certbot自动在ubuntu16.04的nginx上部署let's encrypt免费ssl证书

  1. 云栖社区>
  2. 博客>
  3. 正文

certbot自动在ubuntu16.04的nginx上部署let's encrypt免费ssl证书

神棍先生 2018-01-23 09:57:22 浏览953
展开阅读全文
版权声明:本文可能为博主原创文章,若标明出处可随便转载。 https://blog.csdn.net/Jailman/article/details/79136172

终结CA收费时代,让互联网更安全


Install

On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you'll need to do is apt-get the following packages.

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-nginx 

Get Started

Certbot has an Nginx plugin, which is supported on many platforms, and certificate installation.

Due to a security issue, Let's Encrypt has stopped offering the mechanism that the Nginx plugin previously used to prove you control a domain. You can read more about this here.

We are planning on releasing a new version of Certbot in the next few days that works around this but if you have to obtain a certificate and cannot wait, you have a couple of options. If you're serving files for that domain out of a directory on that server, you can run the following command:

$ sudo certbot --authenticator webroot --installer nginx

If you're not serving files out of a directory on the server, you can temporarily stop your server while you obtain the certificate and restart it after Certbot has obtained the certificate. This would look like:

$ sudo certbot --authenticator standalone --installer nginx --pre-hook "nginx -s stop" --post-hook "nginx"

Running either of these commands will get a certificate for you and have Certbot edit your Nginx configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Nginx configuration by hand, you can use the certonlysubcommand. To see instructions on how to use this subcommand, select "None of the above" in the first drop-down menu above.

To learn more about how to use Certbot read our documentation.

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run

More detailed information and options about renewal can be found in the full documentation.


网友评论

登录后评论
0/500
评论
神棍先生
+ 关注