發表者	討論內容
冷日 (冷日)	發表時間：2019/2/19 7:40
Webmaster 註冊日: 2008/2/19 來自: 發表數: 15771	[轉貼]利用 certbot 自動更新 Let's Encrypt 憑證【SSL 憑證】利用 certbot 自動更新 Let's Encrypt 憑證動機之前文章【SSL 憑證】利用 sslforfree 協助申請 Let's Encrypt 中 nobodyzxc 所回應的感謝詞，讓我想起之前我憑證再度過期實作的處理之前用sslforfree很方便，但是卻不能每三個月幫我置換一次憑證基於懶人心態，所以這次使用了Certbot作為自動處理憑證的方式過程因為是回憶，所以先開台centos6 docker來做測試如果直接安裝在本機的就可以略過這段但是我是真的蠻建議在測試的時候使用docker的好吃不黏手 [root@localhost ~]# docker pull centos:6 [root@localhost ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/centos 6 7ea307891843 6 days ago 194.3 MB [root@localhost ~]# docker run -idt -p 80:80 7ea 1a02142ca151f936a456f7150bd2657c4f7f06cfa8b1c230f8928dbe58015567 [root@localhost ~]# docker attach 1a0 [root@1a02142ca151 /]# 然後安裝apache進去 [root@1a02142ca151 /]# yum install -y httpd wget [root@1a02142ca151 /]# service httpd start Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2 for ServerName [ OK ] 開瀏覽器確認一下有沒有服務到這邊都正常，那麼就可以導一個zone過來用了我是用godaddy直接處理的，這邊就不秀了接著前往 Certbot 官方選擇自己的web service 然後安裝他 [root@1a02142ca151 /]# wget https://dl.eff.org/certbot-auto [root@1a02142ca151 /]# chmod a+x certbot-auto [root@1a02142ca151 /]# certbot-auto --apache 填資料時間 Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): g23988@gmail.com ------------------------------------------------------------------------------- Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf. You must agree in order to register with the ACME server at https://acme-v01.api.letsencrypt.org/directory ------------------------------------------------------------------------------- (A)gree/(C)ancel: A ------------------------------------------------------------------------------- Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about EFF and our work to encrypt the web, protect its users and defend digital rights. ------------------------------------------------------------------------------- (Y)es/(N)o: Y No names were found in your configuration files. Please enter in your domain name(s) (comma and/or space separated) (Enter 'c' to cancel): test.mydomain.com (note: conf files with multiple vhosts are not yet supported) ------------------------------------------------------------------------------- 1: ssl.conf \| \| HTTPS \| Enabled ------------------------------------------------------------------------------- Press 1 [enter] to confirm the selection (press 'c' to cancel): 1 然後劈劈啪啪就裝好了超爽，什麼都不用自己用XD 接著設定一下排程讓他自己更新 [root@1a02142ca151 /]# vi /etc/crontab 0 23 * * * root /certbot-auto renew 啊哈，輕鬆愉快怕有意外的話可以自己手動跑跑看 root@raspberrypi:/opt# /certbot-auto renew Saving debug log to /var/log/letsencrypt/letsencrypt.log ------------------------------------------------------------------------------- Processing /etc/letsencrypt/renewal/mydomain.com.conf ------------------------------------------------------------------------------- Cert not yet due for renewal The following certs are not due for renewal yet: /etc/letsencrypt/live/mydomain.com/fullchain.pem (skipped) No renewals were attempted. 不用自己手動來了，除非你想練習拉 XD 畢竟正式工作內容還是得自己手動換原文出處：【SSL 憑證】利用 certbot 自動更新 Let's Encrypt 憑證
回覆