Chinaunix首页 | 论坛 | 博客
  • 博客访问: 1760704
  • 博文数量: 150
  • 博客积分: 660
  • 博客等级: 上士
  • 技术积分: 2480
  • 用 户 组: 普通用户
  • 注册时间: 2005-08-08 11:39
文章分类

全部博文(150)

文章存档

2019年(4)

2018年(36)

2017年(53)

2016年(7)

2015年(3)

2014年(3)

2013年(27)

2012年(2)

2011年(1)

2006年(1)

2005年(13)

分类: 网络与安全

2017-04-11 13:21:36

通过webroot方式获取证书

  • 确定域名 dev2bweb.goluk.cn
  • 创建目录及文件 /usr/share/nginx/html
  • 配置nginx
server {
    server_name        dev2bweb.goluk.cn;
    listen             80;
    keepalive_timeout  300;
    access_log         logs/dev2bweb.goluk.cn.log  main;

    root /a6/web/web-app-chat;
    index index.html index.htm;

    # Article
    location /article {
        alias /a6/web/web-app-article;
    }
    ## letsencrypt renew
    location /.well-known {
        alias /usr/share/nginx/html/.well-known ;
    }
}
  • 运行获取证书命令./certbot-auto certonly --webroot -w /usr/share/nginx/html/ -d dev2bweb.goluk.cn
  • 获取成功
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for dev2bweb.goluk.cn
Using the webroot path /usr/share/nginx/html for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0018_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0018_csr-certbot.pem

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/dev2bweb.goluk.cn/fullchain.pem. Your cert
   will expire on 2017-07-10. To obtain a new or tweaked version of
   this certificate in the future, simply run certbot-auto again. To
   non-interactively renew *all* of your certificates, run
   "certbot-auto renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   
   Donating to EFF:                    

自动renew证书

  • 测试更新证书

certbot-auto renew --dry-run

  • 更新命令

certbot-auto renew

备注说明

  • centos6下的命令为 certbot-auto
  • centos7下的命令为 certbot
阅读(2864) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~