Home > Operation and Maintenance > Linux Operation and Maintenance > Detailed explanation of a free and easy-to-use certificate from Let's Encrypt

Detailed explanation of a free and easy-to-use certificate from Let's Encrypt

零下一度
Release: 2017-06-27 10:12:34
Original
2534 people have browsed it
Let's Encrypt is a free and easy-to-use certificate, no need to talk nonsense.
Assume that my domain name is: 163.org

1. Clone code

  git clone https://github.com/letsencrypt/letsencrypt    # 没有git的先安装git 
  # yum install git
  # apt-get install git
Copy after login

2. Install

   cd letsencrypt
 
  ./letsencrypt-auto certonly --standalone --email admin@163.org -d 163.org -d www.163.org 
   命令解析
  --standalone    需要手动关闭占用443端口的程序,此命令会占用443端口进行验证
  --email   admin@163.org 填写您的Email
  -d 163.org   需要使用ssl的域名(必须是当前主机绑定的地址,否则验证失败。)
Copy after login

3. Configuration

After completing the generation of Let's Encrypt certificate, we will " /etc/letsencrypt/live/163.org/"There are 4 files in the domain name directory, which are the generated key certificate files.
cert.pem - Apache server-side certificate
chain.pem - Apache root certificate and relay certificate
fullchain.pem - required by Nginx ssl_certificate file
privkey.pem - Security certificate KEY file
If we use the Nginx environment, we need to use two certificates, fullchain.pem and privkey.pem File
<span style="color: #ff6600"># nginx.conf 配置文件中加入生成的证书<br></span>
Copy after login
 server {
 server_name 163.org;
  listen 443 ;
  ssl on;
  ssl_certificate /etc/letsencrypt/live/163.org/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/163.org/privkey.pem;
 }
ps: In the Nginx environment, just set the corresponding ssl_certificate and ssl_certificate_key paths to the corresponding file paths.
Do not move or copy the file, because the certificate will be generated in this file during renewal.

4. Let's Encrypt free SSL certificate validity period

Let's Encrypt certificate is valid for 90 days and needs to be updated and renewed manually.
 
  * * * * 1 /var/www/letsencrypt/letsencrypt-auto renew
Copy after login
Add this command to the scheduled task to automatically renew.

The above is the detailed content of Detailed explanation of a free and easy-to-use certificate from Let's Encrypt. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template