CentOS7.x免费SSL证书

CentOS7.x免费SSL证书

  1. 作者QQ:67065435 QQ群:821635552

安装pip

  1. 安装前的准备

    yum install yum-utils -y
    yum-config-manager --enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optional
    
  2. 下载更新pip

    # 下载pip
    wget https://bootstrap.pypa.io/get-pip.py
    python get-pip.py
    
    # 删除pip源配置文件
    mv ~/.pip/pip.conf ~/.pip/pip.conf.backup
    
    # 更新pip
    pip install pip -U
    
    # 修改pip源为阿里源
    pip config set global.index-url https://mirrors.aliyun.com/pypi/simple
    
    # 安装pip包
    pip uninstall urllib3
    pip install urllib3
    

安装certbot

  1. 安装certbot

    cd /root
    yum install certbot -y
    certbot --help
    
  2. 生成证书(*.xxxxxx.com为通配符域名)

    certbot certonly --manual --force-renewal --server https://acme-v02.api.letsencrypt.org/directory --preferred-challenges dns-01 -d "*.xxxxxx.com,xxxxxx.com"
    # 1.执行过程中输入邮箱
    # 2.执行过程中输入A同意
    # 3.执行过程中输入Y确认
    # 4.执行过程中输入Y确认
    # 5.执行过程中添加DNS的TXT解析记录,以阿里云DNS为例
       # 1.记录类型TXT
       # 1.主机记录_xxx-xxx.xxx.com
       # 1.解析线路默认
       # 1.记录值xxxxxx
       # 1.TTL 10分钟
    # 6.按下回车,提示成功!
    # 7.执行过程中添加DNS的TXT解析记录,以阿里云DNS为例
       # 1.记录类型TXT
       # 1.主机记录_xxx-xxx.xxx.com
       # 1.解析线路默认
       # 1.记录值xxxxxx
       # 1.TTL 10分钟
    # 8.按下回车,提示成功!
    # 9.执行过程中添加DNS的TXT解析记录,以阿里云DNS为例
       # 1.记录类型TXT
       # 1.主机记录_xxx-xxx.xxx.com
       # 1.解析线路默认
       # 1.记录值xxxxxx
       # 1.TTL 10分钟
    # 10.按下回车,提示成功!
    # 11.执行过程中添加DNS的TXT解析记录,以阿里云DNS为例
       # 1.记录类型TXT
       # 1.主机记录_xxx-xxx.xxx.com
       # 1.解析线路默认
       # 1.记录值xxxxxx
       # 1.TTL 10分钟
    # 12.按下回车,提示成功!
    
  3. 按照成功后的提示,记下证书文件的路径,提示信息类似如下

    IMPORTANT NOTES:
     - Congratulations! Your certificate and chain have been saved at:
       /etc/letsencrypt/live/xxx.com/fullchain.pem
       Your key file has been saved at:
       /etc/letsencrypt/live/xxx.com/privkey.pem
       Your cert will expire on 2xxx-xx-xx. To obtain a new or tweaked
       version of this certificate in the future, simply run certbot
       again. To non-interactively renew *all* of your certificates, run
       "certbot renew"
     - If you like Certbot, please consider supporting our work by:
       Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
       Donating to EFF:               https://eff.org/donate-le
    
    # 生成的文件放在:
    /etc/letsencrypt/live/xxx.com/fullchain.pem
    /etc/letsencrypt/live/xxx.com/privkey.pem
    # 该证书到期的时间是
    2xxx-xx-xx
    
  4. 配置nginx并重载配置

你可能感兴趣的:(linux,centos)