Let’s Encrypt 免费获取通配符SSL证书开启HTTPS

    CENTOS6.5_X64安装certbot

    wget https://dl.eff.org/certbot-auto
    chmod a+x certbot-auto

    执行安装相关插件

    ./certbot-auto --nginx

    生成通配符SSL证书

    ./certbot-auto certonly -d phpwebhome.com,*.phpwebhome.com --manual --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory

    等待执行结果,添加TXT解析 phpwebhome.com,*.phpwebhome.com 需要添加2个TXT解析

    lease deploy a DNS TXT record under the name
    _acme-challenge.phpwebhome.com with the following value:

    LaUMgCtPne-6nejIOwsEF-2dleGjr2g1ONBq13PjJyQ

    Before continuing, verify the record is deployed.
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Press Enter to Continue
    Waiting for verification...
    Cleaning up challenges

    添加完TXT解析查看是否解析完成,解析完成后在生成证书

    dig -t txt _acme-challenge.phpwebhome.com @8.8.8.8

    回车继续执行生成证书

    IMPORTANT NOTES:
    - Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/phpwebhome.com/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/phpwebhome.com/privkey.pem
    Your cert will expire on 2019-02-04. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot-auto
    again. To non-interactively renew *all* of your certificates, run
    "certbot-auto renew"
    - If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
    Donating to EFF: https://eff.org/donate-le

    校验证书

    openssl x509 -in /etc/letsencrypt/live/phpwebhome.com/cert.pem -noout -text

    输出结果

    X509v3 Subject Alternative Name:
    DNS:*.phpwebhome.com

    修改NGINX配置文件server下添加

    listen 443 ssl;
    ssl_certificate /etc/phpwebhome.com/fullchain.pem;
    ssl_certificate_key /etc/phpwebhome.com/privkey.pem;
    #Nginx强制HTTPS访问
    if ($ssl_protocol = "") {
    rewrite ^ https://$server_name$request_uri? permanent;
    }
    #Nginx强制HTTPS访问

    添加完成后重新导入配置文件并重启Nginx服务

    service nginx reload
    service nginx restart

    续签证书

    ./certbot-auto renew //模拟续签
    ./certbot-auto renew --dry-run

    Let's Encrypt官方资料

    https://letsencrypt.org/
    https://certbot.eff.org/

    转载请注明:RAIN MAN » Let’s Encrypt 免费获取通配符SSL证书开启HTTPS

    喜欢 0

还没有人抢沙发呢~