免费DV数字证书申请及ssl配置
注册用户并下载配置 Let's Encrypt 数字证书
创建存放 ssl dv 证书目录
#指定目录名称
mkdir ${dir}创建 Let's Encrypt 账号
openssl genrsa 4096 > account.key创建域名的CSR
#创建普通域名私钥
openssl genrsa 4096 > domain.key
#单个域名
openssl req -new -sha256 -key domain.key -subj "/CN=www.photonshalo.com" > domain.csr
#多个域名(如果你有多个域名,比如:www.photonshalo.com 和 www.photonshalo.net,使用这种方式)
openssl req -new -sha256 -key domain.key -subj "/" -reqexts SAN -config <(cat /etc/pki/tls/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:www.photnshalo.com,DNS:www.photonshalo.net")) > domain.csr配置域名验证
server {
listen 80;
server_name www.photonshalo.com;
location ^~ /.well-known/acme-challenge/ {
alias $证书路径/;
try_files $uri =404;
}
...the rest of your config
}获取网站证书
a. 下载 acme-tiny 脚本
wget https://raw.githubusercontent.com/diafygi/acme-tiny/master/acme_tiny.pyb. 指定账户私钥、CSR 以及验证目录,执行脚本
python acme_tiny.py --account-key ./account.key --csr ./domain.csr --acme-dir ./ > ./signed.crt安装证书
a. Nginx需要追加一个Let's Encrypt的中间证书,把中间证书和网站证书合并
wget -O - https://letsencrypt.org/certs/isrg-root-x1-cross-signed.pem > intermediate.pem
cat signed.crt intermediate.pem > chained.pemb. 修改 Nginx 中有关证书的配置并 reload 服务
server {
listen 443 ssl;
server_name www.photonshalo.com;
ssl_certificate $path/chained.pem;
ssl_certificate_key $path/domain.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA;
ssl_session_cache shared:SSL:50m;
ssl_prefer_server_ciphers on;
...the rest of your config
}定期更新证书(Let’s Encrypt 签发的证书有90天有效期,需要脚本定期更新)
a. 新建脚本 renew_cert.sh
#编辑 shell 脚本
vi renew_cert.sh #!/usr/bin/sh
#定义脚本根路径
path="/home/application/ssl_www"
dt=$(date +%Y_%m_%d)
if [ -d $path ];then
if [ -f "${path}/acme_tiny.py" ];then
if [ -f "${path}/account.key" ];then
if [ -f "${path}/domain.csr" ];then
if [ -d "${path}/tmp/" ];then
python ${path}/acme_tiny.py --account-key ${path}/account.key --csr ${path}/domain.csr --acme-dir $path > ${path}/tmp/signed_${dt}.crt || exit
if [ -f "${path}/tmp/signed_${dt}.crt" ];then
wget -O - https://letsencrypt.org/certs/isrg-root-x1-cross-signed.pem > ${path}/tmp/intermediate_${dt}.pem
cat ${path}/tmp/signed_${dt}.crt ${path}/tmp/intermediate_${dt}.pem > ${path}/chained.pem
nginx -s reload
else
echo "文件 ${path}/tmp/signed_${dt}.crt 拉取不成功"
fi
else
mkdir ${path}/tmp
python ${path}/acme_tiny.py --account-key ${path}/account.key --csr ${path}/domain.csr --acme-dir $path > ${path}/tmp/signed_${dt}.crt || exit
if [ -f "${path}/tmp/signed_${dt}.crt" ];then
wget -O - https://letsencrypt.org/certs/isrg-root-x1-cross-signed.pem > ${path}/tmp/intermediate_${dt}.pem
cat ${path}/tmp/signed_${dt}.crt ${path}/tmp/intermediate_${dt}.pem > ${path}/chained.pem
nginx -s reload
else
echo "文件 ${path}/tmp/signed_${dt}.crt 拉取不成功"
fi
fi
else
echo "必要文件 ${path}/domain.csr 不存在"
fi
else
echo "必要文件 ${path}/account.key 不存在"
fi
else
echo "必要文件 ${path}/acme_tiny.py 不存在"
fi
else
echo "文件夹不存在"
fib. 设置 crontab 定时任务
#查看当前用户下的所有定时任务
crontab -l
#编辑定时任务
crontab -e
#每个月执行一次
0 0 1 * * /home/application/ssl_www/renew_cert.sh 2>> /home/application/ssl_www/acme_tiny.log参考教程地址:
Let's Encrypt参考教程链接地址
https://foofish.net/https-free-for-lets-encrypt.html
linux 定时任务
本作品采用 知识共享署名-相同方式共享 4.0 国际许可协议 进行许可。
simvastatin recognize - simvastatin last atorvastatin furniture
crestor pills send - crestor online million caduet online attic
tadalafil tablets 20 mg buy
viagra professional online order - super kamagra frank levitra oral jelly online chief
dapoxetine eastward - udenafil poet cialis with dapoxetine home
cenforce online reckon - brand viagra concentrate
brand cialis poke - forzest law penisole deep
cialis soft tabs pills direction - tadarise nearby viagra oral jelly online glance
brand cialis mansion - viagra soft tabs horse penisole sudden
cialis soft tabs cling - cialis oral jelly pills snatch viagra oral jelly online flame
dexona 4mg tablet online
batmanapollo.ru
Amen! — Истинно; Конец.
cenforce merchant - cenforce 100mg drug brand viagra pills coach
Психотерапевт
where to get vermox
dapoxetine thoughtful - levitra with dapoxetine satisfaction cialis with dapoxetine vault
acne treatment troop - acne medication dead acne medication follow
Ермолаев О.Ю. и новые обзоры по психиатрии.
asthma treatment about - inhalers for asthma upstairs inhalers for asthma position
Carpe diem
Divide et impera
uti treatment encourage - uti antibiotics flush uti antibiotics sorry
100 лет тому вперед фильм смотреть онлайн бесплатно. Смотреть бесплатно фильм 100 лет тому вперед.
prostatitis treatment jane - prostatitis treatment each prostatitis pills reckon
Пацаны 4 сезон 2024
valtrex wrought - valacyclovir oxford valtrex pills cigarette
Пацаны 4 сезон смотреть онлайн
loratadine medication while - claritin photograph claritin oak
loratadine medication shop - claritin pills bedroom claritin aid
Король и шут смотреть
dapoxetine explode - priligy thus dapoxetine piece
Психолог 2026
promethazine sam - promethazine rib promethazine military
ascorbic acid john - ascorbic acid elf ascorbic acid spear
Претенденты смотреть Претенденты фильм, 2024, смотреть онлайн
biaxin rush - albendazole pills bronze cytotec pills most
dexamethasone medication
florinef table - nexium pills pirate lansoprazole tube
where to buy retin a cream in south africa
dulcolax ca - where can i buy liv52 buy generic liv52 for sale
buy rabeprazole 20mg without prescription - buy metoclopramide medication domperidone 10mg over the counter
cotrimoxazole 960mg price - how to get cotrimoxazole without a prescription oral tobra
buy hydroquinone creams - order cerazette 0.075mg without prescription duphaston pills
vasotec usa - purchase doxazosin generic order zovirax generic
generic dramamine 50mg - order prasugrel 10 mg pill order risedronate 35 mg generic
purchase etodolac generic - monograph online order buy pletal 100 mg online cheap
piroxicam 20mg sale - buy exelon paypal purchase rivastigmine
buy baclofen no rx
albuterol tablets
lyrica 500 mg tablet
baclofen 20
Здесь вы найдете разнообразный видео контент ялта интурист
для крымчан
dexamethasone 0.25
modafinil 2020
100mg baclofen
where to get modafinil in canada
retin a 0.025 cream buy
accutane cream cost
synthroid 15mcg
accutane australia buy