多年之前已使用过certbot进行证书操作: http://04007.cn/article/507.html,最近服务器进行了升级,所有的服务都使用了docker服务。但是certbot在docker下面操作遇到了问题。于是在裸机中搭建了一个nginx服务,在这个层面设置https 443服务转发给后端的docker容器,因此今天重新来操作certbot,certbot这几年也进行了功能升级了,比之前稍微复杂了一点,比如增加了snap工具,以前是没有的。好吧,开始吧。本文地址:http://47.93.183.36/article/1184.html,未经许可,不得转载.
如果之前安装过certbot的工具之类的东西,需要先进行删除,Remove certbot-auto and any Certbot OS packages。本文地址:http://47.93.183.36/article/1184.html,未经许可,不得转载.
sudo apt-get remove certbot, sudo dnf remove certbot, or sudo yum remove certbot.本文地址:http://47.93.183.36/article/1184.html,未经许可,不得转载.
然后到certbot官网设置需要安装证书的服务器型号和版本。https://certbot.eff.org/instructions?ws=nginx&os=ubuntubionic&tab=standard本文地址:http://47.93.183.36/article/1184.html,未经许可,不得转载.
#需要先安装其snap工具 https://snapcraft.io/docs/installing-snap-on-ubuntu 1。 Installing snap on Ubuntu sudo apt update sudo apt install snapd # 测试是否安装成功 $ sudo snap install hello-world hello-world 6.4 from Canonical✓ installed $ hello-world Hello World! #Ensure that your version of snapd is up to date snap install core; sudo snap refresh core snap "core" is already installed, see 'snap help refresh' snap "core" has no updates available # 开始安装Install Certbot并添加命令快捷方式 snap install --classic certbot ln -s /snap/bin/certbot /usr/bin/certbot # 自动安装证书 certbot --nginx期间遇到报错:aving debug log to /var/log/letsencrypt/letsencrypt.log
The nginx plugin is not working; there may be problems with your existing configuration.
The error was: NoInstallationError("Could not find a usable 'nginx' binary. Ensure nginx exists, the binary is executable, and your PATH is set correctly.")
提示找不到nginx,是由于没有将nginx放到环境变量中,设置nginx软连接
ln -s /opt/nginx_system/sbin/nginx /usr/bin/nginx
ln -s /opt/nginx_system/conf/ /etc/nginx本文地址:http://47.93.183.36/article/1184.html,未经许可,不得转载.
需要注意的是使用certbot进行证书操作的时候需要启动80端口并进行监听。我开始只启了443进行安装时会报错:Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.Some challenges have failed.本文地址:http://47.93.183.36/article/1184.html,未经许可,不得转载.
# 进行上述操作后再执行证书安装即操作成功。 root@iZ:/opt/nginx_system# certbot --nginx Saving debug log to /var/log/letsencrypt/letsencrypt.log Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): aaaaa@qq.com Please read the Terms of Service at 21-2022.pdf. You must agree in order to (Y)es/(N)o: y Would you be willing, once your first certificate is successfully issued, ... (Y)es/(N)o: y Account registered. Which names would you like to activate HTTPS for? We recommend selecting either all domains, or all domains in a VirtualHost/server block. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: www.04007.cn - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter 'c' to cancel): 1 Requesting a certificate for www.04007.cn Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/www.04007.cn/fullchain.pem Key is saved at: /etc/letsencrypt/live/www.04007.cn/privkey.pem This certificate expires on 2023-05-19. These files will be updated when the certificate renews. Certbot has set up a scheduled task to automatically renew this certificate in the background. Deploying certificate Successfully deployed certificate for www.04007.cn to /etc/nginx/nginx.conf Congratulations! You have successfully enabled HTTPS on http://47.93.183.36本文地址:http://47.93.183.36/article/1184.html,未经许可,不得转载.
本文地址:http://47.93.183.36/article/1184.html 未经许可,不得转载. 手机访问本页请扫描右下方二维码.
手机扫码直接打开本页面 |