Let’s Encrypt\u7684\u8bc1\u4e66\u81ea\u7136\u4e0d\u7528\u591a\u8bf4\uff0c\u5927\u5bb6\u90fd\u77e5\u9053\u662f\u4e00\u4e2a\u514d\u8d39\u7684SSL\u8bc1\u4e66\uff0c\u5bf9\u4e8e\u4e2a\u4eba\u53ca\u5c0f\u4f01\u4e1a\u6765\u8bf4\uff0cLet’s Encrypt\u5bb6\u7684\u8bc1\u4e66\u7edd\u5bf9\u662f\u591f\u7528\u4e86\u3002
\n\u867d\u7136Let’s Encrypt\u5bb6\u7684\u8bc1\u4e66\u662f\u4e2a\u597d\u4e1c\u897f\uff0c\u4f46\u662f\u7533\u8bf7\u7684\u65b9\u5f0f\u5374\u5343\u5dee\u4e07\u522b\uff0c\u6211\u8fd9\u91cc\u63d0\u4f9b\u4e00\u79cd\u5dee\u5f02\u5316\u7684\u7533\u8bf7\u65b9\u5f0f\uff0c\u5728Debian\u3001CentOS\u3001Ubuntu\u7cfb\u7edf\u4e0a\u80fd\u505a\u5230\u65e0\u5dee\u5f02\u7684\u8fdb\u884c\u90e8\u7f72Let’s Encrypt\u5bb6\u7684SSL\u8bc1\u4e66\u3002
\n<\/p>\n
\u9996\u5148\uff0c\u9009\u62e9\u9700\u8981\u4fdd\u5b58certbot\u6587\u4ef6\u7684\u76ee\u5f55\uff0c\u53ef\u4ee5\u81ea\u5b9a\u4e49\uff0c\u4e5f\u53ef\u4ee5\u9009\u62e9\u73b0\u6709\u76ee\u5f55\uff0c\u6211\u662f\u9009\u62e9\u73b0\u6709\u7684\u7cfb\u7edf\u76ee\u5f55\uff0c\u8def\u5f84\u662f\/usr\/local\/src<\/em><\/strong>\uff0c\u5148\u8fdb\u5165\u4fdd\u5b58\u76ee\u5f55\uff1a<\/p>\n \n cd \/usr\/local\/src\n<\/p><\/blockquote>\n \u7528wget\u547d\u4ee4\u4e0b\u8f7dcertbot\uff1a<\/p>\n \n wget https:\/\/dl.eff.org\/certbot-auto\n<\/p><\/blockquote>\n \u518d\u8d4b\u4e88\u53ef\u6267\u884c\u6743\u9650\uff1a<\/p>\n \n chmod +x certbot-auto\n<\/p><\/blockquote>\n \u5230\u8fd9\u91cc\uff0ccertbot\u7a0b\u5e8f\u5c31\u7b97\u5b89\u88c5\u597d\u4e86\uff0c\u6211\u4eec\u63a5\u4e0b\u6765\u5c31\u53ef\u4ee5\u4f7f\u7528certbot\u7a0b\u5e8f\u8fdb\u884c\u8bc1\u4e66\u7533\u8bf7\u4e86\u3002<\/p>\n \u5229\u7528certbot\u7533\u8bf7Let’s Encrypt\u8bc1\u4e66\u9700\u8981\u5982\u4e0b\u51e0\u4e2a\u6761\u4ef6\uff1a \n .\/certbot-auto certonly\n<\/p><\/blockquote>\n \u7b2c\u4e00\u6b21\u6267\u884c\u7684\u65f6\u5019\uff0c\u53ef\u80fd\u4f1a\u8fdb\u884c\u4e00\u4e9b\u521d\u59cb\u5316\u3001\u5b89\u88c5\u6240\u5fc5\u987b\u7684\u4f9d\u8d56\u7b49\u64cd\u4f5c\uff0c\u671f\u95f4\u53ef\u80fd\u9700\u8981\u624b\u52a8\u786e\u8ba4\uff0c\u5f85\u5b89\u88c5\u5b8c\u6210\u4e4b\u540e\uff0c\u4f1a\u8981\u6c42\u8f93\u5165\u4e00\u4e9b\u6240\u9700\u8981\u7684\u4fe1\u606f\uff0c\u6b65\u9aa4\u5982\u4e0b\uff1a<\/p>\n \u53ef\u4ee5\u770b\u5230\uff0c\u6309\u7167\u8981\u6c42\u8f93\u5165\u4e4b\u540e\uff0c\u6211\u4eec\u6210\u529f\u7533\u8bf7\u4e86Let’s Encrypt\u7684\u8bc1\u4e66\uff0c\u5176\u4e2d\u8bc1\u4e66\u8def\u5f84\u5728\/etc\/letsencrypt\/live\/ssl.bwh123.com<\/em><\/strong>\uff0c\u9700\u8981\u642d\u914dNginx\u6216\u8005Apache\u4f7f\u7528\u7684\u8bdd\uff0c\u76f4\u63a5\u4f7f\u7528\u5c31\u597d\u4e86\u3002 \n .\/certbot-auto renew\n<\/p><\/blockquote>\n \u67e5\u770b\u5e2e\u52a9\u4fe1\u606f\u53ef\u4ee5\u4f7f\u7528\u5982\u4e0b\u547d\u4ee4\uff1a<\/p>\n \n .\/certbot-auto –help\n<\/p><\/blockquote>\n \u672c\u547d\u4ee4\u5728Vultr<\/a>\u53caBandwagonHost<\/a>\u53caDigitalOcean<\/a>\u53caLinode<\/a>\u4e0a\u7684VPS\u6d4b\u8bd5\u901a\u8fc7\uff0c\u642d\u914dNginx\u4e4b\u540e\u53ef\u4ee5\u6b63\u5e38\u4f7f\u7528\uff0c\u81f3\u4e8eSSL\u8bc1\u4e66\u7684\u60c5\u51b5\uff0c\u53ef\u4ee5\u67e5\u770b\u672c\u7ad9\u7684SSL\u8bc1\u4e66\uff0c\u7528\u7684\u5c31\u662fLet’s Encrypt\u7684\u8bc1\u4e66\u3002 Let’s Encrypt\u7684\u8bc1\u4e66\u81ea\u7136\u4e0d\u7528\u591a\u8bf4\uff0c\u5927\u5bb6\u90fd\u77e5\u9053\u662f\u4e00\u4e2a\u514d\u8d39\u7684SSL\u8bc1\u4e66\uff0c\u5bf9\u4e8e\u4e2a\u4eba\u53ca\u5c0f\u4f01\u4e1a\u6765 …<\/p>\n\u5229\u7528certbot\u7533\u8bf7Let’s Encrypt\u8bc1\u4e66<\/h2>\n
\n– \u7cfb\u7edf\u7684root\u6743\u9650
\n– 443\u7aef\u53e3\u672a\u88ab\u5360\u7528\uff0c\u9632\u706b\u5899\u653e\u884c443\u7aef\u53e3\uff0c\u4e14\u5916\u7f51\u80fd\u76f4\u63a5\u8bbf\u95ee\u672c\u673a\u7684443\u7aef\u53e3
\n– \u57df\u540d\u89e3\u6790\u5230\u4e86\u5f53\u524d\u4e3b\u673a
\n\u6ee1\u8db3\u4ee5\u4e0a\u6761\u4ef6\u4e4b\u540e\uff0c\u6211\u4eec\u5c31\u80fd\u5f00\u59cb\u8fdb\u884cLet’s Encrypt\u8bc1\u4e66\u7684\u7533\u8bf7\u4e86\u3002
\n\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6211\u4eec\u53ef\u5728\u4ea4\u4e92\u7a0b\u5e8f\u4e2d\u8fdb\u884c\u7533\u8bf7SSL\u8bc1\u4e66\uff1a<\/p>\nroot@BWH123:\/usr\/local\/src# .\/certbot-auto certonly\nBootstrapping dependencies for Debian-based OSes... (you can skip this with --no-bootstrap)\n... #\u7565\u8fc7\u5176\u4e2d\u4e00\u4e9b\u7cfb\u7edf\u4f9d\u8d56\u5b89\u88c5\u6b65\u9aa4\nHow would you like to authenticate with the ACME CA?\n-------------------------------------------------------------------------------\n1: Spin up a temporary webserver (standalone)\n2: Place files in webroot directory (webroot)\n-------------------------------------------------------------------------------\nSelect the appropriate number [1-2] then [enter] (press 'c' to cancel): 1 #\u9009\u62e9\u8ba4\u8bc1\u65b9\u5f0f\uff0c\u5efa\u8bae\u9009\u62e91\nPlugins selected: Authenticator standalone, Installer None\nEnter email address (used for urgent renewal and security notices) (Enter 'c' to\ncancel): bwh321@live.com #\u8f93\u5165\u60f3\u4f7f\u7528\u7684\u90ae\u7bb1\uff0c\u7528\u4e8e\u63a5\u6536\u8bc1\u4e66\u5230\u671f\u63d0\u9192\u7b49\u4fe1\u606f\uff0c\u5efa\u8bae\u9009\u62e9\u5e38\u7528\u7684\n-------------------------------------------------------------------------------\nPlease read the Terms of Service at\nhttps:\/\/letsencrypt.org\/documents\/LE-SA-v1.2-November-15-2017.pdf. You must\nagree in order to register with the ACME server at\nhttps:\/\/acme-v01.api.letsencrypt.org\/directory\n-------------------------------------------------------------------------------\n(A)gree\/(C)ancel: A # \u540c\u610fTOS\uff0c\u8f93\u5165A\n-------------------------------------------------------------------------------\nWould you be willing to share your email address with the Electronic Frontier\nFoundation, a founding partner of the Let's Encrypt project and the non-profit\norganization that develops Certbot? We'd like to send you email about EFF and\nour work to encrypt the web, protect its users and defend digital rights.\n-------------------------------------------------------------------------------\n(Y)es\/(N)o: N # \u662f\u5426\u613f\u610f\u5171\u4eab\u90ae\u7bb1\u7ed9EFF\uff0c\u6211\u9009\u62e9\u4e86N\nPlease enter in your domain name(s) (comma and\/or space separated) (Enter 'c'\nto cancel): ssl.bwh123.com #\u8f93\u5165\u9700\u8981\u7533\u8bf7\u7684\u57df\u540d\nObtaining a new certificate\nPerforming the following challenges:\nhttp-01 challenge for ssl.bwh123.com\nWaiting for verification...\nCleaning up challenges\nIMPORTANT NOTES:\n - Congratulations! Your certificate and chain have been saved at:\n \/etc\/letsencrypt\/live\/ssl.bwh123.com\/fullchain.pem\n Your key file has been saved at:\n \/etc\/letsencrypt\/live\/ssl.bwh123.com\/privkey.pem\n Your cert will expire on 2018-05-28. To obtain a new or tweaked\n version of this certificate in the future, simply run certbot-auto\n again. To non-interactively renew *all* of your certificates, run\n \"certbot-auto renew\"\n - Your account credentials have been saved in your Certbot\n configuration directory at \/etc\/letsencrypt. You should make a\n secure backup of this folder now. This configuration directory will\n also contain certificates and private keys obtained by Certbot so\n making regular backups of this folder is ideal.\n - If you like Certbot, please consider supporting our work by:\n Donating to ISRG \/ Let's Encrypt: https:\/\/letsencrypt.org\/donate\n Donating to EFF: https:\/\/eff.org\/donate-le\nroot@BWH123:\/usr\/local\/src#\n<\/code><\/pre>\n
\n\u8bc1\u4e66\u5feb\u5230\u6709\u6548\u671f\u7ed3\u675f\u65f6\uff0c\u6211\u4eec\u540c\u6837\u4e5f\u53ef\u4ee5\u4f7f\u7528\u8fd9\u4e2a\u5c0f\u7a0b\u5e8f\u6765\u8fdb\u884c\u8bc1\u4e66\u6709\u6d88\u606f\u66f4\u65b0\uff0c\u66f4\u65b0\u547d\u4ee4\u4e3a\uff1a<\/p>\n
\n\u53c2\u8003\u4fe1\u606f\uff1ahttps:\/\/certbot.eff.org\/#pip-other<\/p>\n","protected":false},"excerpt":{"rendered":"