简介

cerbot是一个让你的网站自动部署Let’s Encrypt颁发的免费数字证书,使得你的网站支持https。

安装

在epel-release上面就有对应的安装包,直接使用yum安装就可以了。

yum -y install epel-release

yum -y install certbot.noarch

配置

如果使用yum安装的nginx或者apache,可以直接执行cerbot,程序会自动找到web容器进行添加证书,如果是自己编译的,就需要手动生成证书,再进行配置。

1、rpm包的nginx

yum -y install nginx

2、配置证书

cerbot   run

手动配置

生成证书

certbot certonly

Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?

* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)

* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Select the appropriate number [1-2] then [enter] (press 'c' to cancel): opcai.top
#这里选择配置webroot的路径,或者指定一个域名,如果网站已经建成就直接输入域名就可以自动生成了

Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/opcai.top.conf)

证书成成位置

/etc/letsencrypt/live/opcai.top/

证书:cert.pem

私钥:privkey.pem

配置到对应的web容器配置文件即可。

自动更新证书

证书只有三个月的期限,可以开启定时任务自动更新:

systemctl  enable certbot-renew.timer