Skip to content

Let's Encrypt免费ssl证书

Jump to bottom
lupeng0512 edited this page Aug 30, 2017 · 7 revisions

第一步安装python2.7

  tar zxf Python-2.7.8.tgz    
  cd Python-2.7.8    
  ./configure --prefix=/usr/local/python2.7  
  make  
  make install  
  mv /usr/bin/python  /usr/bin/python.2.6.bak  
  ln -s /usr/local/python2.7/bin/python  /usr/bin/python
注因为系统安装软件需要使用到python原来的版本所以需要将yum头部更改
  vim /usr/bin/yum  
  #!/usr/bin/python2.6.bak

生成证书

  ![证书生成脚本](http://ourn452f7.bkt.clouddn.com/certbot-auto)  

 ./certbot-auto certonly --webroot -w /opt/vhosts/www.datasheet5.com/www/htdocs -d www.datasheet5.com
    需要安装一个依赖包 确认输入
看到如下信息,表明证书生成成功
 IMPORTANT NOTES:  
 Congratulations! Your certificate and chain have been saved at  
 /etc/letsencrypt/live/xxx.com/fullchain.pem. Your cert will  
 expire on 2016-03-05. To obtain a new version of the certificate in  
 the future, simply run Let's Encrypt again.  
 If like Let's Encrypt, please consider supporting our work by:  

 Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate  
 Donating to EFF:                    https://eff.org/donate-le
证书路径在 /etc/letsencrypt/live/www.datasheet5.com/

nginx 证书配置

 ssl on;  
 ssl_certificate /etc/letsencrypt/live/www.datasheet5.com/fullchain.pem;  
 ssl_certificate_key /etc/letsencrypt/live/www.datasheet5.com/privkey.pem;  
 ssl_trusted_certificate /etc/letsencrypt/live/www.datasheet5.com/chain.pem;

证书续约

测试续约是否成功 看到以下提示说明测试成功
certbot renew --dry-run  

Saving debug log to /var/log/letsencrypt/letsencrypt.log  

Processing /etc/letsencrypt/www.datasheet5.com/ubock.com.conf  

Cert not due for renewal, but simulating renewal for dry run  
Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org  
Renewing an existing certificate  
Performing the following challenges:  
http-01 challenge for www.datasheet5.com   
http-01 challenge for www.datasheet5.com   
Waiting for verification...  
Cleaning up challenges  
Generating key (2048 bits): /etc/letsencrypt/keys/0001_key-certbot.pem  
Creating CSR: /etc/letsencrypt/csr/0001_csr-certbot.pem  
DRY RUN: simulating 'certbot renew' close to cert expiry             (The test certificates below have not been saved.)  

Congratulations, all renewals succeeded. The following certs have been renewed:  
/etc/letsencrypt/live/ubock.com/fullchain.pem (success)  
DRY RUN: simulating 'certbot renew' close to cert expiry             (The test certificates above have not been saved.)  

IMPORTANT NOTES:  
Your account credentials have been saved in your Certbot  
configuration directory at /etc/letsencrypt. You should make a  
secure backup of this folder now. This configuration directory will  
also contain certificates and private keys obtained by Certbot so  
making regular backups of this folder is ideal.
测试成功即可执行以下命令
./certbot-auto renew --quiet
Clone this wiki locally