Nowadays, more and more websites are using SSL certificates, not only on e-commerce websites and portals, but also on many personal websites and blogs, the old man is also considering whether to install the SSL certificate for his blog. He has been preparing to add it before, because this topic uses a lot of outdated directories and files which are manually added statically, therefore, it is troublesome to modify the settings.
The old left Blog (laozuo.org) also shares many installation articles on SSL certificates, and many merchants also provide free certificates, for example, Tencent Cloud provides a free one-year GeoTrust dv ssl certificate, and Let's Encrypt is permanently free but requires a 90-day activation and renewal. Of course, it is not very expensive to purchase a certificate, some even tens of dollars can be bought in a year.
For general websites, we can use a free SSL certificate. For example, if we use more Let's Encrypt certificates, we can manually deploy them according to the tutorial, as well as the old Left has shared the use of the ssl for free tool to automatically deploy to the VPS server, and cPanel panel virtual host. In this article, I am going to share with you the process of deploying the Let's Encrypt certificate using the Certbot tool.
1. Certbot official website and deployment version selection
The code is as follows: |
Copy code |
Address: https://certbot.eff.org
|
Select the system and release version based on the actual project environment, and then jump to the installation wizard. The installation wizard is displayed.
Here we will deploy the service according to the Wizard. Here we will deploy it in the automatic mode. We hope everything goes well, because I am afraid to write the tutorial now, and some may even need to be adjusted for several days to complete it, maybe the IQ is not too high. This cannot be done, because it is born.
2. Deploying SSL using Certbot in Linux VPS
Here, my environment uses Nginx and the system uses CentOS6. I will select the corresponding one in the previous step and install it as prompted.
1. Automatic installation
The code is as follows: |
Copy code |
Wget https://dl.eff.org/certbot-auto
Chmod a + x certbot-auto
./Certbot-auto
|
After the automatic installation is executed, the required environment components will be downloaded and installed. In short, we can execute the installation. If you need to install the required environment components, enter y and press enter.
2. Generate a domain name certificate
A-single domain name
The code is as follows: |
Copy code |
./Certbot-auto certonly -- email admin@laobuluo.com -- agree-tos -- webroot-w/data/wwwroot/ssl.laobuluo.com-d ssl.laobuluo.com
|
B-multiple domain names
The code is as follows: |
Copy code |
. /Certbot-auto certonly -- email admin@laobuluo.com -- agree-tos -- webroot-w/var/www/laozuo-d laozuo.org-d www.laozuo.org-w/var/www/laobuluo-d laobuluo.com- d www.laobuluo.com
|
For multi-domain names, refer to the above multi-domain name settings. Modify and adjust the domain name.
We will have a window popped up when generating the certificate, and it is estimated that the email address is not detected. Then, after entering the press enter OK manually, we can see that the certificate has been generated for 90 days, then, we will renew the service for another 90 days. We can also use an automatic script to automatically renew the subscription.
3. Find our website certificate
After the certificate is generated, you can see that the certificate is stored in the/etc/letsencrypt/live/ssl.laobuluo.com/directory. This document is different in our website. There are four files: cert. pem, chain. pem, fullchain. pem, and privkey. pem.
4. Deploy the SSL file to the website.
After obtaining the certificate, we will know the certificate path. Here we will not change the path, but directly adjust it in the Nginx configuration file or APACHE file of the website. For details, refer to this article, the old left was set at that time.
The code is as follows: |
Copy code |
Ssl_certificate/etc/letsencrypt/live/ssl.laobuluo.com/fullchain.pem;
Ssl_certificate_key/etc/letsencrypt/live/ssl.laobuluo.com/privkey.pem;
Ssl_trusted_certificate/etc/letsencrypt/live/ssl.laobuluo.com/chain.pem;
|
Add port 443 to the Nginx site configuration file and set the SSL certificate file. Restart nginx to check whether the setting is successful. If an error occurs, a message is displayed. At the end of the work, do we need to redirect all non-HTTP requests to HTTPS.
Third, Let's Encrypt to renew the SSL certificate
The code is as follows: |
Copy code |
./Certbot-auto renew -- dry-run
|
It will be automatically renewed after execution, but is it also troublesome? This is because you have to come again every 90 days and a few days ago. We can set it to timing.
To sum up, whatever method we use to install the free SSL certificate for Let's Encrypt, you only need to install it. This method is also relatively simple. I will organize a detailed deployment document for Nginx and Apache later, because the Certbot tool deployment described in this article, the delay is a little too long, so it's time to go to work.