$ su
1. 安装
Ubuntu
$ apt install certbot
CentOS
$ yum install http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
$ yum install certbot
Fedora
$ dnf install certbot
2. 生成 SSL 证书于 /etc/letsencrypt/live/member.dlinkddns.com/*.pem
$ certbot certonly --webroot -w /var/www/html -d member.dlinkddns.com
3. 设置 OpenLDAP 权限
$ ls -ld /etc/letsencrypt/{archive,live}
$ ps aux | grep slapd
如果有用 OpenLDAP
Ubuntu
$ setfacl -m u:openldap:rx /etc/letsencrypt/{archive,live}
CentOS / Fedora
$ setfacl -m u:ldap:rx /etc/letsencrypt/{archive,live}
$ getfacl /etc/letsencrypt/{archive,live}
4. 手动更新 SSL 证书
$ certbot renew
$ systemctl reload httpd.service
$ systemctl restart slapd.service
5. 自动更新 SSL 证书 - 设置
5.1) 创建 certbot.service
$ gedit /etc/systemd/system/certbot.service
[Unit]
Description=Let's Encrypt certificate renewal
[Service]
Type=oneshot
ExecStart=/usr/bin/certbot renew
# ubuntu 用 /bin/systemctl
ExecStartPost=/usr/bin/systemctl reload httpd.service
ExecStartPost=/usr/bin/systemctl restart slapd.service
5.2) 创建 certbot.timer
$ gedit /etc/systemd/system/certbot.timer
[Unit]
Description=Let's Encrypt weekly certificate renewal
[Timer]
OnCalendar=weekly
Persistent=true
[Install]
WantedBy=timers.target
6. 自动更新 SSL 证书 - 启动 certbot
$ systemctl enable certbot.timer
$ systemctl --type=timer --all
没有评论:
发表评论