越简单越好!

centos7 安装使用 Let’ s Encrypt 证书

发表于 2018-04-17 10:28 | 2713次阅读 0次点赞   CentOs

1. 需要安装python, 2.7以上版本
2. 下载 letsencrypt
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
3. 使用方法:
./letsencrypt-auto certonly --standalone --email admin@***.com -d ***.com -d www.***.com
如果提示1:
Problem binding to port 80: Could not bind to IPv4 or IPv6.

需要把nginx停一下。

如果提示2:
Certbot has problem setting up the virtual environment.
We were not be able to guess the right solution from your pip 
mv ~/.pip/pip.conf ~/.pip/pip.conf.backup 

# 提示以下内容说明已生成完成:

- Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/域名地址/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/域名地址/privkey.pem
   Your cert will expire on 2018-07-16. To obtain a new or tweaked
   version of this certificate in the future, simply run
   letsencrypt-auto again. To non-interactively renew *all* of your
   certificates, run "letsencrypt-auto renew"
 - If you like Certbot, please consider supporting our work by:
   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

需要更新,使用 

./letsencrypt-auto renew

4. nginx配置
在nginx的server里加上以下内容

ssl on;
ssl_certificate /etc/letsencrypt/live/域名地址/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/域名地址/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols  SSLv2 SSLv3 TLSv1;
ssl_ciphers  HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

5. 重启nginx,完成配置

也可以通过dns txt 记录验证的方式创建证书,使用命令:

./certbot-auto --manual --preferred-challenges dns certonly 

如果需要进行泛域名的话就用 *.aaa.com

或直接执行:

./certbot-auto certonly -d *.aaa.com --manual --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory

返回顶部 ^