Linux Nginx Website: Certbot installation configuration lets Encrypt SSL free HTTPS encryption certificate
Original address: https://renwole.com/archives/157
Lab Environment: CentOS Linux Release 7.2
Kernel version: Linux version 3.10.0-514.26.2.el7.x86_64
Nginx version: Nginx-1.13.0
Let's encrypt is a free, automated, open certification authority. Sponsored by many companies and organizations such as Mozilla, Cisco, Chrome, Facebook, and Akamai, the security is stable and reliable. Specific information can go to Letsencrypt official website for more details.
Today we take full advantage of lets encrypt let your website implement HTTPS encryption.
Official website: https://letsencrypt.org/
1. Installing Certbot and Source expansion packs
$ yum install-y epel-release
Certbot is the recommended client for let's encrypt official designation. With Certbot, you can automate the deployment of Let's Encrypt SSL certificates to add HTTPS encryption support to your website.
$ yum Install certbot$ Certbot certonly
Saving debug Log to/var/log/letsencrypt/letsencrypt.loghow Would you want to authenticate with the Acme ca?//you are hoping how to use Acme CA for authentication? -------------------------------------------------------------------------------1:place files in Webroot directory ( Webroot)//Place the file in the Webroot directory 2:spin up a temporary webserver (standalone)// Use a temporary Web server (stand-alone directory)-------------------------------------------------------------------------------Select the appropriate number [1-2] then [Enter] (press ' C ' to cancel): 1 "Select 1 return" Enter email address (used for urgent renewal and SECU rity notices) (enter ' C ' tocancel): [email protected] "Enter your email address for emergency updates and security notifications" starting new HTTPS Connection (1): acme-v01.api.letsencrypt.org-------------------------------------------------------------------------------please Read the Terms of Service athttps://letsencrypt.org/documents/le-sa-v1.1.1-august-1-2016.pdf. You must agreein order to register with the ACME server athttps://acme-v01.api.letsencrypt.org/ Directory-------------------------------------------------------------------------------(a) gree/(c) ancel:a "Select a enter to agree to the terms of service, C for refusal"---------------------- ---------------------------------------------------------would you are willing to share your email address with the ELECTR Onic Frontierfoundation, a founding partner of the Let's Encrypt project and the non-profitorganization that develops Cert Bot? We ' d like to send your email about EFF andour work to encrypt the web, protect its users and defend digital rights.-------- -----------------------------------------------------------------------(y) es/(N) o:y "If you would like to share your e-mail address, it is recommended to select Y Enter" Please enter the your domain name (s) (comma and/or space separated) (enter ' C ' to cancel): blog.renwole.com "Enter the domain name return" obtaining A new certificateperforming the following challenges:http-01 challenge for Blog.renwole.comSelect the Webroot for Blog.re Nwole.com:-------------------------------------------------------------------------------1:enter a new webroot// Enter the site absolute path-------------------------------------------------------------------------------press 1 [Enter] to confirm the selection (presses ' C ' to cancel): 1 "Select the number 1 return car" Input the Webroo T for blog.renwole.com: (enter ' C ' to cancel):/home/www/blog.renwole.com "Enter the absolute path where the website is located" Waiting for verification ... Waiting for verification ... Cleaning up challengesgenerating key (2048 bits):/etc/letsencrypt/keys/0001_key-certbot.pemcreating CSR:/etc/ Letsencrypt/csr/0001_csr-certbot.pemimportant notes:-congratulations! Your certificate and chain has been saved at/etc/letsencrypt/live/blog.renwole.com/fullchain.pem. Your Certwill expire on 2017-08-09. To obtain a new or tweaked version Ofthis certificate on the future, simply run Certbot again. tonon-interactively Renew *all* of your certificates, run "certbotrenew"-If you like Certbot, please consider supporting Our work by:donating to Isrg/let's encrypt:https://letsencrypt.org/donatedonating to EFF:
Congratulations! Your SSL certificate and key link has been saved and your certificate will expire in 2017-08-09.
Note: You need to make sure that the Nginx 443 port is in a running state before generating the certificate, otherwise it will fail to generate a certificate.
If you encounter the installation: problem binding to port 80:could not bind to IPV4 or IPV6. Error, please close Nginx service and install.
Automatic certificate renewal:
Add a scheduled task to the system to perform the renewal:
1 * * 1/usr/bin/certbot renew >>/data0/certbot_renew_log/certbot_renew.log
Perform a certificate update every Monday 1:30 A.M.
Nginx Install lets Encrypt SSL free HTTPS encryption certificate