Debian jessie 安装 Let’s Encrypt 证书启用 https
来源:互联网 发布:自己谐音网络语怎么说 编辑:程序博客网 时间:2024/05/18 01:48
安装certbot 并获取证书
#apt-get install certbot -t jessie-backports
#certbot certonly --webroot -w /home/www/your_domain_name -d your_domain_name.com -d www.your_domain_name.com运行结果:
# certbot certonly --webroot -w /home/www/your_domain_name -d your_domain_name.com -d www.your_domain_name.com
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/your_domain_name.com/fullchain.pem. Your cert will
expire on 2016-12-26. To obtain a new or tweaked version of this
certificate in the future, simply run certbot again. To
non-interactively renew *all* of your certificates, run "certbot
renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
测试自动更新并设置自动更新
certbot renew --dry-run
运行命令:
# certbot renew --dry-run
输出:
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/your_domain_name.com.conf
-------------------------------------------------------------------------------
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)
Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/your_domain_name.com/fullchain.pem (success)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)
IMPORTANT NOTES:
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
设置定时任务,每天运行两次:
Note:
if you're setting up a cron or systemd job, we recommend running it twice per day (it won't do anything until your certificates are due for renewal or revoked, but running it regularly would give your site a chance of staying online in case a Let's Encrypt-initiated revocation happened for some reason). Please select a random minute within the hour for your renewal tasks.
编辑 /etc/crontab ,增加如下的行,每天运行两次:
10 2 * * * root certbot renew --quiet
15 2 * * * root service nginx restart
10 3 * * * root certbot renew --quiet
15 3 * * * root service nginx restart
参考:
https://certbot.eff.org/#debianjessie-nginx
https://letsencrypt.org/
配置nginx
修改nginx对应配置文件,并重启nginx:
参考:http://nginx.org/en/docs/http/configuring_https_servers.html
#设置非安全连接永久跳转到安全连接
server{
listen 80;
server_name your_domain_name.com www.your_domain_name.com;
#告诉浏览器有效期内只准用 https 访问
add_header Strict-Transport-Security max-age=15768000;
#永久重定向到 https 站点
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name your_domain_name.com www.your_domain_name.com;
root /usr/share/nginx/html/wordpress;
#证书路径
ssl_certificate /etc/letsencrypt/live/your_domain_name.com/fullchain.pem;
#私钥路径
ssl_certificate_key /etc/letsencrypt/live/your_domain_name.com/privkey.pem;
#安全链接可选的加密协议
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#可选的加密算法,顺序很重要,越靠前的优先级越高.
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-RC4-SHA:!ECDHE-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:HIGH:!RC4-SHA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!CBC:!EDH:!kEDH:!PSK:!SRP:!kECDH;
#在 SSLv3 或 TLSv1 握手过程一般使用客户端的首选算法,如果启用下面的配置,则会使用服务器端的首选算法.
ssl_prefer_server_ciphers on;
}
0 0
- Debian jessie 安装 Let’s Encrypt 证书启用 https
- SSL安全证书Let's Encrypt安装使用教程(启用https)
- 借助 Let’s Encrypt 免费 https 证书搭建 HTTPS 网站
- Let's Encrypt,免费好用的 HTTPS 证书
- 申请免费的https证书-Let's Encrypt
- 使用Go和Let's Encrypt证书部署HTTPS
- CentOS7&Nginx环境Let`s Encrypt (HTTPS)证书获取
- Let's Encrypt,免费好用的 HTTPS 证书
- let's Encrypt永久免费证书SSL配置HTTPS
- Let’s Encrypt免费证书加速互联网过渡https
- Let's Encrypt申请免费https证书并配置nginx
- Let's Encrypt证书使用
- nginx配置https/证书更新/ Let's encrypt免费证书(https)以及错误解决!
- 免费SSL证书Let's Encrypt(certbot)安装使用教程
- CentOS 7 Nginx Let’ s Encrypt SSL 证书安装配置
- CentOS Nginx 安装Let’s Encrypt 免费ssl证书
- 网站升级HTTPS,免费SSL证书Let’s Encrypt安装使用教程:Apache和Nginx配置方法
- 免费HTTPS证书不是梦!在Ubuntu(Linux)的VPS上使用Let's Encrypt为一堆域名申请并安装HTTPS证书
- X86汇编指令学习笔记
- 运行jar应用程序引用其他jar包的四种方法(java命令)
- cobbler使用
- Nginx深入详解之upstream分配方式
- springMVC <spring:message>国际化
- Debian jessie 安装 Let’s Encrypt 证书启用 https
- 使用T-SQL创建数据库和表
- Spring MVC入门 (环境搭建)
- HDOJ 4512 吉哥系列故事——完美队形I(LCIS)
- 杂七杂八_指针_160927
- mysql允许远程访问配置(windows配置向导)
- SPS和PPS
- mysql常用命令
- 10、ListView优化技巧