{"id":5252,"date":"2020-03-20T11:32:00","date_gmt":"2020-03-20T03:32:00","guid":{"rendered":"https:\/\/www.ldhost.cn\/jc\/?p=5252"},"modified":"2020-03-15T17:37:35","modified_gmt":"2020-03-15T09:37:35","slug":"%e5%9c%a8linux%e6%9c%8d%e5%8a%a1%e5%99%a8%e4%b8%8a%e6%89%8b%e5%8a%a8%e5%ae%89%e8%a3%85%e5%85%8d%e8%b4%b9%e7%9a%84lets-encrypt%e5%9f%9f%e5%90%8d%e8%af%81%e4%b9%a6","status":"publish","type":"post","link":"https:\/\/www.ldhost.cn\/jc\/ot\/5252.html","title":{"rendered":"\u5728Linux\u670d\u52a1\u5668\u4e0a\u624b\u52a8\u5b89\u88c5\u514d\u8d39\u7684Let’s Encrypt\u57df\u540d\u8bc1\u4e66"},"content":{"rendered":"\n

\u51c6\u5907\u5de5\u4f5c
\nmkdir \/ root \/ letsencrypt \/ var \/ www \/ letsencrypt
\ncd \/ root \/ letsencrypt
\n\u6211\u4eec\u5c06\u4f7f\u7528acme_tiny\u5e93\u3002\u60a8\u53ef\u4ee5\u4f7f\u7528\u4efb\u4f55\u5176\u4ed6\u5e93<\/p>\n\n\n\n

wget https:\/\/raw.githubusercontent.com\/diafygi\/acme-tiny\/master\/acme_tiny.py
\n\u6211\u4eec\u751f\u6210\u4e00\u4e2a\u6807\u8bc6\u7b26\u5bc6\u94a5<\/p>\n\n\n\n

openssl genrsa 4096> \/root\/letsencrypt\/account.key
Nginx\u4e2d\u865a\u62df\u4e3b\u673a\u8bbe\u7f6e\u4e2d\u7684\u201c\u6dfb\u52a0\u5230\u670d\u52a1\u5668<\/a>\u201d\u90e8\u5206<\/p>\n\n\n\n

location \/.well-known\/acme-challenge\/ {
\u522b\u540d\/ var \/ www \/ letsencrypt \/;
try_files $ uri = 404;
}
\u6d4b\u8bd5\u4e2d
\u56de\u58f0\u201c\u6d4b\u8bd5\u201d >> \/var\/www\/letsencrypt\/test.txt
\u5e76\u5728\u6d4f\u89c8\u5668\u4e2d\u68c0\u67e5<\/p>\n\n\n\n

http:\/\/domain.com\/.well-known\/acme-challenge\/test.txt
\u521b\u5efa\u79c1\u94a5\uff0c\u8bf7\u6c42\u8bc1\u4e66\u5e76\u521b\u5efa\u8bc1\u4e66
\u751f\u6210\u79c1\u94a5<\/p>\n\n\n\n

openssl genrsa 4096> \/root\/letsencrypt\/domain.com.key
\n\u6211\u4eec\u4f7f\u7528\u8bc1\u4e66\u7684\u8bbe\u7f6e\u521b\u5efa\u4e00\u4e2a\u6587\u4ef6\uff0c\u5728\u5176\u4e2d\u6307\u5b9a\u6211\u4eec\u7684\u7535\u5b50\u90ae\u4ef6\u4ee5\u53ca\u57df\u540d<\/p>\n\n\n\n

cat << EOF > \/root\/letsencrypt\/domain.com.txt
\n<\/p>\n\n\n\n

\ndefault_bits = 4096
\nprompt = no
\ndefault_md = sha256
\nreq_extensions = req_ext
\ndistinguished_name = dn\n<\/p>\n\n\n\n

[ dn ]
\nC=RU
\nemailAddress=info@domain.com
\nCN = domain.com<\/p>\n\n\n\n

[ req_ext ]
\nsubjectAltName = @alt_names<\/p>\n\n\n\n

[ alt_names ]
DNS.1 = domain.com
DNS.2 = www.domain.com
EOF
\u521b\u5efa\u4e00\u4e2a\u8bf7\u6c42 <\/p>\n\n\n\n

openssl req -new -sha256 -key \/root\/letsencrypt\/domain.com.key \\
\n-nodes -out \/root\/letsencrypt\/domain.com.csr \\
\n-config \/root\/letsencrypt\/domain.com.txt
\n\u5e76\u8fd0\u884c\u6211\u4eec\u4e0b\u8f7d\u7684\u5e93\u4ee5\u83b7\u53d6\u8bc1\u4e66<\/p>\n\n\n\n

python acme_tiny.py –account-key \/root\/letsencrypt\/account.key \\
–csr \/root\/letsencrypt\/domain.com.csr \\
–acme-dir \/ var \/ www \/ letsencrypt \/> \/root\/letsencrypt\/domain.com.crt
\u66f4\u65b0\u811a\u672c
\u53ef\u4ee5\u5c06\u6b64\u811a\u672c\u6dfb\u52a0\u5230cron\u8ba1\u5212\u7a0b\u5e8f\u4e2d\uff0c\u4ee5\u81ea\u52a8\u63a5\u6536\u8bc1\u4e66\u3002
cat << EOF > renew_cert.sh<\/p>\n\n\n\n

#!\/bin\/bash<\/p>\n\n\n\n

python acme_tiny.py –account-key \/root\/letsencrypt\/account.key \\
\n–csr \/root\/letsencrypt\/domain.com.csr \\
\n–acme-dir \/var\/www\/letsencrypt\/ > \/root\/letsencrypt\/domain.com.new || exit
\nmv \/root\/letsencrypt\/domain.com.new \/root\/letsencrypt\/domain.com.crt
\nservice nginx reload
\nEOF<\/p>\n

\"\u56fe\u7247\u63cf\u8ff0\"<\/div>","protected":false},"excerpt":{"rendered":"

\u51c6\u5907\u5de5\u4f5c mkdir \/ root \/ letsencrypt \/ var \/ www \/ letsencrypt cd \/ root \/ letsencrypt \u6211\u4eec\u5c06\u4f7f\u7528acme_tiny\u5e93\u3002\u60a8\u53ef\u4ee5\u4f7f\u7528\u4efb\u4f55\u5176\u4ed6\u5e93 wget https:\/\/raw.githubusercontent.com\/diafygi\/acme-tiny\/master\/acme_tiny.py \u6211\u4eec\u751f\u6210\u4e00\u4e2a\u6807\u8bc6\u7b26\u5bc6\u94a5 openssl genrsa 4096> \/root\/letsencrypt\/account.key Nginx\u4e2d\u865a\u62df\u4e3b\u673a\u8bbe\u7f6e\u4e2d\u7684\u201c\u6dfb\u52a0\u5230\u670d\u52a1\u5668\u201d\u90e8\u5206 location \/.well-known\/acme… \u9605\u8bfb\u5168\u6587\u5728Linux\u670d\u52a1\u5668\u4e0a\u624b\u52a8\u5b89\u88c5\u514d\u8d39\u7684Let’s Encrypt\u57df\u540d\u8bc1\u4e66<\/span><\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10],"tags":[],"class_list":["post-5252","post","type-post","status-publish","format-standard","hentry","category-ot","content-layout-excerpt-thumb"],"_links":{"self":[{"href":"https:\/\/www.ldhost.cn\/jc\/wp-json\/wp\/v2\/posts\/5252","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ldhost.cn\/jc\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ldhost.cn\/jc\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ldhost.cn\/jc\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ldhost.cn\/jc\/wp-json\/wp\/v2\/comments?post=5252"}],"version-history":[{"count":1,"href":"https:\/\/www.ldhost.cn\/jc\/wp-json\/wp\/v2\/posts\/5252\/revisions"}],"predecessor-version":[{"id":5253,"href":"https:\/\/www.ldhost.cn\/jc\/wp-json\/wp\/v2\/posts\/5252\/revisions\/5253"}],"wp:attachment":[{"href":"https:\/\/www.ldhost.cn\/jc\/wp-json\/wp\/v2\/media?parent=5252"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ldhost.cn\/jc\/wp-json\/wp\/v2\/categories?post=5252"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ldhost.cn\/jc\/wp-json\/wp\/v2\/tags?post=5252"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}