简体中文(ZH-CN) English(EN) 繁体中文(ZH-TW) 日本語(JA) 한국어(KO) Melayu(MS) Français(FR) Deutsch(DE)
Home
Article
Q&A
Course
Topic
Download
Game
Dictionary
Recent Updates

Home>Article>Operation and Maintenance> Detailed explanation of a free and easy-to-use certificate from Let's Encrypt

Detailed explanation of a free and easy-to-use certificate from Let's Encrypt

零下一度
零下一度 Original
2017-06-27 10:12:34 2462browse
Let's Encrypt is a free and easy-to-use certificate, no need to talk nonsense.
Assume that my domain name is: 163.org

1. Clone code

  git clone https://github.com/letsencrypt/letsencrypt    # 没有git的先安装git   # yum install git   # apt-get install git

2. Install

  cd letsencrypt   ./letsencrypt-auto certonly --standalone --email admin@163.org -d 163.org -d www.163.org   命令解析   --standalone    需要手动关闭占用443端口的程序,此命令会占用443端口进行验证   --email   admin@163.org 填写您的Email   -d 163.org   需要使用ssl的域名(必须是当前主机绑定的地址,否则验证失败。)

3. Configuration

After completing the generation of Let's Encrypt certificate, we will " /etc/letsencrypt/live/163.org/"There are 4 files in the domain name directory, which are the generated key certificate files.
cert.pem - Apache server-side certificate
chain.pem - Apache root certificate and relay certificate
fullchain.pem - required by Nginx ssl_certificate file
privkey.pem - Security certificate KEY file
If we use the Nginx environment, we need to use two certificates, fullchain.pem and privkey.pem File 
# nginx.conf 配置文件中加入生成的证书
 server {
 server_name 163.org;
listen 443 ;
ssl on;
  ssl_certificate /etc/letsencrypt/live/163.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/163.org/privkey.pem;
 }
ps: In the Nginx environment, just set the corresponding ssl_certificate and ssl_certificate_key paths to the corresponding file paths.
Do not move or copy the file, because the certificate will be generated in this file during renewal.

4. Let's Encrypt free SSL certificate validity period

Let's Encrypt certificate is valid for 90 days and needs to be updated and renewed manually. 
  * * * * 1 /var/www/letsencrypt/letsencrypt-auto renew
Add this command to the scheduled task to automatically renew.

The above is the detailed content of Detailed explanation of a free and easy-to-use certificate from Let's Encrypt. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:An example of inotify+rsync real-time synchronization Next article:An example of inotify+rsync real-time synchronization

Related articles

See more