<ruby id="bdb3f"></ruby>

    <p id="bdb3f"><cite id="bdb3f"></cite></p>

      <p id="bdb3f"><cite id="bdb3f"><th id="bdb3f"></th></cite></p><p id="bdb3f"></p>
        <p id="bdb3f"><cite id="bdb3f"></cite></p>

          <pre id="bdb3f"></pre>
          <pre id="bdb3f"><del id="bdb3f"><thead id="bdb3f"></thead></del></pre>

          <ruby id="bdb3f"><mark id="bdb3f"></mark></ruby><ruby id="bdb3f"></ruby>
          <pre id="bdb3f"><pre id="bdb3f"><mark id="bdb3f"></mark></pre></pre><output id="bdb3f"></output><p id="bdb3f"></p><p id="bdb3f"></p>

          <pre id="bdb3f"><del id="bdb3f"><progress id="bdb3f"></progress></del></pre>

                <ruby id="bdb3f"></ruby>

                ThinkChat2.0新版上線,更智能更精彩,支持會話、畫圖、視頻、閱讀、搜索等,送10W Token,即刻開啟你的AI之旅 廣告
                # Certbot-免費的https證書 ### 獲取SSL證書 理論上,我們自己也可以手動制作一個 SSL 安全證書,但是我們自己簽發的安全證書瀏覽器信任,所以我們需要被信任的證書授權中心( CA )簽發的安全證書。而一般的 SSL 安全證書簽發服務都需要付費,且價格昂貴,不過為了加快推廣 https 的普及, EEF 電子前哨基金會、 Mozilla 基金會和美國密歇根大學成立了一個公益組織叫 ISRG ( Internet Security Research Group ),這個組織從 2015 年開始推出了 Let’s Encrypt 免費證書。這個免費證書不僅免費,而且還相當好用,所以我們就可以利用 Let’s Encrypt 提供的免費證書部署 https 了。 ### Let’s Encrypt Let’s Encrypt提供了免費的證書申請服務,同時也提供了官方客戶端 [Certbot](https://certbot.eff.org/),打開首頁,就可以得到官方的安裝教程。官方教程給出了四種常用服務器和不同的Linux、Unix的安裝使用方案,可以說是十分的貼心了。 ![](https://img.kancloud.cn/3f/d8/3fd8e81aedc9b518ec7151cafa4f4f02_883x571.png) 下面我將會介紹一個通用的安裝方案: ##### 1.獲取certbot-auto ~~~cpp wget https://dl.eff.org/certbot-auto chmod a+x certbot-auto ~~~ ##### 2.生成證書 生成證書前需要停下nginx ~~~undefined service nginx stop ~~~ ~~~cpp ./certbot-auto certonly ~~~ 根據提示,輸入相關資料后,如打印類似以下內容,即可在/etc/letsencrypt/archive目錄下得到證書文件。 如果不想一步一步走,也可以直接使用以下命令直接生成。注意xxx需要替換為自己的東西。 ~~~cpp ./certbot-auto certonly --standalone --email xxx@xxx.com --agree-tos -d xxx.com -d www.xxx.com ~~~ xxx@xxx.com 填郵箱 xxx.com 目錄名稱 www.xxx.com 這是域名 ![](https://img.kancloud.cn/57/b2/57b2a67350ba80f42135a6fcd16939fb_732x153.png) ![](https://img.kancloud.cn/58/84/588429666865a873c92c0b28a8310219_1344x550.png) ##### 3.配置證書 Nginx中配置SSL證書的配置文件參考如下: ~~~bash server { listen 443 ssl; server_name xxx.com; location / { # .... } ssl_certificate /etc/letsencrypt/live/xxx.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/xxx.com/privkey.pem; } server { listen 80; server_name xxx.com; location / { # ... } #如果需要把http強制轉換為https,需要配置以下內容 if ($host = xxx.com) { #最好不要,會導致數據表丟失,post數據丟失,回調數據丟失 return 301 https://$host$request_uri; } } ~~~ 配置完成后,啟動Nginx,瀏覽器中查看效果。 ~~~undefined service nginx start ~~~ ~~~ ##### 以后執行這個,自動更新 service nginx stop certbot-auto renew service nginx start ~~~ Upgrading certbot-auto 1.3.0 to 1.5.0... Replacing certbot-auto... Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/xxx.com.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert not yet due for renewal - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/www.xxxxx.com-0001.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert not yet due for renewal - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/www.xxxxx.com.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert is due for renewal, auto-renewing... Plugins selected: Authenticator standalone, Installer None Renewing an existing certificate Performing the following challenges: http-01 challenge for ifreshuk.com Waiting for verification... Cleaning up challenges - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - new certificate deployed without reload, fullchain is /etc/letsencrypt/live/www.xxxxx.com/fullchain.pem - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The following certs are not due for renewal yet: /etc/letsencrypt/live/xxxxxx.com/fullchain.pem expires on 2020-09-02 (skipped) /etc/letsencrypt/live/www.xxxxxx.com-0001/fullchain.pem expires on 2020-09-30 (skipped) Congratulations, all renewals succeeded. The following certs have been renewed: /etc/letsencrypt/live/www.xxxxxx.com/fullchain.pem (success) # 補充另外的一個網站申請:[https://freessl.cn/](https://freessl.cn/)
                  <ruby id="bdb3f"></ruby>

                  <p id="bdb3f"><cite id="bdb3f"></cite></p>

                    <p id="bdb3f"><cite id="bdb3f"><th id="bdb3f"></th></cite></p><p id="bdb3f"></p>
                      <p id="bdb3f"><cite id="bdb3f"></cite></p>

                        <pre id="bdb3f"></pre>
                        <pre id="bdb3f"><del id="bdb3f"><thead id="bdb3f"></thead></del></pre>

                        <ruby id="bdb3f"><mark id="bdb3f"></mark></ruby><ruby id="bdb3f"></ruby>
                        <pre id="bdb3f"><pre id="bdb3f"><mark id="bdb3f"></mark></pre></pre><output id="bdb3f"></output><p id="bdb3f"></p><p id="bdb3f"></p>

                        <pre id="bdb3f"><del id="bdb3f"><progress id="bdb3f"></progress></del></pre>

                              <ruby id="bdb3f"></ruby>

                              哎呀哎呀视频在线观看