当前位置: 首页 > article >正文

测试环境下使用HTTPS证书申请

一、准备

linux的机子

真实的域名

二、安装Snapd

安装地址:Certbot (eff.org)

下滑查找

选择安装的操作系统

1.安装snapd
yum -y install epel-release
yum -y install snapd
2.创建软链接
systemctl enable --now snapd
ln -s /var/lib/snapd/snap /snap
snap --help

三、配置解析记录

1.安装Certbot软件包,并使用了--classic标志(经典模式)
snap install --classic certbot
ln -s /snap/bin/certbot /usr/bin/certbot

2.生成解析记录
格式:
certbot certonly --manual --preferred-challenges dns -d [真实域名]

certbot certonly --manual --preferred-challenges dns -d *.syhwyq.icu      # 此处是我的解析记录

If you really want to skip this, you can run the client with
--register-unsafely-without-email but you will then be unable to receive notice
about impending expiration or revocation of your certificates or problems with
your Certbot installation that will lead to failure to renew.

Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel): 3146359748@qq.com   //此处输入你的邮箱

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf. You must agree in
order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y    //继续进行使用Y

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y     //继续进行使用Y
Account registered.
Requesting a certificate for *.syhwyq.icu

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name:

_acme-challenge.syhwyq.icu.                              //此处要配置域名解析

with the following value:

8cDiagJOjCKax3vZPJKmDvPZrBY7RIqhEmxdn6AB3I4             //此处要配置域名解析

Before continuing, verify the TXT record has been deployed. Depending on the DNS
provider, this may take some time, from a few seconds to multiple minutes. You can
check if it has finished deploying with aid of online tools, such as the Google
Admin Toolbox: https://toolbox.googleapps.com/apps/dig/#TXT/_acme-challenge.syhwyq.icu.
Look for one or more bolded line(s) below the line ';ANSWER'. It should show the
value(s) you've just added.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue                               //配置上面两步骤之后再进行回车

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/syhwyq.icu/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/syhwyq.icu/privkey.pem
This certificate expires on 2024-12-02.
These files will be updated when the certificate renews.

NEXT STEPS:
- This certificate will not be renewed automatically. Autorenewal of --manual certificates requires the use of an authentication hook script (--manual-auth-hook) but one was not provided. To renew this certificate, repeat this same certbot command before the certificate's expiry date.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

输入邮箱

输入Y

输入Y

在此先不点击回车记录上面两条记录跳到下一步

进行解析配置

点击回车

成功

ll /etc/letsencrypt/live/syhwyq.icu/
总用量 4
lrwxrwxrwx 1 root root  34 9月   3 11:20 cert.pem -> ../../archive/syhwyq.icu/cert1.pem
lrwxrwxrwx 1 root root  35 9月   3 11:20 chain.pem -> ../../archive/syhwyq.icu/chain1.pem
lrwxrwxrwx 1 root root  39 9月   3 11:20 fullchain.pem -> ../../archive/syhwyq.icu/fullchain1.pem
lrwxrwxrwx 1 root root  37 9月   3 11:20 privkey.pem -> ../../archive/syhwyq.icu/privkey1.pem
-rw-r--r-- 1 root root 692 9月   3 11:20 README

四、编写Nginx配置文件

1.编辑配置文件
vim  /etc/nginx//conf.d/nginx_myssl.conf

server {
    listen       80;
    server_name  www.syhwyq.icu;
    location / {
      rewrite ^(.*)$  https://www.syhwyq.icu$1 permanent;
    }
}

server {
    listen     443 ssl;
    server_name www.syhwyq.icu;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_certificate     /etc/letsencrypt/live/syhwyq.icu/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/syhwyq.icu/privkey.pem;
    ssl_ciphers         HIGH:!aNULL:!MD5;

    location / {
        root   /jump/html;
        index  index.html index.htm;
    }
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}

2.创建发布目录部署跳一跳项目
mkdir -p /jump/html
在这个目录上传跳一跳项目

3.重启nginx
nginx -t
systemctl  reload  nginx

4.访问页面
https://www.syhwyq.icu


http://www.kler.cn/a/288500.html

相关文章:

  • PostgreSQL分区表:基础语法与运维实践
  • Python提取PDF和DOCX中的文本、图片和表格
  • 基于标签相关性的多标签学习
  • linux设置主机名
  • 【OceanBase 诊断调优】—— ocp上针对OB租户CPU消耗计算逻辑
  • python高效处理大数据:将Excel10万数据分批插入MySQL数据库的实战代码
  • PDF的4大限制功能详解:如何保护你的文件?
  • 024集—— 正则表达式、replace、DateTime日期的用法——C#学习笔记
  • 关于SSL认证后出现的http和https无法同时访问问题
  • 【原创】edge-tts与基于mpv的edge-playback,使命令行和Python的Text To Speech唾手可得
  • SDN架构详解
  • 黄仁勋预言步入现实 谷歌展示实时游戏生成AI模型GameNGen
  • ELAU伺服控制器
  • 《从C/C++到Java入门指南》- 23.关键字及其新特性
  • 【PyTorch】安装,环境搭建
  • 【Netty】实战:基于Http的Web服务器
  • 数据分析及应用:如何分析基于绝对中位差的异常值检测问题?
  • LINUX网络编程:Tcpsocket封装
  • Java GC机制:Minor GC与Full GC的触发条件
  • 假期作业--数据结构
  • uniapp插槽用法
  • vue子组件样式影响父组件
  • 每天一个数据分析题(五百一十六)- 贝叶斯分类算法
  • Axure打造科技感数据可视化大屏原型
  • 网络安全宗旨和目标
  • OpenCV颜色空间转换(1)颜色空间转换函数cvtColor()的使用