使用Certbot来配置网站的HTTPS
官网地址:https://certbot.eff.org/
本文主要是介绍配置Nignx的证书,做了一些关键步骤的记录,其实官网已经非常详细,所以大家最好参考官网。
1、安装相关工具
[root@online nginx]# yum -y install yum-utils
2、安装certbot
[root@online nginx]# yum install certbot python2-certbot-nginx
3、如果第二步安装成功,就跳过下面,下面主要是介绍Python报的一些问题,需要用下面两条命令解决
[root@online nginx]# pip install requests urllib3 pyOpenSSL --force --upgrade [root@online nginx]# pip install --upgrade --force-reinstall 'requests==2.6.0'
4、生成证书过程
[root@online nginx]# certbot --nginx --nginx-server-root=/usr/local/nginx/conf/ Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator nginx, Installer nginx Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): xxxxx@qq.com #填写自己邮箱地址 Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v02.api.letsencrypt.org/directory - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (A)gree/(C)ancel: A #同意 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y #Yes Starting new HTTPS connection (1): supporters.eff.org Which names would you like to activate HTTPS for? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: www.xxxx.com 2: www.yyyy.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter 'c' to cancel): 1 #选项对应域名的编号 Obtaining a new certificate Performing the following challenges: http-01 challenge for dev.online.qsyuwen.cn Waiting for verification... Cleaning up challenges Resetting dropped connection: acme-v02.api.letsencrypt.org Deploying Certificate to VirtualHost /usr/local/nginx/conf/vhost/dev.online.api.conf Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1 #是否跳转 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations! You have successfully enabled https://dev.online.qsyuwen.cn You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=dev.online.qsyuwen.cn - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/dev.online.qsyuwen.cn/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/dev.online.qsyuwen.cn/privkey.pem Your cert will expire on 2019-08-19. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew" - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
热门标签
每日一句
-
最优秀的模式往往是最简单的东西。
——马云
今日排行
- Flutter:图标组件Icon
图标组件是展示图标的组件,但是再Flutter中,Icon组件是只是起一个展示效果,不能进行交互,如果要实现交互,就需要使用图标按钮IconButton组件。 - OpenCV-Python图像形态学操作之开运算、闭运算、梯度运算、顶帽运算和黑帽运算
OpenCV-Python图像形态学操作之开运算、闭运算、梯度运算、顶帽运算和黑帽运算,主要介绍函数cv2.morphologyEx的使用.morphologyEx(src,op,kernel,dst = None,anchor = None,iterations = None,borderType = None,borderValue = None) - yarn、npm配置阿里云国内镜像(新镜像)
nodejs中使用npm和yarn,使用最新阿里云镜像 aliyun mirror,网上很多还是文章用的是下面这个地址~~yarn config set registry https://registry.npm.taobao.org~~ - 《康熙王朝》经典对白
《康熙王朝》是一部非常优秀的电视连续剧,陈道明演的康熙是我觉得最有帝王气魄,让人意犹未尽,本文主要记录一小段非常经典的对白。 - 音乐推荐《是妈妈是女儿》
《是妈妈是女儿》聚焦母女间未曾言明的爱意,以书信对话的形式呈现出各自的内心独白,表达彼此的牵挂。黄绮珊与希林娜依·高用跨越时空、打开心扉、深情对唱的形式,将天下母女爱的寄语化作心灵的倾诉。黄绮珊的每一句话,每一个字都演绎出了妈妈对女儿的爱,而希林依娜·高把女儿对妈妈的爱由不理解到理解再到感恩演绎得淋漓尽致。
点击排行
- VSCode插件 - 快速生成表格并格式化
快速生成表格 - Electron页面跳转、浏览器打开链接和打开新窗口
Electron页面跳转、浏览器打开链接和打开新窗口 - Electron打包错误“Error: Application entry file ..”解决方案
打包出现如下错误:Error: Application entry file "dist\electron\main.js" in the "D:\gui\demo2\build\win-unpacked\resources\app.asar" does not exist. Seems like a wrong configuration.
- Docker编译出现:temporary error (try again later)
Docker编译镜像出现:fetch http://dl-cdn.alpinelinux.org/alpine/v3.12/main/x86_64/APKINDEX.tar.gz
ERROR: http://dl-cdn.alpinelinux.org/alpine/v3.12/main: temporary error (try again later)
WARNING: Ignoring APKINDEX.2c4ac24e.tar.gz: No such file or directory问题 - Git保存和清除用户名、密码
在使用Git的过程中,不想每次都输入用户名和密码去拉取代码,所以就需要保存这些信息,那么既然有保存了,就必须有清除功能。 - mac git用户名和密码修改
在Mac电脑中,如何对Git的用户名和密码进行修改呢?起初不懂Mac,所以整了很久,本文将记录如何对这个进行操作,以便后期使用。