cerbot是一个让你的网站自动部署Let's Encrypt颁发的免费数字证书,使得你的网站支持https。
在epel-release上面就有对应的安装包,直接使用yum安装就可以了。
yum -y install epel-release yum -y install certbot.noarch
如果使用yum安装的Nginx或者Apache,可以直接执行cerbot,程序会自动找到web容器进行添加证书,如果是自己编译的,就需要手动生成证书,再进行配置。
1、rpm包的nginx
yum -y install nginx
2、配置证书
cerbot run
手动配置
生成证书
certbot certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.log
How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the Appropriate number [1-2] then [enter] (press 'c' to cancel): opcai.top
#这里选择配置webroot的路径,或者指定一个域名,如果网站已经建成就直接输入域名就可以自动生成了
Cert not yet due for renewal
You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/opcai.top.conf)
/etc/letsencrypt/live/opcai.top/
证书:cert.pem
私钥:privkey.pem
配置到对应的web容器配置文件即可。
证书只有三个月的期限,可以开启定时任务自动更新:
systemctl enable certbot-renew.timer