随着各个脚本的安全性越来越差,越来越多的我倾向于自行编译lnmp环境。但自行编译环境申请SSL证书一直是个问题,今天给大家介绍一个好用的工具:CertBot来实现证书的申请及自动续期。以下所有操作均运行在 Debian服务器。本机环境是Debian12首先,我们要安装 Snapdsu root ap

随着各个脚本的安全性越来越差,越来越多的我倾向于自行编译lnmp环境。但自行编译环境申请SSL证书一直是个问题,今天给大家介绍一个好用的工具:CertBot来实现证书的申请及自动续期。

以下所有操作均运行在 Debian服务器。本机环境是Debian12

首先,我们要安装 Snapd

su root
apt update
apt install snapd

安装Snapd-core

sudo snap install core

安装CertBot

sudo snap install --classic certbot

链接CertBot到/usr/bin目录

sudo ln -s /snap/bin/certbot /usr/bin/certbot

给nginx环境安装证书,指定nginx的conf目录和nginx的执行目录,配置证书是自动完成的。

certbot --nginx --nginx-server-root=/usr/local/nginx/conf --nginx-ctl=/usr/local/nginx/sbin/nginx

以下是自动申请证书的输出结果,中间需要输入邮箱及一些确认。

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel): admin@1stcache.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y    

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y
Account registered.

Which names would you like to activate HTTPS for?
We recommend selecting either all domains, or all domains in a VirtualHost/server block.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: oss.1stcache.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Requesting a certificate for oss.1stcache.com

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/oss.1stcache.com/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/oss.1stcache.com/privkey.pem
This certificate expires on 2024-02-14.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate
Successfully deployed certificate for oss.1stcache.com to /usr/local/nginx/conf/nginx.conf
Congratulations! You have successfully enabled HTTPS on https://oss.1stcache.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
root@sweaty-balance:/usr/local/nginx# 

现在再使用https来访问我们的网站,发现已经大功告成了。

别急,我们需要全自动续期呢。

sudo certbot renew --dry-run

这个命令会帮我们自动续期,现在才算ok了。

/etc/crontab/
/etc/cron.*/*
systemctl list-timers

查看以上目录确认续期ok。

整个流程其实非常简单。脱离面板其实也没有那么难。

温馨提示:本文最后更新于 2023-11-16 09:16 ,某些文章具有时效性,若有错误或已失效,请在下方留言或联系QQ115904045
声明:
1.本站大部分内容均收集于网络!若内容若侵犯到您的权益,请发送邮件至:115904045@qq.com,我们将第一时间处理!
2.资源所需价格并非资源售卖价格,是收集、整理、编辑详情以及本站运营的适当补贴,并且本站不提供任何免费技术支持
3.所有资源仅限于参考和学习,版权归原作者所有,更多请阅读网站声明

给TA打赏
共{{data.count}}人
人已打赏
管理面板

宝塔强化WAF防护-开启5秒盾-轻松防CC攻击!

2023-10-26 15:08:57

主机运维管理面板

2023宝塔 Linux 面板开心版

2023-12-6 14:21:59

0 条回复 A文章作者 M管理员
    暂无讨论,说说你的看法吧
购物车
优惠劵
今日签到
有新私信 私信列表
搜索

夕阳无别事,等风也等你

联系我们