Use let's encrypt client to request SSL certificate for FREE

Mozilla, Cisco, Akamai, Identrust, EFF, and University of Michigan researchers jointly announced the Let's Encrypt CA project, which plans to provide a free basic SSL certificate to the Web site to accelerate the Internet transition from HTTP to HTTPS. Let's Encrypt CA will be operated by the nonprofit organization Internet Security Survey Group (ISRG), which was formally launched in the public beta phase of the December 4 morning, and then rushed to apply for a trial.

Before I applied for a certificate is a BS way, this time is CS way, feel very fresh.

My server environment is centos6.6

1. To install python2.7,2.6 will error when applying
   

ttps://www.python.org/downloads/release/python-2710/

Wget tar zxf python-2.7.10.tgzcd python-2.7.10./configuremake && make install# refer to the System Python command to the new version which PYTHON/USR /local/bin/pythonrm/usr/local/bin/pythonln-s/usr/local/bin/python2.7/usr/local/bin/python

2. Download the Letsencrypt client

Yum install -y gitgit clone cd letsencrypt./letsencrypt-auto --helpupdating  letsencrypt and virtual environment dependencies ..... running with virtualenv: /root/.local/share/letsencrypt/bin/letsencrypt --help   LETSENCRYPT [SUBCOMMAND] [OPTIONS] [-D DOMAIN] [-D DOMAIN]&NBSP, ..... The let ' s encrypt agent can obtain and install https/tls/ssl  Certificates.  bydefault, it will attempt to use a webserver  both for obtaining and installingthe cert. major subcommands are :   (default)  run        obtain & install  a cert in your current webserver  certonly              obtain cert, but do not install it  (aka  "auth")   install               Install a previously  obtained cert in a server  revoke                revoke a previously obtained certificate   rollback             rollback  server configuration changes made during install  config_changes        Show changes made to server config  during installation  plugins               display information about installed pluginschoice of server  plugins for obtaining and installing cert:  --apache           Use the Apache plugin for authentication & installation   --standalone      Run a standalone webserver for  authentication   (nginx support is experimental, buggy, and not  Installed by default)   --webroot          Place files in a server ' S webroot folder for authenticationor use  different plugins to obtain  (Authenticate)  the cert and then  install it:  --authenticator standalone --installer apacheMore  detailed help:  -h, --help [topic]    print this  Message, or detailed help on a topic;                         the available topics are:    all, automation, paths, security, testing, or any of  the subcommands or   plugins  (certonly, install, nginx,  APACHE, STANDALONE, WEBROOT, ETC)

3. The client can provide you with Application + automatic installation Apache/nginx and other one-stop service, here I choose DIY, only apply, do not bother the client, execute the following command

./letsencrypt-auto certonly--manual

Enter your domain name

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/77/0A/wKiom1ZhTaCgQFyAAABm1NWtUTA384.png "title=" 1.png " alt= "Wkiom1zhtacgqfyaaabm1nwtuta384.png"/>

Prompt to consent to their recording of the IP address of your request.

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M00/77/0A/wKiom1ZhTgDjO9K4AAC8sTBB91I304.png "title=" 2.png " alt= "Wkiom1zhtgdjo9k4aac8stbb91i304.png"/>

This step is to verify domain ownership, which is critical

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M00/77/09/wKioL1ZhTp2B08lyAABhdsvfhlA307.png "title=" 3.png " alt= "Wkiol1zhtp2b08lyaabhdsvfhla307.png"/>

This step means that the client will access the Http://www.example.com/.well-known/acme-challenge/xiDWA8FkdWeTua7MIXBpQ3PeLt8jVu5Eimi4-jPsTHs See if the output is XIDWA8FKDWETUA7MIXBPQ3PELT8JVU5EIMI4-JPSTHS.MOCYBE5RRQ_NSGGFYBRHKVCTSOHWN2Z0JDFTTQKHKQE.

I installed the Nginx server in advance, then only need to create the directory and the corresponding content files in the root directory of my website, can be accessed on the public network.

Cd/wwwroot/mkdir-p./.well-known/acme-challenge/echo xidwa8fkdwetua7mixbpq3pelt8jvu5eimi4-jpsths.mocybe5rrq_ nsggfybrhkvctsohwn2z0jdfttqkhkqe>./.well-known/acme-challenge/ Xidwa8fkdwetua7mixbpq3pelt8jvu5eimi4-jpsths try to get the output normal, no curl. If normal, press ENTER. (If the Web server is not installed, you can follow the prompts to execute #run only once per Server command)

4. Successful Certificate acquisition

IMPORTANT NOTES:-congratulations! Your certificate and chain have been saved At/etc/letsencrypt/live/example.com/fullchain.pem. Your cert would expire on 2016-03-03. To obtain a new version of the certificate in the future, simply run let ' s Encrypt again. -If like let's Encrypt, please consider supporting we work by:donating to Isrg/let ' s Encrypt:https://letsencrypt . org/donate donating to Eff:https://eff.org/donate-le

I'll send you a blog post about how to use this certificate.

This article is from the "Grand Cloud Technology Record" blog, please make sure to keep this source http://xiayun.blog.51cto.com/2344243/1719635

Use let's encrypt client to request SSL certificate for FREE