溫馨提示×
您好,登錄后才能下訂單哦!
點擊 登錄注冊 即表示同意《億速云用戶服務條款》
您好,登錄后才能下訂單哦!
Mozilla、思科、Akamai、IdenTrust、EFF 和密歇根大學研究人員聯合宣布了 Let’s Encrypt CA 項 目,計劃為網站提供免費的基本 SSL 證書,以加速互聯網從 HTTP 向 HTTPS 過渡。Let’s Encrypt CA 將由非贏利組織 Internet Security Research Group (ISRG) 運營,今天12月4日凌晨項目正式進入公測階段,遂趕緊進行申請試用一下。
之前我申請證書都是用BS方式,這次是CS方式,感覺挺新鮮。
我的服務器環境 centos6.6
要安裝python2.7,2.6在申請時會報錯
下載地址 https://www.python.org/downloads/release/python-2710/
wget tar zxf Python-2.7.10.tgz cd Python-2.7.10 ./configure make && make install #把系統python命令指到新版本 which python /usr/local/bin/python rm /usr/local/bin/python ln -s /usr/local/bin/python2.7 /usr/local/bin/python
2.下載letsencrypt客戶端
yum install -y git git clone https://github.com/letsencrypt/letsencrypt.git cd letsencrypt ./letsencrypt-auto --help Updating letsencrypt and virtual environment dependencies....... Running with virtualenv: /root/.local/share/letsencrypt/bin/letsencrypt --help letsencrypt [SUBCOMMAND] [options] [-d domain] [-d domain] ... The Let's Encrypt agent can obtain and install HTTPS/TLS/SSL certificates. By default, it will attempt to use a webserver both for obtaining and installing the cert. Major SUBCOMMANDS are: (default) run Obtain & install a cert in your current webserver certonly Obtain cert, but do not install it (aka "auth") install Install a previously obtained cert in a server revoke Revoke a previously obtained certificate rollback Rollback server configuration changes made during install config_changes Show changes made to server config during installation plugins Display information about installed plugins Choice of server plugins for obtaining and installing cert: --apache Use the Apache plugin for authentication & installation --standalone Run a standalone webserver for authentication (nginx support is experimental, buggy, and not installed by default) --webroot Place files in a server's webroot folder for authentication OR use different plugins to obtain (authenticate) the cert and then install it: --authenticator standalone --installer apache More detailed help: -h, --help [topic] print this message, or detailed help on a topic; the available topics are: all, automation, paths, security, testing, or any of the subcommands or plugins (certonly, install, nginx, apache, standalone, webroot, etc)
3.客戶端可以為你提供申請+全自動安裝apache/nginx等一條龍服務,這里我選擇DIY,只申請,不用麻煩客戶端了,執行以下命令
./letsencrypt-auto certonly --manual
輸入你的域名
提示是否同意他們記錄你這次請求的ip地址,同意
這一步是驗證域名所有權,很關鍵
這一步的意思是,客戶端將訪問http://www.example.com/.well-known/acme-challenge/xiDWA8FkdWeTua7MIXBpQ3PeLt8jVu5Eimi4-jPsTHs 看看輸出是不是 xiDWA8FkdWeTua7MIXBpQ3PeLt8jVu5Eimi4-jPsTHs.MOcybE5RrQ_NsGgFybrHkVcTSohWn2z0JDfTtQkHKQE
我是提前裝了nginx服務器,那么只需要在我的網站根目錄下創建目錄和對應內容的文件,在公網能訪問得到就可以了。
cd /wwwroot/ mkdir -p ./.well-known/acme-challenge/ echo xiDWA8FkdWeTua7MIXBpQ3PeLt8jVu5Eimi4-jPsTHs.MOcybE5RrQ_NsGgFybrHkVcTSohWn2z0JDfTtQkHKQE>./.well-known/acme-challenge/xiDWA8FkdWeTua7MIXBpQ3PeLt8jVu5Eimi4-jPsTHs 試試獲取一下輸出正常了沒 curl 若正常,按回車。(如果還沒裝web服務器的話可以按照提示執行#run only once per server下面的命令)
4.證書獲取成功
IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/example.com/fullchain.pem. Your cert will expire on 2016-03-03. To obtain a new version of the certificate in the future, simply run Let's Encrypt again. - If like Let's Encrypt, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
后面再發一篇博文講述如何使用這個證書。
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。
