Free SSL certificate Let ' s Encrypt (certbot) Installation tutorial

Https://www.vpser.net/build/letsencrypt-certbot.html

Let ' s encrypt is very hot. A free SSL certificate issuance project, an automated issue certificate, has a 90-day validity period. Suitable for personal use or temporary use, do not have to endure since the issue of the certificate is not trusted by the browser prompt. Last year, VPS detectives have said let's encrypt use of the tutorial, but let's encrypt has released a new tool Certbot, although it is a new tool, but the use of the generation of certificates and parameters are basically consistent, the certificate renewal is simpler. But there is still a problem with the compatibility of Certbot in older versions of Linux distributions, especially on CentOS 5 because Python is too low to use, CentOS 6 needs to install Epel first. Of course there are a lot of third-party tools you can also try yourself.

Installation method:


If it is CentOS 6, 7, first execute: Yum install Epel-release


cd/root/
wget Https://dl.eff.org/certbot-auto--no-check-certificate
chmod +x./certbot-auto
./certbot-auto-n
./certbot-auto-n is only used to install the dependency pack, you can skip directly to the following steps to generate a certificate, domestic VPS or server on the use of words proposed first modified for the domestic PIP source.


Single Domain name generation certificate:


./certbot-auto certonly--email admin@vpser.net--agree-tos--webroot-w/home/wwwroot/www.vpser.net-d www.vpser.net


Multiple domain name single directory generation Certificate: (that is, a site with multiple domain names using the same certificate)


./certbot-auto certonly--email admin@vpser.net--agree-tos--webroot-w/home/wwwroot/www.vpser.net-d www.vpser.net-d Bbs.vpser.net


Multi-domain Multiple directory generation multiple certificates: (i.e. multiple certificates that generate multiple domain names at one time)


./certbot-auto certonly--email admin@vpser.net--agree-tos--webroot-w/home/wwwroot/www.vpser.net-d www.vpser.net-d Bbs.vpser.net-w/home/wwwroot/lnmp.org-d www.lnmp.org-d lnmp.org


Tips


IMPORTANT NOTES:
-congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/www.vpser.net/fullchain.pem. Your cert would
Expire on 2016-10-01. To obtain a new or tweaked version of this
Certificate in the future, simply run Certbot-auto again. To
non-interactively Renew *all* of your certificates, run
"Certbot-auto Renew"
-If You like Certbot, please consider supporting we work by:


Donating to Isrg/let ' s encrypt:https://letsencrypt.org/donate
Donating to Eff:https://eff.org/donate-le


is to build success.


The generated certificate exists:/etc/letsencrypt/live/www.vpser.net/directory


Specific Nginx and Apache configuration can refer to: https://www.vpser.net/build/letsencrypt-free-ssl.html in the configuration file.


Remember to reboot or reload Nginx when you finish modifying the configuration file.


Certificate renewal


Cerrbot renewal is simpler than the original, because the certificate is only 90 days, so it is recommended to use Crontab for automatic renewal:


Crontab Add the following rules: 0 3 */5 * */root/certbot-auto renew--renew-hook "/etc/init.d/nginx Reload" so that all domain name renewal operations are performed once every 5 days. Of course, time can also be adjusted on its own, not too often recommended, because they have the limit of the number of requests, if you need to force an update on the previous command to add--force-renew parameters.


Precautions:


1, because the default LNMP virtual host is prohibited. The beginning of the hidden files and directories, so access to http://abc.com/.well-known/acme-challenge/**** this link words return 403 error, so you must be the corresponding virtual host configuration file in the
Location ~/\.
{
Deny all;
}
This configuration is deleted or commented out or added in front of this configuration
Location ~/.well-known {
Allow all;
}


Configure the code above, and then restart Nginx.


2, if you want to enable HTTP2, it is recommended to edit lnmp.conf, nginx_modules_options in the inside of the single quotes add--with-openssl=/root/openssl-1.0.2h


and perform: Cd/root && wget-c https://www.openssl.org/source/openssl-1.0.2h.tar.gz && tar zxf Openssl-1.0.2h.tar.gz, and then use the upgrade script./upgrade.sh Nginx upgrade Nginx to 1.9.5 or later.


3, some domestic user reflects will be stuck in installing Python packages ... This place does not move, because the default source of the PIP is foreign, the domestic may be a bit slow, you can execute the following command to modify the PIP source for the domestic:
mkdir ~/.pip
Cat > ~/.pip/pip.conf <<eof
[Global]
Index-url = https://pypi.doubanio.com/simple/


[Install]
Trusted-host=pypi.doubanio.com
Eof


After you run the Certbot command, you should install the Python package normally.


There are questions to ask in this post or VPS Detective Forum.


VPS Detective Forum Invitation Code: Https://bbs.vpser.net/reg.php?invitecode=41f1ca437cCC9FXe expiry date: 2016-7-8 13:07