跳转至

Certbot

Certbot 是 EFF 加密整个 Internet 的工作的一部分。网络上的安全通信依赖于 HTTPS,HTTPS 需要使用数字证书,该数字证书可使浏览器验证 Web 服务器的身份(例如,这真的是 google.com 吗?)。Web 服务器从称为证书颁发机构(CA)的受信任第三方获取证书。Certbot 是一个易于使用的客户端,可以从 Let’s Encrypt(由 EFF,Mozilla 和其他公司发起的开放式证书颁发机构)中获取证书,并将其部署到 Web 服务器。

使用 CertBot 配置 HTTPS

Warning

已知问题:国内部分地域和 IP 段可能无法使用,如以下操作出现 timed outConnection reset by peer 请查看手动配置 HTTPS

  1. 使用 CertBot 配置 HTTPS 时,需提前绑定域名
  2. 域名绑定配置成功后,运行 certbot 命令
    [root@iZj6c98h92z5jududoxx2xZ ~]# certbot
    Enter email address (used for urgent renewal and security notices)
     (Enter 'c' to cancel): admin@admin.com  #填写邮箱
    
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Please read the Terms of Service at
    https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf. You must
    agree in order to register with the ACME server. Do you agree?
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    (Y)es/(N)o: y  #同意服务条款
    
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Would you be willing, once your first certificate is successfully issued, to
    share your email address with the Electronic Frontier Foundation, a founding
    partner of the Let's Encrypt project and the non-profit organization that
    develops Certbot? We'd like to send you email about our work encrypting the web,
    EFF news, campaigns, and ways to support digital freedom.
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    (Y)es/(N)o: y  #EFF发送电子邮件
    Account registered.
    
    Which names would you like to activate HTTPS for?
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    1: test.stacknil.com
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Select the appropriate numbers separated by commas and/or spaces, or leave input
    blank to select all options shown (Enter 'c' to cancel): 1    #选择需要证书的域名
    Requesting a certificate for test.stacknil.com
    
    Successfully received certificate.    # 证书获取成功
    Certificate is saved at: /etc/letsencrypt/live/test.stacknil.com/fullchain.pem
    Key is saved at:         /etc/letsencrypt/live/test.stacknil.com/privkey.pem
    This certificate expires on 2022-12-31.
    These files will be updated when the certificate renews.
    
    Deploying certificate   # 部署证书
    Successfully deployed certificate for test.stacknil.com to /etc/httpd/vhost/wordpress-le-ssl.conf
    Congratulations! You have successfully enabled HTTPS on https://test.stacknil.com
    
    NEXT STEPS:
    - The certificate will need to be renewed before it expires. Certbot can automatically renew the certificate in the background, but you may need to take steps to enable that functionality. See https://certbot.org/renewal-setup for instructions.
    We were unable to subscribe you the EFF mailing list because your e-mail address appears to be invalid. You can try again later by visiting https://act.eff.org.
    
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    If you like Certbot, please consider supporting our work by:
     * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
     * Donating to EFF:                    https://eff.org/donate-le
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -