動機
之前文章 【SSL 憑證】利用 sslforfree 協助申請 Let's Encrypt 中
nobodyzxc 所回應的感謝詞,讓我想起之前我憑證再度過期實作的處理
之前用sslforfree很方便,但是卻不能每三個月幫我置換一次憑證
基於懶人心態,所以這次使用了Certbot作為自動處理憑證的方式
過程
因為是回憶,所以先開台centos6 docker來做測試
如果直接安裝在本機的就可以略過這段
但是我是真的蠻建議在測試的時候使用docker的
好吃不黏手
[root@localhost ~]# docker pull centos:6 [root@localhost ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/centos 6 7ea307891843 6 days ago 194.3 MB [root@localhost ~]# docker run -idt -p 80:80 7ea 1a02142ca151f936a456f7150bd2657c4f7f06cfa8b1c230f8928dbe58015567 [root@localhost ~]# docker attach 1a0 [root@1a02142ca151 /]#然後安裝apache進去
[root@1a02142ca151 /]# yum install -y httpd wget
[root@1a02142ca151 /]# service httpd start
Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2 for ServerName
[ OK ]
開瀏覽器確認一下有沒有服務到這邊都正常,那麼就可以導一個zone過來用了
我是用godaddy直接處理的,這邊就不秀了
接著前往 Certbot 官方 選擇自己的web service
然後安裝他
[root@1a02142ca151 /]# wget https://dl.eff.org/certbot-auto [root@1a02142ca151 /]# chmod a+x certbot-auto [root@1a02142ca151 /]# certbot-auto --apache填資料時間
Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): g23988@gmail.com ------------------------------------------------------------------------------- Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf. You must agree in order to register with the ACME server at https://acme-v01.api.letsencrypt.org/directory ------------------------------------------------------------------------------- (A)gree/(C)ancel: A ------------------------------------------------------------------------------- Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about EFF and our work to encrypt the web, protect its users and defend digital rights. ------------------------------------------------------------------------------- (Y)es/(N)o: Y No names were found in your configuration files. Please enter in your domain name(s) (comma and/or space separated) (Enter 'c' to cancel): test.mydomain.com (note: conf files with multiple vhosts are not yet supported) ------------------------------------------------------------------------------- 1: ssl.conf | | HTTPS | Enabled ------------------------------------------------------------------------------- Press 1 [enter] to confirm the selection (press 'c' to cancel): 1然後劈劈啪啪就裝好了
超爽,什麼都不用自己用XD
接著設定一下排程讓他自己更新
[root@1a02142ca151 /]# vi /etc/crontab 0 23 * * * root /certbot-auto renew啊哈,輕鬆愉快
怕有意外的話可以自己手動跑跑看
root@raspberrypi:/opt# /certbot-auto renew Saving debug log to /var/log/letsencrypt/letsencrypt.log ------------------------------------------------------------------------------- Processing /etc/letsencrypt/renewal/mydomain.com.conf ------------------------------------------------------------------------------- Cert not yet due for renewal The following certs are not due for renewal yet: /etc/letsencrypt/live/mydomain.com/fullchain.pem (skipped) No renewals were attempted.不用自己手動來了,除非你想練習拉 XD
畢竟正式工作內容還是得自己手動換
留言
張貼留言