certbot自动在ubuntu16.04的nginx上部署let's encrypt免费ssl证书
2018-01-23 09:57
786 查看
终结CA收费时代,让互联网更安全
![](https://img-blog.csdn.net/20180123095650738?watermark/2/text/aHR0cDovL2Jsb2cuY3Nkbi5uZXQvSmFpbG1hbg==/font/5a6L5L2T/fontsize/400/fill/I0JBQkFCMA==/dissolve/70/gravity/SouthEast)
On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you'll need to do is apt-get the following packages.
Certbot has an Nginx plugin, which is supported on many platforms, and certificate installation.
Due to a security issue, Let's Encrypt has stopped offering the mechanism that the Nginx plugin previously used to prove you control a domain. You can read more about this here.
We are planning on releasing a new version of Certbot in the next few days that works around this but if you have to obtain a certificate and cannot wait, you have a couple of options. If you're serving files for that domain out of a directory on that server,
you can run the following command:
If you're not serving files out of a directory on the server, you can temporarily stop your server while you obtain the certificate and restart it after Certbot has obtained the certificate. This would look like:
Running either of these commands will get a certificate for you and have Certbot edit your Nginx configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Nginx configuration by hand, you can use
the certonlysubcommand. To see instructions on how to use this subcommand, select "None of the above" in the first drop-down menu above.
To learn more about how to use Certbot read our documentation.
The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal
for your certificates by running this command:
More detailed information and options about renewal can be found in the full documentation.
Install
On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you'll need to do is apt-get the following packages.$ sudo apt-get update $ sudo apt-get install software-properties-common $ sudo add-apt-repository ppa:certbot/certbot $ sudo apt-get update $ sudo apt-get install python-certbot-nginx
Get Started
Certbot has an Nginx plugin, which is supported on many platforms, and certificate installation.Due to a security issue, Let's Encrypt has stopped offering the mechanism that the Nginx plugin previously used to prove you control a domain. You can read more about this here.
We are planning on releasing a new version of Certbot in the next few days that works around this but if you have to obtain a certificate and cannot wait, you have a couple of options. If you're serving files for that domain out of a directory on that server,
you can run the following command:
$ sudo certbot --authenticator webroot --installer nginx
If you're not serving files out of a directory on the server, you can temporarily stop your server while you obtain the certificate and restart it after Certbot has obtained the certificate. This would look like:
$ sudo certbot --authenticator standalone --installer nginx --pre-hook "nginx -s stop" --post-hook "nginx"
Running either of these commands will get a certificate for you and have Certbot edit your Nginx configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Nginx configuration by hand, you can use
the certonlysubcommand. To see instructions on how to use this subcommand, select "None of the above" in the first drop-down menu above.
To learn more about how to use Certbot read our documentation.
Automating renewal
The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewalfor your certificates by running this command:
$ sudo certbot renew --dry-run
More detailed information and options about renewal can be found in the full documentation.
相关文章推荐
- 利用Certbot工具快速给网站部署Let's Encrypt免费SSL证书
- 利用Certbot工具快速给网站部署Let's Encrypt免费SSL证书
- LNMP安装Let’s Encrypt 免费SSL证书方法:自动安装与手动配置Nginx
- IIS - 自动申请、部署Let's Encrypt的免费SSL证书(让网站实现HTTPS协议)
- 免费SSL证书Let's Encrypt(certbot)安装使用教程
- 部署Let’s Encrypt免费SSL证书&&自动续期
- Windows服务器上完成Let’s Encrypt免费SSL证书的自动化更新部署(apache)
- [转]部署Let’s Encrypt免费SSL证书&&自动续期
- 免费SSL证书Let's Encrypt(certbot)安装使用教程
- nginx配置Let's Encrypt免费SSL证书
- 使用Let’s Encrypt创建nginx免费SSL证书
- 免费SSL证书 之Let’s Encrypt申请与部署(Windows Nginx)
- 免费SSL证书 之Let’s Encrypt申请与部署(Windows Nginx)
- Let’s Encrypt 免费SSL证书自动续期的方法
- 使用 let's encrypt certbot部署https网站
- 免费SSL证书 之Let’s Encrypt申请与部署(Windows Nginx)
- 部署 使用 acme.sh 给 Nginx 安装 Let’ s Encrypt 提供的免费 SSL 证书
- 使用 Cerbot 部署 Let's Encrypt免费证书 简单 升级 http 到 https 申请单域名ssl证书
- Let's Encrypt永久免费SSL证书过程教程及常见问题