zoukankan      html  css  js  c++  java
  • debian+apache+acme_tiny+lets-encrypt配置笔记

    需要预先将需要申请ssl的域名指向到服务器,此方法完全通过api实现,好处是绿色无污染,不需要注册账号,不会泄露私人信息
    环境为 debian7+apache

    apt-get install apache2
    a2enmod rewrite
    a2enmod ssl
    apt-get install php5 php-pear
    vi /etc/apache2/sites-enabled/000-default
    ---------------------------000-default------------------------
    Alias /.well-known/acme-challenge/ /var/www/challenges/
    --------------------------------------------------------------
    mkdir /var/www/challenges
    
    mkdir /etc/apache2/ssl
    cd /etc/apache2/ssl
    openssl genrsa 4096 > account.key
    openssl genrsa 4096 > domain.key
    openssl req -new -sha256 -key domain.key -subj "/" -reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf "[SAN]
    subjectAltName=DNS:domain.com,DNS:www.domain.com")) > domain.csr
    wget https://raw.githubusercontent.com/diafygi/acme-tiny/master/acme_tiny.py
    python acme_tiny.py --account-key ./account.key --csr ./domain.csr --acme-dir /var/www/challenges/ > ./signed.crt
    wget -O - https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem > intermediate.pem
    
    --------------------------------------------------------------
    a2ensite default-ssl
    ------------------default-ssl---------------------------------
    SSLCertificateFile /etc/apache2/ssl/signed.crt
    SSLCertificateKeyFile /etc/apache2/ssl/domain.key
    SSLCertificateChainFile /etc/apache2/ssl/intermediate.pem
    --------------------------------------------------------------
    
    
    
    vi /etc/apache2/ssl/renew.sh
    ------------------------------renew.sh-------------------------
    #!/bin/bash
    
    cd /etc/apache2/ssl
    python acme_tiny.py --account-key ./account.key --csr ./domain.csr --acme-dir /var/www/challenges/ > ./signed.crt || exit
    wget -O - https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem > intermediate.pem
    /etc/init.d/apache2 reload
    
    --------------------------------------------------------------
    
    crontab -e
    
    ------------------crontab--------------------------------
    0 0 1 * * /etc/apache2/ssl/renew.sh >/dev/null 2>&1
    --------------------------------------------------------------
    

      nginx设置

    location /.well-known/acme-challenge/ {
            alias /var/www/challenges/
    ; }
    cat signed.crt intermediate.pem > mysite.crt #合并证书
    
    
    nginx配置
    ssl_certificate /root/bin/nginx/conf/custom/cert/mysite.crt;
    ssl_certificate_key /root/bin/nginx/conf/custom/cert/zorelworld.key;
  • 相关阅读:
    【ThreadLocal】使用ThreadLocal实现线程安全
    【Https】Spring RestTemplete支持Https安全请求
    【MySql】Windows手动注册、启动、数据拷贝
    【技术问题】时空大数据0001---基本知识
    【NodeJS】Vue-d2Admin
    【Oracle】Windows启动
    【三维地质】角点网格
    技术总结
    【Sqlite】C#不同支持
    【Java】Spring
  • 原文地址:https://www.cnblogs.com/charie/p/5459344.html
Copyright © 2011-2022 走看看