摘要: 最受歡迎的免費HTTPS證照,瞭解一下?
HTTPS已成為業界標準,這篇部落格將教你申請Let's Encrypt的免費HTTPS證照。本文的操作是在Ubuntu 16.04下進行,使用nginx作為Web伺服器。
1. 安裝Certbot
Certbot可以用於管理(申請、更新、配置、撤銷和刪除等)Let's Encrypt證照。這裡安裝的是帶nginx外掛的certbot:
sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository -y ppa:certbot/certbot
sudo apt-get update
sudo apt-get install -y python-certbot-nginx
複製程式碼
2. 配置Nginx
vim /etc/nginx/conf.d/fundebug.conf
複製程式碼
此時還沒有HTTPS證照,因此域名只能使用80埠而非443埠,網站只能通過http協議而非https協議訪問:www.fundebug.com。
server
{
listen 80;
server_name www.fundebug.com;
}
複製程式碼
重啟nginx:
systemctl restart nginx
複製程式碼
3. 配置DNS
使域名www.fundebug.com指向nginx所在伺服器的IP:
如果你想發現程式碼中隱藏的BUG,歡迎免費試用最專業的BUG實時監控平臺Fundebug!
4. 申請證照
使用certbot命令為www.fundebug.com申請HTTPS證照。--nginx選項表示Web伺服器為nginx,-d選項指定域名,-n選項表示非互動式執行命令。若去除**-n**選項,則終端會提醒你選擇是否將http請求重定向為https請求。
certbot --nginx -d www.fundebug.com -n
複製程式碼
證照申請成功之後,會看到以下資訊。Let's Encrypt證照的有效期只有3個月,但是Certbot會通過Cron和systemd timer自動更新證照,證照的時效性不用擔心。
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/www.fundebug.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/www.fundebug.com/privkey.pem
Your cert will expire on 2018-09-29. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
複製程式碼
HTTPS證照相關的檔案在**/etc/letsencrypt/**目錄中:
find /etc/letsencrypt/ -name "*www.fundebug.com*"
/etc/letsencrypt/renewal/www.fundebug.com.conf
/etc/letsencrypt/archive/www.fundebug.com
/etc/letsencrypt/live/www.fundebug.com
複製程式碼
certbot會自動修改nginx配置檔案:
cat /etc/nginx/conf.d/fundebug.conf
複製程式碼
nginx監聽了443埠並配置了HTTPS證照,這時我們可以通過HTTPS協議訪問了!www.fundebug.com
server
{
listen 80;
server_name www.fundebug.com;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/www.fundebug.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.fundebug.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
複製程式碼
參考
關於Fundebug
Fundebug專注於JavaScript、微信小程式、微信小遊戲、支付寶小程式、React Native、Node.js和Java線上應用實時BUG監控。 自從2016年雙十一正式上線,Fundebug累計處理了10億+錯誤事件,付費客戶有Google、360、金山軟體、百姓網等眾多品牌企業。歡迎大家免費試用!
版權宣告
轉載時請註明作者Fundebug以及本文地址:
blog.fundebug.com/2018/07/06/…