颁发ssl证书

任务

为了网站访问安全,在https://letsencrypt.org/自颁发ssl证书

环境配置

 cat /etc/redhat-release
CentOS Linux release 7.3.1611 (Core)

选择系统时发现自己的CentOS与RHEL并列,不清楚后者为何,查询到是商业版本。

centos基于redhat红帽RHEL(Red Hat Enterprise Linux)的开源源码 完成的,为什么redhat愿意这个寄生虫和自己抢市场呢?答:GPL 协议保证linux一定是开源的,这样完全合法
1,无偿和有偿的区别:redhat是收费版,centos是免费版;
2,redhat一个提供商业的解决方案 ,centos一个不提供。

3,CentOS是Linux发行版之一,它是来自于Red Hat Enterprise Linux依照开放源代码规定释出的源代码所编译而成。它与RedHat使用同样的源代码

RHEL 和centos 的区别

requirements

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

Installing snap on CentOS

$ sudo yum install snapd
$ sudo systemctl enable --now snapd.socket
$ sudo ln -s /var/lib/snapd/snap /snap

Ensure that your version of snapd is up to date

sudo snap install core; sudo snap refresh core

Install Certbot

remove old version (if exists)

sudo yum remove certbot
sudo snap install --classic certbot

error: cannot install “certbot”: classic confinement requires snaps under /snap
or symlink from /snap to /var/lib/snapd/snap

见上步的建立软链接:sudo ln -s /var/lib/snapd/snap /snap

本次同样需要建立软链接

sudo ln -s /snap/bin/certbot /usr/bin/certbot

生成证书

server {
        listen       80;
        server_name  leezeeyee.com; #这里填你要验证的域名
        location ^~ /.well-known/acme-challenge/ {
            default_type "text/plain";
            root     /usr/share/nginx/html/; #这里需要与后文 --webroot -w 后面配置的路径一致
        }
    }
sudo certbot certonly --webroot -w /usr/share/nginx/html/ -d leezeeyee.com

server {
    listen 443 ssl;
    listen [::]:443 ssl ipv6only=on;
    ssl_certificate /etc/letsencrypt/live/leezeeyee.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/leezeeyee.com/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/leezeeyee.com/chain.pem;
    // ... other settings ...
}

解决问题

颁发完后网页403,进行解决

查看是否安装模块

nginx -V | grep http_ssl_module

输出有内容,则模块存在

打印log

根据default.conf中的log文件目录,显示由于配置文件格式问题

1 comment

Leave a comment

Your email address will not be published. Required fields are marked *