当前位置:网站首页>Blog host_ Automatic renewal of free certificate
Blog host_ Automatic renewal of free certificate
2020-12-13 12:36:19 【hello886】
original : Blog host _ Automatically apply for renewal of free certificate
Be careless , The previous domain name certificate has expired . Because it is Let’s Encrypt Free certificate , need 3 Manual renewal once a month , In a year 4 Time , It's still a bit of a problem , How nice to have automation .
The following operations are performed on the server (ubuntu16, Tencent cloud )
Download script certbot-auto
1
2
3 |
cd opt/
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto |
perform certbot-auto There may be a mistake :
1 |
An unexpected error occurred: UnicodeEncodeError: 'ascii' codec can't encode |
The script attempts to modify nginx The configuration file , The result file contains Chinese characters . This person is more inclined to self-control , Don't rely on scripts , Script copy is only responsible for generating certificates or renew Certificate is enough , It is better to copy and configure certificates manually . On the one hand, it is more controllable , On the other hand, I know how to deal with mistakes !
Generate secret key
command
1 |
./certbot-auto certonly -d *.example.cn --manual --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory |
- certonly The installation mode
- -d The domain name of the certificate , If it's a wildcard domain name, enter *.example.cn
- –manual Install plug-ins manually
- –preferred-challenges dns Use DNS Method to verify domain name ownership
- –server,Let’s Encrypt ACME v2 Version uses a different server than v1 edition , Need to show the specified
Respond to
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44 |
Requesting to rerun ./certbot-auto with root privileges...
./certbot-auto has insecure permissions!
To learn how to fix them, visit https://community.letsencrypt.org/t/certbot-auto-deployment-best-practices/91979/
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for example.cn
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.
Are you OK with your IP being logged?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name
_acme-challenge.example.cn with the following value:
v8somjB6jyjkZ9-fi_5l705CA_ERu0hRJcGFbLpHNaQ# To configure dns Of txt analysis
Before continuing, verify the record is deployed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
Waiting for verification...
Cleaning up challenges
Subscribe to the EFF mailing list (email: xxxxx(your email)@163.com).
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/example.cn/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/example.cn/privkey.pem
Your cert will expire on 2021-02-20. To obtain a new or tweaked
version of this certificate in the future, simply run certbot-auto
again. To non-interactively renew *all* of your certificates, run
"certbot-auto renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le |
The above command needs attention 2 spot
1, It is best to execute on the machine where the service is deployed
2, The second step needs to be modified dns Record , But the modification may not take effect in real time , You need to wait until it takes effect “ enter ”, Otherwise, it may fail to generate
Tencent cloud's dns Sample configuration
verification dns Parse the order in effect
1
2 |
# The domain name is the resolved secondary domain name
nslookup -q=txt _acme-challenge.example.cn |
Return the following information to show that the configuration is in effect
Generated secret key
1
2
3
4
5
6
7 |
(base) [email protected]:~$ sudo ls -lh /etc/letsencrypt/live/example.cn
Total usage 4.0K
lrwxrwxrwx 1 root root 33 Nov 22 16:25 cert.pem -> ../../archive/example.cn/cert1.pem
lrwxrwxrwx 1 root root 34 Nov 22 16:25 chain.pem -> ../../archive/example.cn/chain1.pem
lrwxrwxrwx 1 root root 38 Nov 22 16:25 fullchain.pem -> ../../archive/example.cn/fullchain1.pem
lrwxrwxrwx 1 root root 36 Nov 22 16:25 privkey.pem -> ../../archive/example.cn/privkey1.pem
-rw-r--r-- 1 root root 692 Nov 22 16:25 README |
To configure nginx
Examples
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16 |
server {
listen 443 ssl;
server_name localhost;
location / {
root html;
index index.html index.htm;
}
ssl on;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
ssl_certificate /etc/letsencrypt/live/example.cn/fullchain.pem;# If you use cert.pem Although the certificate is valid , But the browser still tells you it's not secure
ssl_certificate_key /etc/letsencrypt/live/example.cn/privkey.pem;
} |
Verify after modification nginx:sudo nginx -t
verification ok Restart after nginx:sudo service nginx restart
Log in to your site , Click on the lock icon in the address bar , You can see that the certificate is in effect
Automatic renewal
A free certificate must be 3 Months renewal 1 Time , More trouble , You can add scheduled task scripts for automatic renewal
1
2 |
touch sslrenew.sh
chmod +x sslrenew.sh |
sslrenew.sh Content
1 |
<path to certbot>/certbot-auto renew |
Configure scheduled tasks
1
2
3 |
Edit scheduled tasks :crontab -e
0 0 1 * * /home/john/opt/sslrenew.sh # monthly 1 Japan
View scheduled tasks :crontab -l |
Reference resources
certbot Apply for a wild card domain name certificate :https://www.jianshu.com/p/7b65cc562bc3
[ turn ] Deploy Let’s Encrypt free SSL certificate && Automatic renewal :https://www.cnblogs.com/lzpong/p/6433189.html
Let’sEncrypt free ssl Certificate request and automatic renewal :https://blog.csdn.net/c__chao/article/details/88368048
版权声明
本文为[hello886]所创,转载请带上原文链接,感谢
https://chowdera.com/2020/12/20201213123533682e.html
边栏推荐
- OPTIMIZER_TRACE详解
- 使用Consul实现服务发现:instance-id自定义
- OPTIMIZER_ Trace details
- Using consult to realize service discovery: instance ID customization
- Summary of common string algorithms
- Summary of common algorithms of linked list
- Linked blocking Queue Analysis of blocking queue
- 构建者模式(Builder pattern)
- Builder pattern
- Newbe.ObjectVisitor 样例 1
猜你喜欢
-
Newbe.ObjectVisitor Example 1
-
Farewell to runaway
-
LeetCode Algorithm 0060 - Permutation Sequence (Medium)
-
编程基础 - 栈的应用 - 混洗(Stack Shuffling)
-
LeetCode Algorithm 0060 - Permutation Sequence (Medium)
-
Fundamentals of programming stack shuffling
-
【色卡】常用色谱简析,中国传统颜色卡,代码附RBG,HC
-
[color card] brief analysis of commonly used chromatograms, Chinese traditional color cards, code with RBG, HC
-
MongoDB 副本集之入门篇
-
Introduction to mongodb replica set
随机推荐
- My name is mongodb, don't understand me. After reading my story, you will get started!
- roboguide破解安装教程
- Roboguide cracking installation tutorial
- The transformation of town street intelligent street lamp under the industrial intelligent gateway
- Remote smoke monitoring of environmental protection data acquisition instrument under Internet of things
- JS实现鼠标移入DIV随机变换颜色
- Flutter 页面中的异常处理ErrorWidget
- Exception handling errorwidget in fluent page
- Bolt's practice of route management of flutter (page decoupling, process control, function expansion, etc.)
- C语言系统化精讲 重塑你的编程思想 打造坚实的开发基础
- Skywalking系列博客6-手把手教你编写Skywalking插件
- Skywalking series blog 7 - dynamic configuration
- Skywalking series blog 6 - help you write skywalking plug-in
- 博客主机_自动申请续期免费证书
- 0x05 - 综合示例,导出 CSV
- 0x05 - synthesis example, export to CSV
- 0x02 - create and cache object visitors
- flutter圆形或线型进度条
- flutter给滚动内容添加粘性header组件
- Fluent round or linear progress bar
- Fluent adds sticky header components to scrolling content
- Typora uses latex to insert mathematical formulas
- 配电自动化终端dtu
- How to write a thesis opening report
- 基于C的PHP快速IP解析扩展,IP检测
- Based on C PHP fast IP resolution extension, IP detection
- 点击平滑滚动效果
- Click smooth scrolling effect
- HighGo Database触发器使用案例(APP)
- Use case of highgo database trigger (APP)
- ES6之Map对象
- Flutter 最常出现的错误
- Flutter's most common mistakes
- 捕获 flutter app的崩溃日志并上报
- Capture and report the crash log of the flutter app
- SQL Server递归查询在Highgo DB中实现 (APP)
- Implementation of SQL Server recursive query in highgo dB (APP)
- 关于browserslist配置项
- About browserlist configuration items
- FTK1000使用视频一招搞定多模光损耗