如何在Ubuntu 18.04上安装Let‘s Encrypt SSL证书
2024-05-12 20:18:42
Certbot是一个用户友好的自动客户端,它为你的web服务器获取和部署SSL/TLS证书,它是一个用来从let's Encrypt获取证书,并且在你的服务器上自动启用HTTPS的工具,总之,它充当官方"let's Encrypt客户端"或"let's Encrypt python client.",它利用自动证书管理环境(ACME )自动部署由大多数浏览器信任的免费证书,因此,它适用于支持ACME协议的CA 。
在本文中,我将解释如何在ubuntu 18 04服务器上使用Certbot为Apache和Nginx获取和安装免费的Let's encrypt SSL证书。
预先要求
- 有root权限的Ubuntu Bionic (18.04 )服务器,可根据需求安装所需软件包,
- 注册域名,并且有适当的DNS记录,在本文中,我将使用fosscloudy.com ,
安装certbot
最初,要获取Letsencrypt SSL证书,我们需要安装Certbot软件,尽管最近在Ubuntu上提供了Certbot,但是,这些软件包往往已经过时了。你可以使用以下命令安装Certbot :
#add-apt-repository ppa:certbot/certbot
#apt update
#apt install certbot使用以下命令确认已安装的Certbot版本:
# certbot --version
certbot 0.23.0另外,我们可以使用命令"certbot plugins"来了解服务器上安装的可用Certbot插件。
# certbot plugins
Saving debug log to /var/log/letsencrypt/letsencrypt.log
* standalone
Description: Spin up a temporary webserver
Interfaces: IAuthenticator, IPlugin
Entry point: standalone = certbot.plugins.standalone:Authenticator
* webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
-------------------------------------------------------------------------------默认情况下,软件包中只包含独立和webroot插件,按照我们的目的,我们可以一个一个地启用所有需要的插件。
在Apache上设置let's Encrypt SSL证书
Certbot提供了一个Apache插件,使用该工具可以更轻松地颁发SSL证书,运行下面这个命令来安装这个插件:
#apt install python-certbot-apache假设我们的域名有适当的虚拟主机,我们可以运行这个命令来为我们的域fosscloudy.com.安装SSL。
# certbot --apache -d fosscloudy.com -d www.fosscloudy.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for fosscloudy.com
http-01 challenge for www.fosscloudy.com
Enabled Apache rewrite module
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/apache2/sites-available/fosscloudy.com-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/fosscloudy.com-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/fosscloudy.com-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/fosscloudy.com-le-ssl.conf
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Enabled Apache rewrite module
Redirecting vhost in /etc/apache2/sites-enabled/fosscloudy.com.conf to ssl vhost in /etc/apache2/sites-available/fosscloudy.com-le-ssl.conf
-------------------------------------------------------------------------------
Congratulations! You have successfully enabled https://fosscloudy.com and
https://www.fosscloudy.com
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=fosscloudy.com
https://www.ssllabs.com/ssltest/analyze.html?d=www.fosscloudy.com
-------------------------------------------------------------------------------
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/fosscloudy.com-0002/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/fosscloudy.com-0002/privkey.pem
Your cert will expire on 2018-09-03. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the"certonly" option. To non-interactively renew *all* of
your certificates, run"certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le上述交互式过程将指导你为域名签署/安装证书。在虚拟主机中使用此命令执行自动下载,安装和配置你的域名。现在可以使用HTTPS访问域名,并确认它是否工作,验证SSL检查器中的SSL状态。
如果配置了多个虚拟主机/域,则可以使用以下命令为它们安装SSL证书。
#certbot --apache此外,如果不希望Certbot使用新的SSL证书自动安装/配置域虚拟主机,可以使用以下命令来生成SSL证书,你可以稍后手动配置它。
#certbot --apache certonly在Nginx上设置let's Encrypt SSL证书
对于运行nginx的服务器,我们可以使用Certbot nginx plugin自动获取,并且安装SSL证书,你可以通过下面的命令来安装这个插件:
#apt install python-certbot-nginx假设我们的域名有虚拟主机,运行这个命令来为fosscloudy.com.安装SSL,
# certbot --nginx -d fosscloudy.com -d www.fosscloudy.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): [email protected]-------------------------------------------------------------------------------
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v01.api.letsencrypt.org/directory
-------------------------------------------------------------------------------
(A)gree/(C)ancel: A
-------------------------------------------------------------------------------
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about EFF and
our work to encrypt the web, protect its users and defend digital rights.
-------------------------------------------------------------------------------
(Y)es/(N)o: N
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for fosscloudy.com
http-01 challenge for www.fosscloudy.com
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/fosscloudy.com.conf
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/fosscloudy.com.conf
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/fosscloudy.com.conf
Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/fosscloudy.com.conf
-------------------------------------------------------------------------------
Congratulations! You have successfully enabled https://fosscloudy.com and
https://www.fosscloudy.com
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=fosscloudy.com
https://www.ssllabs.com/ssltest/analyze.html?d=www.fosscloudy.com
-------------------------------------------------------------------------------
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/fosscloudy.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/fosscloudy.com/privkey.pem
Your cert will expire on 2018-09-03. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the"certonly" option. To non-interactively renew *all* of
your certificates, run"certbot renew"
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le你可以用你的域fosscloudy.com替换我的域,并运行相同的命令来生成你的SSL证书。
如果你配置了多个虚拟主机/域名,那么你可以使用下面的命令为所有的虚拟主机安装SSL证书。
#certbot --nginxCertbot将要求你选择新证书中包含的域。
#certbot --nginx certonly如何在Ubuntu 18.04上安装Let‘s Encrypt SSL证书相关推荐
- skype linux 安装,如何在Ubuntu 18.04上安装Skype
Skype是世界上最流行的通信应用程序之一,它使您可以拨打免费的在线音频和视频电话,以及可负担得起的拨打全球移动电话和固定电话的国际电话. Skype不是开源应用程序,也不包含在Ubuntu存储库中. ...
- webmin安装_如何在Ubuntu 18.04上安装Webmin
webmin安装 Are you averse to running commands on a terminal and instead prefer managing your Linux sys ...
- 如何在Ubuntu 18.04上安装/卸载NodeJS
NodeJS is a JavaScript framework that allows you to build fast network applications with ease. In th ...
- 如何在Ubuntu 18.04上安装Elasticsearch Logstash Kibana(Elastic Stack)
In this guide, you will learn to install Elastic stack on Ubuntu 18.04. Elastic stack, formerly know ...
- 如何在Ubuntu 18.04上安装OpenCV
本教程介绍了如何在Ubuntu 18.04上安装OpenCV. OpenCV(开源计算机视觉库)是一个开源计算机视觉库,具有C ++,Python和Java的绑定.它的用途非常广泛,包括医学图像分析, ...
- php7安装flarum,如何在Ubuntu 18.04上安装Flarum社区软件
如何在Ubuntu 18.04上安装Flarum社区软件 Flarum是一款用PHP和Mithril.js编写的免费开源软件. 它是一款简单,快速,美观且反应灵敏的软件,专门设计用于跨平台的一致性和直 ...
- 如何在Ubuntu 18.04上安装ERPNext堆栈
The author selected Software in the Public Interest to receive a donation as part of the Write for D ...
- mac如何启用cpu虚拟化_如何在 Ubuntu 18.04 上安装 KVM
本文最先发布在: 如何在 Ubuntu 18.04 上安装 KVMwww.itcoder.tech KVM(基于内核的虚拟机)是一个内置于Linux内核的开源虚拟化技术.它允许你基于 Linux 或 ...
- ubuntu memcached php,如何在 Ubuntu 18.04 上安装 Memcached
Memcached 是一个免费的开源高性能内存中键值数据存储. 它最常用于通过从数据库调用的结果缓存各种对象来加速应用程序. 在本教程中,我们将介绍在 Ubuntu 18.04 上安装和配置最新版 M ...
最新文章
- Kubernetes之路 2 - 利用LXCFS提升容器资源可见性
- 编码练习——Java-1-基础
- DE标识DellUtility磁盘手动创建
- vs cmake opencv 远程 ubuntu 开发时:vs代码出现紫色波浪线且报错怎么办?
- 【0718作业】收集和整理面向对象的六大设计原则
- IOS开发学习记录第4天之C语言学习
- linux生成固定大小的文件夹的实现
- UFT开发代码实例:将Excel中的数据保存为数组
- 实施云计算之后如何保证安全
- GsonForamt插件的使用
- jQuery load和unload函数使用
- 混编Swift类和Objc类
- URLDecoder.decode 过时
- win10 动态磁盘 linux,windows10系统下基本磁盘变成动态磁盘了如何解决
- 体育专业国培计算机感言,计算机国培心得体会.doc
- ElasticSearch问题求解:master not discovered yet: have discovered
- 弄清楚DL,D-H,CDH problem,CDH assumption,DDH,BDDH,BCDH
- html为知笔记模板,为知笔记,模板制作.doc
- django安装mysqlclient报错mand errored out with exit status 1: python setup.py egg_info Check the logs f
- TYVJ-P1035 棋盘覆盖