为Ubuntu 16.04 添加永久免费https SSL证书(解决python2.7
来源:互联网 发布:淘宝联盟认证怎么弄 编辑:程序博客网 时间:2024/06/05 02:39
SSL证书这么贵,自签名证书这么不受浏览器待见,为什么不用Let’s encrypt免费证书呢?而且这个证书基本上一键生成,下面是方法。
下载let’s encrypt客户端
git clone https://github.com/certbot/certbot
进入下载的目录,执行自动脚本:
./certbot-auto --apache -d abc.com -d www.abc.com
输入email之类的信息,就可以完成了!!!
检测一下看看:https://www.ssllabs.com/ssltest/analyze.html?d=abc.com&latest
是最高等级的评级!
IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/abc.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/abc.com/privkey.pem Your cert will expire on 2018-02-02. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot-auto renew" - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
证书更新
./certbot-auto certonly --apache --renew-by-default -d abc.com -d www.abc.com
转发一个自动更新的脚本:
#!/bin/bash#================================================================# Let's Encrypt renewal script for Apache on Ubuntu/Debian# @author Erika Heidi<erika@do.co># Usage: ./le-renew.sh [base-domain-name]#================================================================domain=$1le_path='/opt/letsencrypt'le_conf='/etc/letsencrypt'exp_limit=30;get_domain_list(){ certdomain=$1 config_file="$le_conf/renewal/$certdomain.conf" if [ ! -f $config_file ] ; then echo "[ERROR] The config file for the certificate $certdomain was not found." exit 1; fi domains=$(grep --only-matching --perl-regex "(?<=domains \= ).*" "${config_file}") last_char=$(echo "${domains}" | awk '{print substr($0,length,1)}') if [ "${last_char}" = "," ]; then domains=$(echo "${domains}" |awk '{print substr($0, 1, length-1)}') fi echo $domains;}if [ -z "$domain" ] ; then echo "[ERROR] you must provide the domain name for the certificate renewal." exit 1;ficert_file="/etc/letsencrypt/live/$domain/fullchain.pem"if [ ! -f $cert_file ]; then echo "[ERROR] certificate file not found for domain $domain." exit 1;fiexp=$(date -d "`openssl x509 -in $cert_file -text -noout|grep "Not After"|cut -c 25-`" +%s)datenow=$(date -d "now" +%s)days_exp=$(echo \( $exp - $datenow \) / 86400 |bc)echo "Checking expiration date for $domain..."if [ "$days_exp" -gt "$exp_limit" ] ; then echo "The certificate is up to date, no need for renewal ($days_exp days left)." exit 0;else echo "The certificate for $domain is about to expire soon. Starting renewal request..." domain_list=$( get_domain_list $domain ) "$le_path"/letsencrypt-auto certonly --apache --renew-by-default --domains "${domain_list}" echo "Restarting Apache..." /usr/sbin/service apache2 reload echo "Renewal process finished for domain $domain" exit 0;fi
两个问题:
- 一键生成SSL证书的脚本是用python 2写的,然后oj需要python3的支持。如何在SSL证书到期自动生成的脚本中加入python2 、3之间的自动转换(即生成证书前把python3转到python2,生成自动转3)
- http强制跳转https有何潜在问题
第一个问题:
certbot脚本基于python2,当系统里有python2 和python3时,会报错:
OSError: Command /root/.local/share/letsencrypt/bin/python2.7 - setuptools pkg_resources pip wheel failed with error code 2Let's Encrypt returned an error status. Aborting.
解决方法1是升级pip,参考前3步:
https://github.com/interbrite/letsencrypt-vesta/issues/46#issuecomment-273014451
解决方法2,3是更新系统语言或者apt按照letsencrypt,更新语言尝试了但是没用。apt安装?~看着太混乱,没试:
https://github.com/certbot/certbot/issues/4062#issuecomment-273236106
解决办法4,重新安装virtualenv环境(有效):
先卸载:
apt-get purge python-virtualenv python3-virtualenv virtualenv
再安装:
pip install virtualenv
注意,安装在python2环境下,运行certbot命令后又会安装virtualenv环境
切换python2/3,点这里。
阅读全文
0 0
- 为Ubuntu 16.04 添加永久免费https SSL证书(解决python2.7
- let's Encrypt永久免费证书SSL配置HTTPS
- Ubuntu 16.04 Apache https设置及SSL免费证书安装
- 十大免费SSL证书:网站免费添加HTTPS加密
- 十大免费SSL证书:网站免费添加HTTPS加密
- https免费申请ssl证书
- 如何免费获取ssl证书,https证书
- (SSL证书)apache添加https
- 八大免费SSL证书-给你的网站免费添加Https安全加密
- Ubuntu 14.04 SSL免费证书
- Python2/3 解决访问Https时不受信任SSL证书问题
- Nginx + https + 免费SSL证书配置指南
- Nginx + https + 免费SSL证书配置指南
- Nginx + https + 免费SSL证书配置指南
- Nginx + https + 免费SSL证书配置指南
- Nginx + https + 免费SSL证书配置指南
- 免费SSL证书给网站搭建HTTPS
- SSL免费证书将为HTTPS升级再次加码,您准备好了吗?
- Thinkphp5 Auth权限认证
- JSP取不到modelandview传过来的值
- 研发工程师必会的Linux命令
- 趣图:新出了一些有趣的动物技术书
- 17 天拿到 70 份面试,这个程序员是如何做的?
- 为Ubuntu 16.04 添加永久免费https SSL证书(解决python2.7
- 【树形dp】二叉苹果树
- 流程图解Spring Framework(六) Spring BeanPostProcessor如何工作的?
- 基础第一篇之输入流inputstream
- opencv(c++)-图像基本操作
- 面向对象:择一城终老,遇一人白首
- c#学习记录
- ArrayList动态扩容机制
- MD5+Salt加密