https://itopnet.blogspot.com/2018/01/centos-apache-https.html
和
https://itopnet.blogspot.com/2018/04/ssl.html
可以或的手動申請和設定的步驟,但是這一次要使用程式自動設定
1. 安裝 certbot
在 ubuntu 18.04 使用底下的指令
$ sudo apt-get update $ sudo apt-get install software-properties-common $ sudo add-apt-repository universe $ sudo add-apt-repository ppa:certbot/certbot $ sudo apt-get update $ sudo apt-get install certbot python-certbot-nginx
2. 使用certbot
$ sudo certbot --nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Enter email address (used for urgent renewal and security
notices) (Enter 'c' to cancel): 輸入你的Email
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the
Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and
the non-profit organization that develops Certbot? We'd like to send you
email about our work encrypting the web, EFF news, campaigns, and ways to support
digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
No names were found in your configuration files. Please enter
in your domain name(s) (comma and/or space separated) (Enter 'c' to cancel):
ssl.tyc.nctu.me (你可以輸入多個以,分隔)
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for ssl.tyc.nctu.me
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/default
Please choose whether or not to redirect HTTP traffic to HTTPS,
removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver
configuration.
2: Redirect - Make all requests redirect to secure HTTPS access.
Choose this for
new sites, or if you're confident your site works on HTTPS. You
can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to
cancel): 1 (選2就會把http重導到https,選1就是個別的)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled
https://ssl.tyc.nctu.me
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=ssl.tyc.nctu.me
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved
這個憑證90天就會到期
之後可以用
sudo certbot renew 自動更新憑證
參考:
https://certbot.eff.org/lets-encrypt/ubuntubionic-nginx
https://caloskao.org/ubuntu-use-certbot-to-automatically-update-lets-encrypt-certificate-authority/
沒有留言:
張貼留言