This website requires JavaScript.
  • CentOS

Certbot 申请免费 HTTPS 证书

by  admin  

Certbot 是用于签发 Let's Encrypt 证书的管理工具。本文将在 CentOS 7 服务器上申请 Let's Encrypt 签发的 SSL 证书,并使用 Certbot 自动修改 Nginx 配置的方式,让网站支持 HTTPS。

安装 Certbot

  1. EPEL 库有 Certbot 的安装包,先安装 EPEL 源:
$ yum install epel-release -y
  1. 安装 Certbot 证书管理工具:
$ yum install certbot-nginx

申请证书

  1. 执行以下命令开始申请 Let's Encrypt 证书:
$ certbot --nginx

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
  1. 输入邮箱地址,用于接收证书续签和安全通知:
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): brusw@outlook.com

Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
  1. 接下来 Certbot 会列出 Nginx 配置的域名地址,直接回车设置所有域名:
Which names would you like to activate HTTPS for?

1: brusw.com
2: api.brusw.com

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 

Deploying Certificate to VirtualHost /etc/nginx/conf.d/index.conf
Deploying Certificate to VirtualHost /etc/nginx/conf.d/api.conf
  1. 选择 Redirect,让 Certbot 自动添加重定向到 HTTPS 的 Nginx 配置:
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.

1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.

Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Redirecting all traffic on port 80 to ssl in /etc/nginx/conf.d/index.conf
Redirecting all traffic on port 80 to ssl in /etc/nginx/conf.d/api.conf

Congratulations! You have successfully enabled https://brusw.com, and https://api.brusw.com

撤销证书

  1. 找到证书存放路径,执行撤销命令:
$ certbot revoke --cert-path /etc/letsencrypt/archive/brusw.com/cert1.pem

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org

证书存放路径一般位于 /etc/letsencrypt/archive/你的域名/cert1.pem

  1. 根据提示,输入 Y 删除本地证书文件:
Would you like to delete the cert(s) you just revoked, along with all earlier
and later versions of the cert?
(Y)es (recommended)/(N)o: Y

Deleted all files relating to certificate brusw.com.
  1. 删除 Certbot 生成的 Nginx 配置,如图所示:

Certbot 生成的 Nginx 配置

  1. 重启 Nginx 服务,使网站撤销证书生效:
$ systemctl restart nginx

续订证书

如果 SSL 证书即将到期(或已到期),可以使用 renew 命令执行续订:

$ certbot renew --force-renewal
  • CentOS
相关推荐
  • 使用 TIG 构建自动化监控平台
  • Jenkins 多分支流水线构建标签
  • CentOS 7 安装 Blue Ocean
  • SSH 免密登录 Linux 服务器
  • Docker Stack 部署博客站点
评论
匿名用户
    还没有评论 /(ㄒoㄒ)/~~