ssl证书免费申请及续签
原创
©著作权归作者所有:来自51CTO博客作者北京菜丫的原创作品,请联系作者获取转载授权,否则将追究法律责任
环境介绍
众所周知,ssl 证书一般是要花钱买的。但是我这次要讲的证书是免费的,同时也受浏览器认可。证书机构Let’s Encrypt,一家国外的机构。那么具体操作就看下面操作部分了。
SSL证书申请及自动续期
将 EPEL 存储库添加到您的 RHEL 安装中后,只需安装snapd包:
[root@blog ~]# yum -y install snapd
安装后,需要启用管理主 snap 通信套接字的systemd单元:
[root@blog ~]# sudo systemctl enable –now snapd.socket
Created symlink /etc/systemd/system/sockets.target.wants/snapd.socket → /usr/lib/systemd/system/snapd.socket.
要启用经典snap 支持,请输入以下内容以在/var/lib/snapd/snap和之间创建符号链接/snap:
[root@blog ~]# sudo ln -s /var/lib/snapd/snap /snap
安装证书机器人在机器上的命令行上运行此命令以安装 Certbot。
[root@blog ~]# sudo snap install –classic certbot
certbot 1.32.0 from Certbot Project (certbot-eff✓) installed
在机器上的命令行执行以下指令,确保certbot命令可以运行。
[root@blog ~]# ln -s /snap/bin/certbot /usr/bin/certbot
运行此命令以获取证书并让 Certbot 自动编辑您的 Nginx 配置以提供服务,只需一步即可打开 HTTPS 访问。如果你希望自己修改nginx配置文件,那么执行下一步,跳过该步。
[root@blog ~]# certbot certonly
如果您感觉更保守并希望手动更改 Nginx 配置,那么选择这一步骤,自己去改nginx配置文件。
[root@blog ~]# certbot certonly –nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
(Enter ‘c’ to cancel): #输入你的邮箱
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf. You must
agree in order to register with the ACME server. Do you agree?
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
(Y)es/(N)o: Y
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let’s Encrypt project and the non-profit organization that
develops Certbot? We’d like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
(Y)es/(N)o: Y
Account registered.
Which names would you like to activate HTTPS for?
We recommend selecting either all domains, or all domains in a VirtualHost/server block.
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
1: blog.xtgby.com
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel): 1
Requesting a certificate for blog.xtgby.com
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/blog.xtgby.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/blog.xtgby.com/privkey.pem
This certificate expires on 2023-02-20.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
测试证书的自动续订
[root@blog ~]# certbot renew –dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Processing /etc/letsencrypt/renewal/blog.xtgby.com.conf
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Account registered.
Simulating renewal of an existing certificate for blog.xtgby.com
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Congratulations, all simulated renewals succeeded:
/etc/letsencrypt/live/blog.xtgby.com/fullchain.pem (success)
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
结束之有话想说
既然申请完https证书之后,就赶紧配置你的网站去吧骚年。👊