Let's Encrypt recently popular free SSL tutorials

Let's Encrypt recently popular free SSL tutorials

In February October 2015, Weibo accidentally saw Let's Encrypt release the beta version. This is undoubtedly a major news for the coders who have been abused by https. Let's Encrypt stands out under the general trend of Full-site Https, which will undoubtedly cause a great blow to traditional SSL certificate providers, and the Https application and promotion to an unprecedented hot stage.

Let's Encrypt is a free SSL project provided by ISRG (Internet Security Research Group) and is hosted by the Linux Foundation, sponsored by Mozilla, Cisco, Akamai, IdenTrust, and EFF, Alibaba Cloud has been supported and sponsored by large companies such as Google and Facebook to issue and manage certificates to websites for free, in addition, through its own automated process, the complexity of purchasing and installing certificates is eliminated. Just a few lines of command can be used to generate and put into use the certificate, you can even transform your http site to an Https site in ten minutes.
The power behind Let's Encrypt is as follows:

 git clone https://github.com/letsencrypt/letsencrypt cd letsencrypt ./letsencrypt-auto certonly --email [email protected] 

Tip:

1. If you are prompted that the git command is invalid, install GIt and run the command yum install git-all to complete the installation,

2. If it is a RedHat/CentOs6 system, you need to install EPEL (Extra Packages for Enterprise Linux) in advance and execute the command yum install epel-release

3. The entire process requires the host to connect to the Internet. Otherwise, the following error will be reported:

IMPORTANT NOTES:      - The following errors were reported by the server:            Domain: on-img.com           Type:   urn:acme:error:connection   Detail: Failed to connect to host for DVSNI challenge            Domain: www.on-img.com           Type:   urn:acme:error:connection           Detail: Failed to connect to host for DVSNI challenge

4. Let's encrypt is an open-source project compiled by python. Based on the python2.7 environment, if the system is installed with python2.6, you will be prompted to upgrade or execute the following command (not officially recommended ). /letsencrypt-auto certonly -- email [email protected] -- debug

Step 2: enter multiple domain names separated by spaces. The following prompt indicates that the certificate is successfully generated. 2. Use the certificate to enter/etc/letsencrypt/live/on-img.com/. on-img.comis the domain name entered in Part 2. Cert. pem server certificate privkey. pem is the certificate private key. If it is ECS + Server Load balancer, add the above certificate directly, bind it to Server Load balancer, and directly access https: // xxx.com. If it is Nginx configured by yourself, the following configurations are required:

Server {listen 443 ssl;/server_name xxx.com; // here is your domain name index index.html index.htm index. php default.html default.htm default. php; root/opt/wwwroot // website directory ssl_certificate/etc/letsencrypt/live/xxx.com/fullchain.pem; // The certificate generated earlier, just change the domain name, it is not recommended to change the path ssl_certificate_key/etc/letsencrypt/live/xxx.com/privkey.pem; // The Key generated earlier, just change the domain name in it, we do not recommend that you change the path ........}

Do not forget to load Nginx and execute/etc/init. d/nginx reload to make it take effect.

3. Last

If the above configuration is correct, you can directly Use https. My testing environment is virtual host + Server Load balancer, which is set up and used online in less than 20 minutes. All major browsers are normal for testing.

The last point is the validity period of the certificate. The official default validity period is three months. Make sure to update the certificate before it expires.