動機

---

之前文章 【SSL 憑證】利用 sslforfree 協助申請 Let's Encrypt 中
nobodyzxc 所回應的感謝詞，讓我想起之前我憑證再度過期實作的處理

之前用sslforfree很方便，但是卻不能每三個月幫我置換一次憑證
基於懶人心態，所以這次使用了Certbot作為自動處理憑證的方式

---

過程

---

因為是回憶，所以先開台centos6 docker來做測試
如果直接安裝在本機的就可以略過這段
但是我是真的蠻建議在測試的時候使用docker的
好吃不黏手

[root@localhost ~]# docker pull centos:6
[root@localhost ~]# docker images
REPOSITORY              TAG                 IMAGE ID            CREATED             SIZE
docker.io/centos        6                   7ea307891843        6 days ago          194.3 MB
[root@localhost ~]# docker run -idt -p 80:80 7ea
1a02142ca151f936a456f7150bd2657c4f7f06cfa8b1c230f8928dbe58015567
[root@localhost ~]# docker attach 1a0
[root@1a02142ca151 /]#

然後安裝apache進去

[root@1a02142ca151 /]# yum install -y httpd wget
[root@1a02142ca151 /]# service httpd start
Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2 for ServerName
                                                           [  OK  ]

開瀏覽器確認一下有沒有服務

到這邊都正常，那麼就可以導一個zone過來用了
我是用godaddy直接處理的，這邊就不秀了

接著前往 Certbot 官方 選擇自己的web service

然後安裝他

[root@1a02142ca151 /]# wget https://dl.eff.org/certbot-auto
[root@1a02142ca151 /]# chmod a+x certbot-auto
[root@1a02142ca151 /]# certbot-auto --apache

填資料時間

Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): g23988@gmail.com
-------------------------------------------------------------------------------
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf. You must agree
in order to register with the ACME server at
https://acme-v01.api.letsencrypt.org/directory
-------------------------------------------------------------------------------
(A)gree/(C)ancel: A
-------------------------------------------------------------------------------
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about EFF and
our work to encrypt the web, protect its users and defend digital rights.
-------------------------------------------------------------------------------
(Y)es/(N)o: Y
No names were found in your configuration files. Please enter in your domain
name(s) (comma and/or space separated)  (Enter 'c' to cancel): test.mydomain.com
(note: conf files with multiple vhosts are not yet supported)
-------------------------------------------------------------------------------
1: ssl.conf                       |                       | HTTPS | Enabled
-------------------------------------------------------------------------------
Press 1 [enter] to confirm the selection (press 'c' to cancel): 1

然後劈劈啪啪就裝好了

超爽，什麼都不用自己用XD

接著設定一下排程讓他自己更新

[root@1a02142ca151 /]# vi /etc/crontab
0 23    * * *   root    /certbot-auto renew

啊哈，輕鬆愉快

怕有意外的話可以自己手動跑跑看

root@raspberrypi:/opt# /certbot-auto renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/mydomain.com.conf
-------------------------------------------------------------------------------
Cert not yet due for renewal
The following certs are not due for renewal yet:
  /etc/letsencrypt/live/mydomain.com/fullchain.pem (skipped)
No renewals were attempted.

不用自己手動來了，除非你想練習拉 XD

畢竟正式工作內容還是得自己手動換