過程
好險之前有先記錄了一下,這次直接照著上次做的步驟就可以了
【SSL 憑證】利用 certbot 自動更新 Let's Encrypt 憑證
有時候做做筆記還挺不錯的對吧 ^___^
目前用的server是樹梅派3,設定好ip以及對應以後就可以直接上線了
安裝的部分可以參考【Raspberrypi】Raspbian OS Jessie 安裝,PHP server setup
然後直接連線進去處理一次就行了。
直接節錄指令
pi@raspberrypi:/ $ sudo wget https://dl.eff.org/certbot-auto pi@raspberrypi:/ $ sudo chmod a+x certbot-auto pi@raspberrypi:/ $ ./certbot-auto --apache需要回答的問題
Plugins selected: Authenticator apache, Installer apache Which names would you like to activate HTTPS for? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: weijweb.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter 'c' to cancel): 1【SSL 憑證】利用 certbot 自動更新 Let's Encrypt 憑證
上次設定過了,這次直接選
Cert is due for renewal, auto-renewing... Renewing an existing certificate Performing the following challenges: tls-sni-01 challenge for weijweb.com Waiting for verification... Cleaning up challenges Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/000-default-le-ssl.conf Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2這邊直接讓http導https
Enabled Apache rewrite module Redirecting vhost in /etc/apache2/sites-enabled/000-default.conf to ssl vhost in /etc/apache2/sites-enabled/000-default-le-ssl.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Your existing certificate has been successfully renewed, and the new certificate has been installed. The new certificate covers the following domains: https://weijweb.com You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=weijweb.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/weijweb.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/weijweb.com/privkey.pem Your cert will expire on 2018-10-25. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot-auto renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le莫名其妙完成了,好快
接著來處理gateway外網接入的NAT
完成以後直接打開瀏覽器測試
完美,終於可以開始寫點東西了
留言
張貼留言