Let’s Encrypt 免费获取通配符SSL证书开启HTTPS
CENTOS6.5_X64安装certbot
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
执行安装相关插件
./certbot-auto --nginx
生成通配符SSL证书
./certbot-auto certonly -d phpwebhome.com,*.phpwebhome.com --manual --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory
等待执行结果,添加TXT解析 phpwebhome.com,*.phpwebhome.com 需要添加2个TXT解析
lease deploy a DNS TXT record under the name
_acme-challenge.phpwebhome.com with the following value:LaUMgCtPne-6nejIOwsEF-2dleGjr2g1ONBq13PjJyQ
Before continuing, verify the record is deployed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
Waiting for verification...
Cleaning up challenges
添加完TXT解析查看是否解析完成,解析完成后在生成证书
dig -t txt _acme-challenge.phpwebhome.com @8.8.8.8
回车继续执行生成证书
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/phpwebhome.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/phpwebhome.com/privkey.pem
Your cert will expire on 2019-02-04. To obtain a new or tweaked
version of this certificate in the future, simply run certbot-auto
again. To non-interactively renew *all* of your certificates, run
"certbot-auto renew"
- If you like Certbot, please consider supporting our work by:Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
校验证书
openssl x509 -in /etc/letsencrypt/live/phpwebhome.com/cert.pem -noout -text
输出结果
X509v3 Subject Alternative Name:
DNS:*.phpwebhome.com
修改NGINX配置文件server下添加
listen 443 ssl;
ssl_certificate /etc/phpwebhome.com/fullchain.pem;
ssl_certificate_key /etc/phpwebhome.com/privkey.pem;
#Nginx强制HTTPS访问
if ($ssl_protocol = "") {
rewrite ^ https://$server_name$request_uri? permanent;
}
#Nginx强制HTTPS访问
添加完成后重新导入配置文件并重启Nginx服务
service nginx reload
service nginx restart
续签证书
./certbot-auto renew //模拟续签
./certbot-auto renew --dry-run
Let's Encrypt官方资料
https://letsencrypt.org/
https://certbot.eff.org/
还没有人抢沙发呢~