需要保存这些信息,那么既然有保存了,就必须有清除功能。 - mac git用户名和密码修改
在Mac电脑中,如何对Git的用户名和密码进行修改呢?起初不懂Mac,所以整了很久,本文将记录如何对这个进行操作,以便后期使用。