主页

索引

模块索引

搜索页面

Let’s Encrypt

安装

Debian 9版:

$ sudo apt-get install certbot python-certbot-nginx

Docker版:

$ docker pull certbot/certbot

Getting Started With Shell Access

基于Nginx生成证书:

a) 生成证书并自动修改nginx配置
   $ sudo certbot --nginx
b) 只生成证书
   $ sudo certbot certonly --nginx
 4. 证书有效期3个月:
   // 刷新证书(未验证)
   $ certbot renew

不基于web server生成证书:

注意: 用这种方法80端口不能被占用
$ certbot certonly --standalone --email admin@zhaoweiguo.com -d webrtc3.zhaoweiguo.com

条件:
1. 执行此命令必须使用 root 用户获得文件夹的权限
2. 域名能访问并且有绑定的公网 IP
3. 必须在此域名绑定的服务器上运行
4. 会使用 80 断端口,如果 nginx 监听 80 端口,把 nginx 先关掉

Docker版本不基于web server:

$ docker run -it -p 80:80 --rm --name certbot \
    -v "/etc/letsencrypt:/etc/letsencrypt" \
    -v "/var/lib/letsencrypt:/var/lib/letsencrypt" \
    certbot/certbot certonly --standalone \
    --email admin@zhaoweiguo.com -d webrtc3.zhaoweiguo.com

成功界面

IMPORTANT NOTES:

- Congratulations! Your certificate and chain have been saved at:
 /etc/letsencrypt/live/www.zhaoweiguo.com/fullchain.pem
 Your key file has been saved at:
 /etc/letsencrypt/live/www.zhaoweiguo.com/privkey.pem
 Your cert will expire on 2020-03-19. To obtain a new or tweaked
 version of this certificate in the future, simply run certbot
 again. To non-interactively renew *all* of your certificates, run
 "certbot renew"
- If you like Certbot, please consider supporting our work by:

 Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 Donating to EFF:                    https://eff.org/donate-le

基于Nginx生成证书过程:

root@myserver:~# certbot certonly --nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - -
1: zhaoweiguo.com
2: knowledge.zhaoweiguo.com
3: www.zhaoweiguo.com
- - - - - - - - - - - - - - - - - - - - - - - -

常见问题

  • Max retries exceeded with url: /directory:

    有一些限制:
https://letsencrypt.org/docs/rate-limits/

参考

主页

索引

模块索引

搜索页面