本文介绍了如何在Debian 9系统上,已安装Nginx的情况下,通过certbot安装DNS插件,并自动获取和启用HTTPS证书。详细步骤包括启用backports仓库,安装certbot,以及选择相应的DNS插件来获取通配符证书。成功后,证书有效期为3个月,可用特定命令进行更新。
软硬件环境
- Debian 9
- Nginx由
apt-get安装
步骤
安装certbot
首先启用backports仓库。将deb http://deb.debian.org/debian stretch-backports main这行加入/etc/apt/sources.list文件中。然后执行
$ sudo apt-get update
$ sudo apt-get install certbot python-certbot-nginx -t stretch-backports
安装DNS插件
如果要使用通配符证书(支持2级域名通配如*.example.com),可以安装DNS插件
$ sudo apt-get install python3-certbot-dns-PLUGIN
这里的PLUGIN要替换为具体的插件类型,例如rfc2136
自动安装证书并启用HTTPS
$ sudo certbot
按照提示一步步来就可以了,最后看到这样的提示就说明成功了:
Congratulations! You have successfully enabled https://tagger.sibantu.com
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=tagger.sibantu.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/test.example.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/test.example.com/privkey.pem
Your cert will expire on 2019-06-24. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
证书的有效期是3个月,可以用certbot renew命令来更新证书。
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
