1. 安装
Nginx 版
http://jasonmun.blogspot.my/2017/01/lets-encrypt-nginx-https.html
$ cd ~/Downloads
$ su
Ubuntu - $ apt install git
Fedora - $ dnf install git
CentOS - $ yum install git
OpenSUSE - $ zypper install git
$ git clone https://github.com/letsencrypt/letsencrypt
$ cd letsencrypt
$ ./letsencrypt-auto
会出现像 DOS 的配置界面
2. 在 Apache 手动设置 SSL (以上脚本会自动帮你改)
Ubuntu
$ gedit /etc/apache2/sites-enabled/default-ssl.conf
Fedora / CentOS
$ gedit /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/letsencrypt/live/member.dlinkddns.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/member.dlinkddns.com/privkey.pem
$ gedit /var/www/html/.htaccess
RewriteEngine On
# Redirect all HTTP traffic to HTTPS.
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
3. 手动更新证书 (根据 Let's Encrypt 要求, 需要 3个月更新一次)
$ su username
$ cd ~/Downloads/letsencrypt
$ su
$ ./letsencrypt-auto certonly --renew-by-default --email member@gmail.com -d member.dlinkddns.com -d www.member.dlinkddns.com
4. 自动更新证书 (每一个月一号)
# 下载
$ cd /root
$ wget https://raw.githubusercontent.com/xdtianyu/scripts/master/lets-encrypt/letsencrypt.conf
$ wget https://raw.githubusercontent.com/xdtianyu/scripts/master/lets-encrypt/letsencrypt.sh
$ chmod +x letsencrypt.sh
# 设置
$ gedit /root/letsencrypt.conf
DOMAIN_KEY="member.dlinkddns.com.key"
DOMAIN_DIR="/var/www/html"
DOMAINS="DNS:member.dlinkddns.com,DNS:www.member.dlinkddns.com"
# 运行
$ /root/letsencrypt.sh /root/letsencrypt.conf
# 设置新的 SSL 证书
Ubuntu
$ gedit /etc/apache2/sites-enabled/default-ssl.conf
Fedora / CentOS
$ gedit /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /root/member.crt
SSLCertificateKeyFile /root/member.dlinkddns.com.key
# 定期运行
$ apt install cron
$ echo "0 0 1 * * /root/letsencrypt.sh /root/letsencrypt.conf" >> /var/log/lets-encrypt.log 2>&1
没有评论:
发表评论