任务
为了网站访问安全,在https://letsencrypt.org/自颁发ssl证书
环境配置
cat /etc/redhat-release
CentOS Linux release 7.3.1611 (Core)
选择系统时发现自己的CentOS与RHEL并列,不清楚后者为何,查询到是商业版本。
centos基于redhat红帽RHEL(Red Hat Enterprise Linux)的开源源码 完成的,为什么redhat愿意这个寄生虫和自己抢市场呢?答:GPL 协议保证linux一定是开源的,这样完全合法
1,无偿和有偿的区别:redhat是收费版,centos是免费版;
2,redhat一个提供商业的解决方案 ,centos一个不提供。3,CentOS是Linux发行版之一,它是来自于Red Hat Enterprise Linux依照开放源代码规定释出的源代码所编译而成。它与RedHat使用同样的源代码
RHEL 和centos 的区别
requirements
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
Installing snap on CentOS
$ sudo yum install snapd
$ sudo systemctl enable --now snapd.socket
$ sudo ln -s /var/lib/snapd/snap /snap
Ensure that your version of snapd is up to date
sudo snap install core; sudo snap refresh core
Install Certbot
remove old version (if exists)
sudo yum remove certbot
sudo snap install --classic certbot
error: cannot install “certbot”: classic confinement requires snaps under /snap
or symlink from /snap to /var/lib/snapd/snap
见上步的建立软链接:sudo ln -s /var/lib/snapd/snap /snap
本次同样需要建立软链接
sudo ln -s /snap/bin/certbot /usr/bin/certbot
生成证书
server {
listen 80;
server_name leezeeyee.com; #这里填你要验证的域名
location ^~ /.well-known/acme-challenge/ {
default_type "text/plain";
root /usr/share/nginx/html/; #这里需要与后文 --webroot -w 后面配置的路径一致
}
}
sudo certbot certonly --webroot -w /usr/share/nginx/html/ -d leezeeyee.com
server {
listen 443 ssl;
listen [::]:443 ssl ipv6only=on;
ssl_certificate /etc/letsencrypt/live/leezeeyee.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/leezeeyee.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/leezeeyee.com/chain.pem;
// ... other settings ...
}
解决问题
颁发完后网页403,进行解决
查看是否安装模块
nginx -V | grep http_ssl_module
输出有内容,则模块存在
打印log
根据default.conf中的log文件目录,显示由于配置文件格式问题
1 comment