{"id":143,"date":"2017-03-30T17:43:09","date_gmt":"2017-03-30T09:43:09","guid":{"rendered":"https:\/\/blog.espnlol.com\/?p=143"},"modified":"2018-05-08T16:44:26","modified_gmt":"2018-05-08T08:44:26","slug":"%e7%a5%9e%e7%ba%a7%e9%80%9a%e7%94%a8%e5%85%8d%e8%b4%b9ssl%e8%af%81%e4%b9%a6%e4%b9%8blets-encrypt","status":"publish","type":"post","link":"https:\/\/blog.espnlol.com\/?p=143","title":{"rendered":"\u795e\u7ea7\u901a\u7528\u514d\u8d39ssl\u8bc1\u4e66\u4e4bLet’s Encrypt"},"content":{"rendered":"

\u5b98\u65b9\u7f51\u7ad9:https:\/\/letsencrypt.org\/<\/p>\n

github\u5730\u5740:https:\/\/github.com\/letsencrypt<\/p>\n

\u7b80\u4ecb:Let’s Encrypt\u662f\u56fd\u5916\u4e00\u4e2a\u516c\u5171\u7684\u514d\u8d39SSL\u9879\u76ee\uff0c\u7531 Linux \u57fa\u91d1\u4f1a\u6258\u7ba1\uff0c\u5b83\u7684\u6765\u5934\u4e0d\u5c0f\uff0c\u7531Mozilla\u3001\u601d\u79d1\u3001Akamai\u3001IdenTrust\u548cEFF\u7b49\u7ec4\u7ec7\u53d1\u8d77\uff0c\u76ee\u7684\u5c31\u662f\u5411\u7f51\u7ad9\u81ea\u52a8\u7b7e\u53d1\u548c\u7ba1\u7406\u514d\u8d39\u8bc1\u4e66\uff0c\u4ee5\u4fbf\u52a0\u901f\u4e92\u8054\u7f51\u7531HTTP\u8fc7\u6e21\u5230HTTPS\u3002<\/p>\n

\u73af\u5883\u9700\u6c42\uff1a\u9700\u8981\u652f\u6301git\u4ee5\u53capython 2.6.6\u4ee5\u4e0a\u7684\u7248\u672c\uff0cdns\u8bf7\u914d\u7f6e\u6210google\u76848.8.8.8\u4ee5\u514d\u4e0d\u5fc5\u8981\u7684\u9519\u8bef\u4ea7\u751f<\/p>\n

\u6211\u4f7f\u7528\u7684\u7cfb\u7edf\u662fcentos 6.7\uff0c\u6240\u4ee5\u672c\u7bc7\u6587\u7ae0\u4ee5centos6.7\u4e3a\u4f8b\u5b50<\/p>\n

#\u5b89\u88c5git\u5de5\u5177<\/p>\n

yum -y install git-core<\/pre>\n
#\u5b89\u88c5letsencrypt\u53ca\u83b7\u53d6ssl<\/p>\n
git clone https:\/\/github.com\/letsencrypt\/letsencrypt \r\ncd letsencrypt \r\n.\/letsencrypt-auto certonly --standalone --email $email -d espnlol.com -d www.espnlol.com<\/pre>\n
#\u5982\u679c\u672a\u5b89\u88c5python\u4f1a\u81ea\u52a8\u5b89\u88c5python\u53ca\u5404\u4e2a\u6269\u5c55\uff0c\u5b89\u88c5\u5b8c\u6bd5\u4e4b\u540e\u5f00\u59cb\u751f\u6210\u8bc1\u4e66<\/p>\n
Creating virtual environment...\r\nInstalling Python packages...\r\nInstallation succeeded.\r\nSaving debug log to \/var\/log\/letsencrypt\/letsencrypt.log\r\n\r\n-------------------------------------------------------------------------------\r\nPlease read the Terms of Service at\r\nhttps:\/\/letsencrypt.org\/documents\/LE-SA-v1.1.1-August-1-2016.pdf. You must agree\r\nin order to register with the ACME server at\r\nhttps:\/\/acme-v01.api.letsencrypt.org\/directory\r\n-------------------------------------------------------------------------------\r\n(A)gree\/(C)ancel: A\r\n\r\n-------------------------------------------------------------------------------\r\nWould you be willing to share your email address with the Electronic Frontier\r\nFoundation, a founding partner of the Let's Encrypt project and the non-profit\r\norganization that develops Certbot? We'd like to send you email about EFF and\r\nour work to encrypt the web, protect its users and defend digital rights.\r\n-------------------------------------------------------------------------------\r\n(Y)es\/(N)o: Y\r\nObtaining a new certificate\r\nPerforming the following challenges:\r\ntls-sni-01 challenge for espnlol.com\r\ntls-sni-01 challenge for www.espnlol.com<\/pre>\n
#\u8bc1\u4e66\u4f1a\u751f\u6210\u5728\/etc\/letsencrypt\/archive\/espnlol.com\u4e0b<\/p>\n
#\u914d\u7f6enginx\u5e76\u91cd\u542f\uff0c\u518d\u6253\u5f00\u7f51\u9875\u5c31\u4f1a\u53d1\u73b0\u8ba4\u8bc1\u6210\u529f\u4e86<\/p>\n
ssl_certificate ssl\/fullchain.pem;\r\nssl_certificate_key ssl\/privkey.pem;<\/pre>\n
#\u89e3\u51b3\u751f\u6210\u8bc1\u4e66\u8fc7\u671f\u95ee\u9898\uff0c\u7531\u4e8e\u8bc1\u4e6690\u5929\u8fc7\u671f\u9700\u8981\u7eed\u671f\uff0c\u8fd9\u662f\u5c31\u9700\u8981\u624b\u52a8\u7eed\u671f\u4e86<\/p>\n
.\/letsencrypt-auto certonly --renew-by-default --standalone --email $email -d espnlol.com -d www.espnlol.com<\/pre>\n
##############\u901a\u914d\u7b26\u8bc1\u4e66\u7533\u8bf7##########################<\/h3>\n
.\/certbot-auto --server https:\/\/acme-v02.api.letsencrypt.org\/directory -d \"*.espnlol.com\" --manual --preferred-challenges dns-01 certonly\r\nSaving debug log to \/var\/log\/letsencrypt\/letsencrypt.log\r\nPlugins selected: Authenticator manual, Installer None\r\nObtaining a new certificate\r\nPerforming the following challenges:\r\ndns-01 challenge for espnlol.com\r\n\r\n-------------------------------------------------------------------------------\r\nNOTE: The IP of this machine will be publicly logged as having requested this\r\ncertificate. If you're running certbot in manual mode on a machine that is not\r\nyour server, please ensure you're okay with that.\r\n\r\nAre you OK with your IP being logged?\r\n-------------------------------------------------------------------------------\r\n(Y)es\/(N)o: y\r\n\r\n-------------------------------------------------------------------------------\r\nPlease deploy a DNS TXT record under the name\r\n_acme-challenge.dh-espnlol.com with the following value:\r\n\r\nqwp5IiPcEumoRBsD3-Nnh0HTwscTyBofHRQxNj79x5Q\r\n\r\nBefore continuing, verify the record is deployed.\r\n-------------------------------------------------------------------------------\r\nPress Enter to Continue<\/pre>\n
#\u8fd9\u65f6\u5148\u522b\u7740\u6025\u786e\u8ba4,\u53bb\u57df\u540d\u89e3\u6790\u5e73\u53f0\u505a\u4e00\u4e2atxt\u8bb0\u5f55,\u8fd9\u4e2a\u8bb0\u5f55\u5fc5\u987b\u8981\u80fd\u88ab\u89e3\u6790\u5230\u624d\u884c,\u4fdd\u9669\u8d77\u89c1\u4f7f\u75288.8.8.8,\u505a\u5b8c\u89e3\u6790\u7528dig\u786e\u8ba4\u4e00\u4e0b,dig -t txt _acme-challenge.espnlol.com @8.8.8.8<\/p>\n
\"\"<\/a><\/p>\n
#\u786e\u8ba4\u6210\u529f\u4e4b\u540e\u70b9\u51fb\u786e\u8ba4\u5373\u53ef\u5b8c\u6210\u6cdb\u57df\u540d\u7684\u7533\u8bf7<\/p>\n
#\u6cdb\u57df\u540d\u4e00\u822c\u662f3\u4e2a\u6708\u5230\u671f,\u8fd9\u65f6\u5019\u9700\u8981\u7eed\u671f,\u8fd9\u91cc\u4e5f\u63d0\u4f9b\u4e86\u5f88\u53cb\u597d\u7684\u547d\u4ee4,\u671f\u9650\u4e0d\u6ee130\u5929\u7684\u8bc1\u4e66\u4f1a\u81ea\u52a8\u66f4\u65b0<\/p>\n
.\/certbot-auto renew \u2013renew-by-default\u00a0https:\/\/acme-v02.api.letsencrypt.org\/directory -d “*.espnlol.com” –manual –preferred-challenges dns-01 certonly<\/p>\n","protected":false},"excerpt":{"rendered":"
\u5b98\u65b9\u7f51\u7ad9:https:\/\/letsencrypt.org\/ github\u5730\u5740:h … \u7ee7\u7eed\u9605\u8bfb →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[],"class_list":["post-143","post","type-post","status-publish","format-standard","hentry","category-nginx"],"_links":{"self":[{"href":"https:\/\/blog.espnlol.com\/index.php?rest_route=\/wp\/v2\/posts\/143","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.espnlol.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.espnlol.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.espnlol.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.espnlol.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=143"}],"version-history":[{"count":3,"href":"https:\/\/blog.espnlol.com\/index.php?rest_route=\/wp\/v2\/posts\/143\/revisions"}],"predecessor-version":[{"id":259,"href":"https:\/\/blog.espnlol.com\/index.php?rest_route=\/wp\/v2\/posts\/143\/revisions\/259"}],"wp:attachment":[{"href":"https:\/\/blog.espnlol.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=143"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.espnlol.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=143"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.espnlol.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=143"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}