介绍
使用Let's Encrypt的SSL免费证书
官网https://certbot.eff.org/
安装和配置证书
安装certbot for apache:
|
1 |
yum install certbot-apache |
执行配置向导:
|
1 |
certbot --apache |
输入域名:
*即使vhost并没有绑定域名,只要域名能够访问你的网站,在这里输入域名即可,https同样生效
|
1 2 |
No names were found in your configuration files. Please enter in your domain name(s) (comma and/or space separated) (Enter 'c' to cancel): 输入域名www.domain.com |
选择是否强制https:
|
1 2 3 4 5 6 7 8 |
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access. ------------------------------------------------------------------------------- 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration. ------------------------------------------------------------------------------- Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 输入1,http和https同时可用 |
打开https://www.domain.com显示绿标证书,配置证书成功.
自动更新证书
测试证书的续订命令:
|
1 |
certbot renew --dry-run |
如果运行正常,可以通过以下命令来安排自动续约
|
1 |
certbot renew |
一个cron作业的例子可能是这样的,它会在每天中午和午夜运行:
|
1 |
0 0,12 * * * python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew |
查看crontab的运行记录:
|
1 |
看 /var/log/cron这个文件就可以,可以用tail -f /var/log/cron观察(不能用cat查看) |
