4-11 19 views
工作中有些公司内部自己使用的一些平台,没有必要也去花钱买一个SSL证书,针对这种需求,就考虑到了letsencrypt证书,免费并且所有的浏览器都支持
以下是以本站做为实例,申请证书的一个过程,目前我使用的这个版本的certbot-auto是CentOS6和CentOS7上都可以使用的一个版本,有需要的可以直接下载
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
[root@localhost shell]# ./certbot-auto Saving debug log to /var/log/letsencrypt/letsencrypt.log How would you like to authenticate and install certificates? ------------------------------------------------------------------------------- 1: Apache Web Server plugin - Beta (apache) 2: Nginx Web Server plugin - Alpha (nginx) ------------------------------------------------------------------------------- Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1 Plugins selected: Authenticator apache, Installer apache Which names would you like to activate HTTPS for? ------------------------------------------------------------------------------- 1: itnotebooks.com 2: www.itnotebooks.com ------------------------------------------------------------------------------- Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter 'c' to cancel): 1,2 |
按照提示一步一步下去就可以了,最后会自动配置到你现有的HTTPS的主机配置文件中
当然这个证书的有效期3个月,下面的我自己写了一个每2个月自动更新的脚本
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 |
#!/bin/bash ################################################################ # (c) Copyright 2013 Eric. All rights reserved. # # renew SSL certificate # # crontab -e # 0 0 1 */2 * /bin/sh /var/vhost/network_vhost/shell/makecert.sh >> /var/vhost/network_vhost/logs/makecert.log 2>&1 # # # ################################################################ #impot system env source /etc/profile function TimeStramp(){ date +"%Y/%m/%d %H:%M:%S" } srcDir=$(pwd) LOCAL_USER_PROGRAM_DIR=/usr/sbin LOCAL_TEMP_FILE=/tmp/TEMP.txt gitDir=/var/vhost/network_vhost shellDir=${gitDir} echo "Check the permission of certbot-auto" ls -l ${shellDir}/shell/certbot-auto | awk 'NR>0{print $1,$NF}' | while read x y; do permission=${x:1}; [ $permission != "rwxrwxr-x" ]&&chmod a+x $y; done echo "get new certificate of using certbot-auto renew" sh ${shellDir}/shell/certbot-auto renew --force-renew --no-self-upgrade echo "copying /etc/letsencrypt to ${shellDir} for version control" cp -rf /etc/letsencrypt ${shellDir}/ echo "reset the permission into ${shellDir}/letsencrypt" chown root:root -R ${shellDir}/letsencrypt echo "push to upstream" cd ${gitDir} git pull git add ${shellDir}/letsencrypt git commit -m "add new certificate of letsencrypt `date +"%Y%m%d%H%M%S"`" git push cd ${srcDir} echo "restart the web server" ${LOCAL_USER_PROGRAM_DIR}/httpd -t 2>&1 | grep Syntax > ${LOCAL_TEMP_FILE} TIMP=`cat ${LOCAL_TEMP_FILE} | awk '{print $2}' ` if [[ $TIMP == OK ]]; then rm -rf ${LOCAL_TEMP_FILE} systemctl restart httpd echo "successfully" echo "--------------end $(TimeStramp)--------------" else echo "failed" rm -rf ${LOCAL_TEMP_FILE} echo "--------------end $(TimeStramp)--------------" exit 1 fi |
如果有需要也可以在最后一段判断逻辑中是可以加一个邮件通知的功能
如果想赏钱,可以用微信扫描下面的二维码,一来能刺激我写博客的欲望,二来好维护云主机的费用; 另外再次标注博客原地址 itnotebooks.com 感谢!
