{"id":584,"date":"2023-06-05T12:56:01","date_gmt":"2023-06-05T04:56:01","guid":{"rendered":"https:\/\/por.tw\/linux\/?p=584"},"modified":"2020-11-02T01:12:54","modified_gmt":"2020-11-01T17:12:54","slug":"%e5%a6%82%e4%bd%95%e5%9c%a8debian-10%e4%b8%8a-%e5%ae%89%e8%a3%9d-lets-encrypt-ssl%e5%ae%89%e5%85%a8%e6%86%91%e8%ad%89%e5%8a%a0%e5%af%86","status":"publish","type":"post","link":"https:\/\/por.tw\/linux\/%e5%a6%82%e4%bd%95%e5%9c%a8debian-10%e4%b8%8a-%e5%ae%89%e8%a3%9d-lets-encrypt-ssl%e5%ae%89%e5%85%a8%e6%86%91%e8%ad%89%e5%8a%a0%e5%af%86\/","title":{"rendered":"\u5982\u4f55\u5728Debian 10\u4e0a \u5b89\u88dd Let’s Encrypt SSl\u5b89\u5168\u6191\u8b49\u52a0\u5bc6"},"content":{"rendered":"

Let’s Encrypt<\/span> \u662f\u4e00\u500b\u8b49\u66f8\u9812\u767c\u6a5f\u69cb\uff08CA\uff09\uff0c\u5b83\u63d0\u4f9b\u4e86\u4e00\u7a2e\u7372\u53d6\u548c\u5b89\u88dd\u514d\u8cbbTLS \/ SSL\u8b49\u66f8\u7684\u7c21\u4fbf\u65b9\u6cd5\uff0c\u5f9e\u800c\u53ef\u4ee5\u5728Web\u670d\u52d9\u5668\u4e0a\u555f\u7528\u52a0\u5bc6\u7684HTTPS\u3002<\/strong><\/span>
\n\u5b83\u901a\u904e\u63d0\u4f9b\u4e00\u500b\u8edf\u4ef6\u5ba2\u6236\u7aefCertbot\u4f86\u7c21\u5316\u8a72\u904e\u7a0b\uff0c\u8a72\u5ba2\u6236\u7aef\u5617\u8a66\u4f7f\u5927\u591a\u6578\uff08\u5982\u679c\u4e0d\u662f\u5168\u90e8\uff09\u6240\u9700\u6b65\u9a5f\u81ea\u52d5\u5316\u3002<\/strong><\/span>
\n\u7576\u524d\uff0c\u5728Apache\u548cNginx\u4e0a\uff0c\u7372\u53d6\u548c\u5b89\u88dd\u8b49\u66f8\u7684\u6574\u500b\u904e\u7a0b\u90fd\u662f\u5b8c\u5168\u81ea\u52d5\u5316\u3002<\/strong><\/span><\/p>\n

\u5728\u672c\u6559\u5b78\u4e2d\uff0c\u60a8\u5c07\u4f7f\u7528Certbot\u5728Debian 10\u4e0a\u7372\u5f97Apache\u7684\u514d\u8cbbSSL\u8b49\u66f8\uff0c\u4e26\u5c07\u8b49\u66f8\u8a2d\u7f6e\u70ba\u81ea\u52d5\u66f4\u65b0\u3002<\/strong><\/span><\/p>\n

\u672c\u6559\u5b78\u5c07\u4f7f\u7528\u55ae\u7368\u7684Apache\u865b\u64ec\u4e3b\u6a5f\u6587\u4ef6\u800c\u4e0d\u662f\u9810\u8a2d\u914d\u7f6e\u6587\u4ef6\u3002<\/strong><\/span>
\n\u6211\u5011\u5efa\u8b70\u70ba\u6bcf\u500b\u57df\u5275\u5efa\u65b0\u7684Apache\u865b\u64ec\u4e3b\u6a5f\u6587\u4ef6\uff0c\u56e0\u70ba\u5b83\u6709\u52a9\u65bc\u907f\u514d\u5e38\u898b\u932f\u8aa4\uff0c\u4e26\u5c07\u9810\u8a2d<\/span>\u6587\u4ef6\u4f5c\u70ba\u5f8c\u5099\u914d\u7f6e\u9032\u884c\u7dad\u8b77\u3002<\/strong><\/span><\/p>\n

\u5148\u6c7a\u689d\u4ef6<\/strong><\/span>
\n\u8981\u9075\u5faa\u672c\u6559\u5b78\uff0c\u60a8\u5c07\u9700\u8981\uff1a<\/strong><\/span>
\n\u901a\u904e\u9075\u5faaDebian 10\u6559\u5b78\u7684\u521d\u59cb\u670d\u52d9\u5668\u8a2d\u7f6e\u4f86\u8a2d\u7f6e\u4e00\u53f0Debian 10\u670d\u52d9\u5668\uff0c\u5305\u62ec\u5177\u6709\u7279\u6b0a\u548c\u9632\u706b\u7246\u7684\u975eroot\u7528\u6236sudo\u3002<\/strong><\/span>
\n\u5b8c\u5168\u8a3b\u518a\u7684\u57df\u540d\u3002\u672c\u6559\u5b78\u5c07\u59cb\u7d42\u4f7f\u7528your_domain\u4f5c\u70ba\u793a\u4f8b\u3002\u4f60\u53ef\u4ee5\u8cfc\u8cb7\u4e00\u500b\u57df\u540dNamecheap\uff0c\u514d\u8cbb\u7372\u5f97\u4e00\u500b\u5728Freenom\uff0c\u6216\u4f7f\u7528\u4f60\u9078\u64c7\u7684\u57df\u540d\u8a3b\u518a\u5546\u3002<\/strong><\/span>
\n\u70ba\u4f3a\u670d\u5668\u8a2d\u7f6e\u4e86\u4ee5\u4e0b\u5169\u500bDNS\u8a18\u9304\u3002\u8981\u9032\u884c\u8a2d\u7f6e\uff0c\u60a8\u53ef\u4ee5\u6309\u7167\u4ee5\u4e0b\u8aaa\u660e\u6dfb\u52a0\u7db2\u57df\uff0c\u7136\u5f8c\u6309\u7167\u8aaa\u660e\u5efa\u7acbDNS\u8a18\u9304\u3002<\/strong><\/span><\/p>\n

your_domain\u6307\u5411\u670d\u52d9\u5668\u516c\u5171IP\u5730\u5740\u7684A\u8a18\u9304\u3002<\/strong><\/span>
\n\u6307\u5411\u4f3a\u670d<\/span>\u5668\u516c\u5171IP\u5730\u5740\u7684A\u8a18\u9304\u3002www.your_domain<\/strong><\/span>
\n\u901a\u904e\u9075\u5faa\u5982\u4f55\u5728Debian 10\u4e0a\u5b89\u88ddApache\u4f86\u5b89\u88ddApache\u3002\u78ba\u4fdd\u70ba\u60a8\u7684\u57df\u8a2d\u7f6e\u4e86\u865b\u64ec\u4e3b\u6a5f\u6587\u4ef6\u3002<\/strong><\/span>
\n\u672c\u6559\u5b78\u5c07\u4f5c\u70ba\u793a\u4f8b\u3002\/etc\/apache2\/sites-available\/your_domain.conf<\/strong><\/span><\/p>\n

\"\"<\/p>\n

\u7b2c1\u6b65-\u5b89\u88ddCertbot<\/strong><\/span>
\n\u4f7f\u7528\u201cLet’s Encrypt\u201d\u53d6\u5f97SSL\u8b49\u66f8\u7684\u7b2c\u4e00\u6b65\u662f\u5728\u60a8\u7684\u4f3a\u670d\u5668\u4e0a\u5b89\u88ddCertbot\u8edf\u9ad4\u3002<\/strong><\/span><\/p>\n

\u5728\u64b0\u5beb\u672c\u6587\u6642\uff0c\u9810\u8a2d\u60c5\u6cc1\u4e0b\uff0c\u7121\u6cd5\u5f9eDebian\u8edf\u9ad4\u5b58\u5132\u5eab\u4e2d\u7372\u5f97Certbot\u3002<\/strong><\/span>
\n\u70ba\u4e86\u4f7f\u7528\u4f86\u4e0b\u8f09\u8edf\u9ad4apt\uff0c\u60a8\u9700\u8981\u5c07backports\u5b58\u5132\u5eab\u65b0\u589e\u5230sources.list\u6a94\u6848\u4e2d\uff0c\u4ee5apt\u5c0b\u627e\u8edf\u9ad4\u5305\u6e90\u3002<\/strong><\/span>
\n\u53cd\u5411\u79fb\u690d\u662fDebian\u6e2c\u8a66\u548c\u4e0d\u7a69\u5b9a\u767c\u884c\u7248\u4e2d\u7684\u8edf\u9ad4\u5305\uff0c\u9019\u4e9b\u8edf\u9ad4\u5305\u7d93\u7531\u91cd\u65b0\u7de8\u8b6f\uff0c\u56e0\u6b64\u5b83\u5011\u53ef\u4ee5\u5728\u7a69\u5b9a\u7684Debian\u767c\u884c\u7248\u4e0a\u904b\u884c\u800c\u7121\u9700\u65b0\u5eab\u3002<\/strong><\/span><\/p>\n

\u8981\u52a0\u5165backports\u5b58\u5132\u5eab\uff0c\u8acb\u958b\u555f\uff08\u6216\u5efa\u7acb\uff09\u76ee\u9304\u4e2d\u7684sources.list\u6a94\u6848\/etc\/apt\/\uff1a<\/strong><\/span><\/p>\n

sudo nano \/etc\/apt\/sources.list<\/code><\/pre>\n
\u5728\u6587\u4ef6\u5e95\u90e8\uff0c\u6dfb\u52a0\u4ee5\u4e0b\u884c\uff1a<\/strong><\/span><\/p>\n
 <\/p>\n
deb http:\/\/mirrors.digitalocean.com\/debian buster-backports main<\/span>\ndeb-src http:\/\/mirrors.digitalocean.com\/debian buster-backports main<\/span>\ndeb http:\/\/ftp.debian.org\/debian buster-backports main<\/span><\/code><\/pre>\n
\u9019\u5167\u542b\u7b26\u5408Debian\u81ea\u7531\u8edf\u9ad4\u6e96\u5247\uff08DFSG\uff09<\/a>\u7684main<\/code>\u8edf\u9ad4\u5305\uff0c\u4ee5\u53ca\u548c\u5143\u4ef6\uff0c\u5b83\u5011\u672c\u8eab\u90fd\u4e0d\u7b26\u5408DFSG\u6216\u5305\u62ec\u6b64\u985e\u4f9d\u8cf4\u95dc\u4fc2\u3002<\/a>non-free<\/code>contrib<\/code><\/strong><\/span><\/p>\n
\u5132\u5b58\u4e26\u6309\u4e0b\u95dc\u9589\u6a94\u6848CTRL+X<\/code>\uff0cY<\/code>\uff0c\u7136\u5f8cENTER<\/code>\uff0c\u7136\u5f8c\u66f4\u65b0\u60a8\u7684\u8edf\u9ad4\u5305\u6e05\u55ae\uff1a<\/strong><\/span><\/p>\n
 <\/p>\n
sudo apt update<\/code><\/pre>\n
\u7136\u5f8c\u4f7f\u7528\u4ee5\u4e0b\u6307\u4ee4\u5b89\u88ddCertbot\u3002\u8acb\u6ce8\u610f\uff0c\u8a72-t<\/code>\u9078\u9805\u544a\u8a34apt<\/code>\u60a8\u901a\u904e\u6aa2\u8996\u525b\u52a0\u5165\u7684backports\u5b58\u5132\u5eab\u4f86\u641c\u5c0b\u8edf\u9ad4\u5305\uff1a
\n<\/strong><\/span><\/p>\n
sudo apt install python-certbot-apache -t buster-backports<\/code><\/pre>\n
ertbot\u73fe\u5728\u53ef\u4ee5\u4f7f\u7528\u4e86\uff0c\u4f46\u662f\u70ba\u4e86\u4f7f\u5176\u80fd\u5920\u70baApache\u914d\u7f6eSSL\uff0c\u6211\u5011\u9700\u8981\u9a57\u8b49\u662f\u5426\u5df2\u6b63\u78ba\u914d\u7f6eApache\u3002<\/strong><\/span><\/p>\n
 <\/p>\n
\u6b65\u9a5f2 \u2014\u8a2d\u5b9aSSL\u8b49\u66f8<\/strong><\/span><\/h2>\n
Certbot\u9700\u8981\u80fd\u5920\u5728Apache\u914d\u7f6e\u4e2d\u627e\u5230\u6b63\u78ba\u7684\u865b\u64ec\u4e3b\u6a5f\uff0c\u4ee5\u4f7f\u5176\u81ea\u52d5\u914d\u7f6eSSL\u3002
\n\u5177\u9ad4\u4f86\u8aaa\uff0c\u5b83\u662f\u901a\u904e\u5c0b\u627eServerName<\/code>\u8207\u60a8\u8acb\u6c42\u8b49\u66f8\u7684\u57df\u76f8\u7b26\u5408\u7684\u6307\u4ee4\u4f86\u5be6\u73fe\u7684\u3002<\/strong><\/span><\/p>\n
\u5982\u679c\u6309\u7167Apache\u5b89\u88dd\u6559\u5b78\u4e2d\u7684\u865b\u64ec\u4e3b\u6a5f\u8a2d\u5b9a\u6b65\u9a5f\u9032\u884c\u64cd\u4f5c\uff0c\u5247VirtualHost<\/code>\u60a8\u7684\u57df\u4e2d\u61c9\u8a72\u6709\u4e00\u584a\u5df2\u6b63\u78ba\u8a2d\u5b9a\u4e86\u507d\u6307\u4ee4\u7684\u584a\u3002
\n\/etc\/apache2\/sites-available\/your_domain<\/span>.conf<\/code>ServerName<\/code><\/strong><\/span><\/p>\n
\u8981\u9032\u884c\u6aa2\u67e5\uff0c\u8acb\u4f7f\u7528nano<\/code>\u6216\u60a8\u559c\u6b61\u7684\u6587\u5b57\u7de8\u8f2f\u5668\u70ba\u60a8\u7684\u57df\u958b\u555f\u865b\u64ec\u4e3b\u6a5f\u6a94\u6848\uff1a<\/strong><\/span><\/p>\n
sudo nano \/etc\/apache2\/sites-available\/your_domain.conf<\/code><\/pre>\n
\u627e\u5230\u73fe\u6709\u7684ServerName<\/code>\u884c\u3002\u5b83\u61c9\u8a72\u770b\u8d77\u4f86\u50cf\u9019\u6a23\uff0c\u7528\u60a8\u81ea\u5df1\u7684\u57df\u540d\u4ee3\u66ffyour_domain<\/span><\/code>\uff1a<\/strong><\/span><\/p>\n
 <\/p>\n
...\nServerName your_domain;\n...<\/code><\/pre>\n
<\/strong>\u5982\u679c\u9084\u6c92\u6709\uff0c\u8acb\u66f4\u65b0ServerName<\/code>\u6307\u4ee4\u4ee5\u6307\u5411\u60a8\u7684\u57df\u540d\u3002\u7136\u5f8c\u5132\u5b58\u6a94\u6848\uff0c\u96e2\u958b\u7de8\u8f2f\u5668\uff0c\u4e26\u9a57\u8b49\u914d\u7f6e\u7de8\u8f2f\u7684\u8a9e\u6cd5\uff1a<\/span><\/strong><\/span>
\n<\/strong><\/span><\/p>\n
sudo apache2ctl configtest<\/code><\/pre>\n
\u5982\u679c\u6c92\u6709\u4efb\u4f55\u8a9e\u6cd5\u932f\u8aa4\uff0c\u60a8\u5c07\u5728\u8f38\u51fa\u4e2d\u770b\u5230\u4ee5\u4e0b\u5167\u5bb9\uff1a<\/strong><\/span><\/p>\n
<\/strong><\/span><\/p>\n
Syntax OK<\/code><\/pre>\n
\u5982\u679c\u51fa\u73fe\u932f\u8aa4\uff0c\u8acb\u91cd\u65b0\u958b\u555f\u865b\u64ec\u4e3b\u6a5f\u6a94\u6848\u4e26\u6aa2\u67e5\u662f\u5426\u6709\u932f\u5b57\u6216\u5b57\u5143\u4e1f\u5931\u3002\u4e00\u65e6\u914d\u7f6e\u6a94\u7684\u8a9e\u6cd5\u6b63\u78ba\uff0c\u8acb\u91cd\u65b0\u52a0\u8f09Apache\u4ee5\u52a0\u8f09\u65b0\u914d\u7f6e\uff1a<\/strong><\/span>
\n
\n<\/strong><\/span><\/p>\n
sudo systemctl reload apache2<\/code><\/pre>\n
Certbot\u73fe\u5728\u53ef\u4ee5\u627e\u5230\u6b63\u78ba\u7684VirtualHost<\/code>\u584a\u4e26\u9032\u884c\u66f4\u65b0\u3002<\/strong><\/span><\/p>\n
\u63a5\u4e0b\u4f86\uff0c\u8b93\u6211\u5011\u66f4\u65b0\u9632\u706b\u7246\u4ee5\u5141\u8a31HTTPS\u901a\u4fe1\u3002<\/strong><\/span><\/p>\n
\u6b65\u9a5f3 \u2014\u5bb9\u8a31HTTPS\u901a\u904e\u9632\u706b\u7246<\/strong><\/span>
\n\u5982\u679c\u5df2\u6309\u7167ufw\u5148\u6c7a\u689d\u4ef6\u6307\u5357\u7684\u5efa\u8b70\u555f\u7528\u4e86\u9632\u706b\u7246\uff0c\u5247\u9700\u8981\u8abf\u6574\u8a2d\u5b9a\u4ee5\u5bb9\u8a31HTTPS\u901a\u4fe1\u3002<\/strong><\/span>
\n\u5e78\u904b\u7684\u662f\uff0c\u7576\u5b89\u88dd\u5728Debian\u4e0a\u6642\uff0cufw\u96a8\u9644\u4e86\u4e00\u4e9b\u914d\u7f6e\u6a94\uff0c\u9019\u4e9b\u914d\u7f6e\u6a94\u6709\u52a9\u65bc\u7c21\u5316\u8b8a\u66f4HTTP\u548cHTTPS\u6d41\u91cf\u7684\u9632\u706b\u7246\u898f\u5247\u7684\u904e\u7a0b\u3002<\/strong><\/span><\/p>\n
\u60a8\u53ef\u4ee5\u901a\u904e\u9375\u5165\u4ee5\u4e0b\u5167\u5bb9\u6aa2\u8996\u73fe\u7528\u7684\u8a2d\u5b9a\uff1a
\n<\/strong><\/span><\/p>\n
sudo ufw status<\/code><\/pre>\n
 \u5982\u679c\u60a8\u6309\u7167\u6211\u5011\u7684\u6307\u5357\u4e2d\u6709\u95dc\u5982\u4f55\u5728Debian 10\u4e0a\u5b89\u88ddApache\u7684\u6b65\u9a5f2\u9032\u884c\u64cd\u4f5c\uff0c\u5247\u6b64\u6307\u4ee4\u7684\u8f38\u51fa\u5c07\u5982\u4e0b\u6240\u793a\uff0c\u986f\u793a\u50c5HTTP\u6d41\u91cf\u88ab\u5bb9\u8a31\u9032\u5165Web\u4f3a\u670d\u5668\uff1a
\n\u6703\u770b\u5230\u8f38\u51fa\u5bb9\uff1a
\n<\/strong><\/span><\/p>\n
Status: active\n\nTo                         Action      From\n--                         ------      ----\nOpenSSH                    ALLOW       Anywhere                  \nWWW                        ALLOW       Anywhere                  \nOpenSSH (v6)               ALLOW       Anywhere (v6)             \nWWW (v6)                   ALLOW       Anywhere (v6)<\/code><\/pre>\n
 \u8981\u53e6\u5916\u5bb9\u8a31HTTPS\u901a\u4fe1\uff0c\u8acb\u5bb9\u8a31\u201c WWW Full\u201d\u914d\u7f6e\u6a94\u4e26\u522a\u9664\u5197\u9918\u7684\u201c WWW\u201d\u914d\u7f6e\u6a94\u914d\u984d\uff1a<\/span><\/strong><\/span><\/p>\n
 <\/p>\n
sudo ufw allow 'WWW Full'\nsudo ufw delete allow 'WWW'<\/code><\/pre>\n
\u60a8\u7684\u72c0\u614b\u73fe\u5728\u61c9\u5982\u4e0b\u6240\u793a\uff1a<\/span>
\n<\/strong><\/span><\/p>\n
sudo ufw status<\/code><\/pre>\n
\u6703\u770b\u5230\u9019\u6a23\uff1a<\/strong><\/span><\/p>\n
Status: active\n\nTo                         Action      From\n--                         ------      ----\nOpenSSH                    ALLOW       Anywhere                  \nWWW Full                   ALLOW       Anywhere                  \nOpenSSH (v6)               ALLOW       Anywhere (v6)             \nWWW Full (v6)              ALLOW       Anywhere (v6)      <\/code><\/pre>\n
\u63a5\u4e0b\u4f86\uff0c\u8b93\u6211\u5011\u904b\u884cCertbot\u4e26\u7372\u53d6\u6211\u5011\u7684\u8b49\u66f8\u3002<\/span><\/strong><\/span><\/p>\n
\u6b65\u9a5f4 \u2014\u7372\u53d6SSL\u8b49\u66f8<\/span>
\nCertbot\u63d0\u4f9b\u4e86\u591a\u7a2e\u901a\u904e\u5916\u639b\u7a0b\u5f0f\u53d6\u5f97SSL\u8b49\u66f8\u7684\u65b9\u6cd5\u3002
\nApache\u5916\u639b\u7a0b\u5f0f\u5c07\u8ca0\u8cac\u91cd\u65b0\u914d\u7f6eApache\u4e26\u5728\u5fc5\u8981\u6642\u91cd\u65b0\u52a0\u8f09\u914d\u7f6e\u3002
\n\u8981\u4f7f\u7528\u6b64\u5916\u639b\u7a0b\u5f0f\uff0c\u8acb\u8f38\u5165\u4ee5\u4e0b\u5167\u5bb9\uff1a<\/p>\n
sudo certbot --apache -d your_domain -d www.your_domain<\/code><\/pre>\n
\u5b83certbot\u8207–apache\u5916\u639b\u7a0b\u5f0f\u4e00\u8d77\u904b\u884c\uff0c-d\u7528\u65bc\u6307\u5b9a\u60a8\u5e0c\u671b\u8b49\u66f8\u6709\u6548\u7684\u540d\u7a31\u3002<\/strong><\/span><\/p>\n
\u5982\u679c\u9019\u662f\u60a8\u7b2c\u4e00\u6b21\u904b\u884ccertbot\uff0c\u5c07\u63d0\u793a\u60a8\u8f38\u5165\u96fb\u5b50\u4fe1\u4ef6\u4f4d\u5740\u4e26\u540c\u610f\u670d\u52d9\u689d\u6b3e\u3002<\/strong><\/span>
\n\u6b64\u5916\uff0c\u5b83\u9084\u6703\u8a62\u554f\u60a8\u662f\u5426\u9858\u610f\u8207\u96fb\u5b50\u524d\u6cbf\u57fa\u91d1\u6703\uff08Electronic Frontier Foundation\uff09\u5206\u4eab\u60a8\u7684\u96fb\u5b50\u4fe1\u4ef6\u4f4d\u5740\uff0c\u8a72\u57fa\u91d1\u6703\u662f\u5021\u5c0e\u6578\u5b57\u7248\u6b0a\u7684\u975e\u71df\u5229\u7d44\u7e54\uff0c\u4e5f\u662fCertbot\u7684\u88fd\u9020\u5546\u3002\u96a8\u6642\u8f38\u5165Y\u5206\u4eab\u60a8\u7684\u96fb\u5b50\u4fe1\u4ef6\u4f4d\u5740\u6216N\u62d2\u7d55\u3002<\/strong><\/span><\/p>\n
\u5b8c\u6210\u6b64\u64cd\u4f5c\u5f8c\uff0ccertbot\u5c07\u8207Let’s Encrypt\u4f3a\u670d\u5668\u901a\u4fe1\uff0c\u7136\u5f8c\u9032\u884c\u8cea\u8a62\u4ee5\u9a57\u8b49\u60a8\u662f\u5426\u63a7\u5236\u4e86\u8981\u70ba\u5176\u7533\u8acb\u8b49\u66f8\u7684\u57df\u3002<\/strong><\/span><\/p>\n
\u5982\u679c\u6210\u529f\uff0ccertbot\u5c07\u8a62\u554f\u60a8\u5982\u4f55\u914d\u7f6eHTTPS\u8a2d\u5b9a\uff1a
\n<\/strong><\/span><\/p>\n
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.\n-------------------------------------------------------------------------------\n1: No redirect - Make no further changes to the webserver configuration.\n2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for\nnew sites, or if you're confident your site works on HTTPS. You can undo this\nchange by editing your web server's configuration.\n-------------------------------------------------------------------------------\nSelect the appropriate number [1-2] then [enter] (press 'c' to cancel):<\/code><\/pre>\n
\u9078\u53d6\u60a8\u7684\u9078\u53d6\uff0c\u7136\u5f8c\u9ede\u64caENTER<\/code>\u3002
\n\u914d\u7f6e\u5c07\u81ea\u52d5\u66f4\u65b0\uff0c\u4e26\u4e14Apache\u5c07\u91cd\u65b0\u52a0\u8f09\u4ee5\u53d6\u5f97\u65b0\u8a2d\u5b9a\u3002
\ncertbot<\/code>\u6703\u986f\u793a\u4e00\u689d\u8a0a\u606f\uff0c\u544a\u8a34\u60a8\u8a72\u904e\u7a0b\u5df2\u6210\u529f\u5b8c\u6210\uff0c\u4e26\u4e14\u8b49\u66f8\u7684\u5b58\u5132\u4f4d\u7f6e\uff1a
\n<\/strong><\/span><\/p>\n
IMPORTANT NOTES:\n - Congratulations! Your certificate and chain have been saved at:\n   \/etc\/letsencrypt\/live\/your_domain\/fullchain.pem\n   Your key file has been saved at:\n   \/etc\/letsencrypt\/live\/your_domain\/privkey.pem\n   Your cert will expire on 2019-10-20. To obtain a new or tweaked\n   version of this certificate in the future, simply run certbot again\n   with the \"certonly\" option. To non-interactively renew *all* of\n   your certificates, run \"certbot renew\"\n - Your account credentials have been saved in your Certbot\n   configuration directory at \/etc\/letsencrypt. You should make a\n   secure backup of this folder now. This configuration directory will\n   also contain certificates and private keys obtained by Certbot so\n   making regular backups of this folder is ideal.\n - If you like Certbot, please consider supporting our work by:\n\n   Donating to ISRG \/ Let's Encrypt:   https:\/\/letsencrypt.org\/donate\n   Donating to EFF:                    https:\/\/eff.org\/donate-le<\/code><\/pre>\n
\u60a8\u7684\u8b49\u66f8\u5df2\u4e0b\u8f09\uff0c\u5b89\u88dd\u548c\u52a0\u8f09\u3002<\/strong><\/span>
\n\u5617\u8a66\u4f7f\u7528\u91cd\u65b0\u52a0\u8f09\u7db2\u7ad9\uff0chttps:\/\/\u4e26\u8a3b\u610f\u700f\u89bd\u5668\u7684\u5b89\u5168\u6307\u793a\u5668\u3002<\/strong><\/span>
\n\u5b83\u61c9\u6307\u793a\u7ad9\u53f0\u5df2\u6b63\u78ba\u4fdd\u8b77\uff0c\u901a\u5e38\u5e36\u6709\u7da0\u8272\u7684\u9396\u5b9a\u5716\u793a\u3002<\/strong><\/span>
\n\u5982\u679c\u60a8\u4f7f\u7528SSL Labs\u4f3a\u670d\u5668\u6e2c\u8a66\u4f86\u6e2c\u8a66\u4f3a\u670d\u5668\uff0c\u5b83\u5c07\u7372\u5f97A\u7d1a\u3002<\/strong><\/span><\/p>\n
\u8b93\u6211\u5011\u901a\u904e\u6e2c\u8a66\u7e8c\u8a02\u904e\u7a0b\u4f86\u5b8c\u6210\u3002
\n<\/strong>
\n<\/span><\/p>\n
\u6b65\u9a5f5 \u2014\u9a57\u8b49Certbot\u81ea\u52d5\u7e8c\u8a02<\/strong><\/span>
\n\u8b93\u6211\u5011\u52a0\u5bc6\u8b49\u66f8\u50c5\u53ef\u4f7f\u752890\u5929\u3002<\/span><\/strong>
\n\u9019\u662f\u70ba\u4e86\u9f13\u52f5\u4f7f\u7528\u8005\u81ea\u52d5\u57f7\u884c\u8b49\u66f8\u66f4\u65b0\u904e\u7a0b\u3002<\/span><\/strong>
\ncertbot\u6211\u5011\u5b89\u88dd\u7684\u8edf\u9ad4\u5305\u901a\u904e\u5411\u4e2d\u52a0\u5165\u7e8c\u8a02\u8173\u672c\u4f86\u89e3\u6c7a\u9019\u4e00\u554f\u984c\/etc\/cron.d\u3002<\/span><\/strong>
\n\u8a72\u8173\u672c\u6bcf\u5929\u904b\u884c\u5169\u6b21\uff0c\u4e26\u5c07\u5728\u5230\u671f\u5f8c\u4e09\u5341\u5929\u5167\u81ea\u52d5\u7e8c\u8a02\u4efb\u4f55\u8b49\u66f8\u3002<\/span><\/strong><\/p>\n
\u8981\u6e2c\u8a66\u7e8c\u8a02\u904e\u7a0b\uff0c\u53ef\u4ee5\u4f7f\u7528\u4ee5\u4e0b\u65b9\u6cd5\u9032\u884c\u8a66\u904b\u884ccertbot\uff1a
\n<\/span><\/strong><\/p>\n
sudo certbot renew --dry-run<\/code><\/pre>\n
\u5982\u679c\u60a8\u6c92\u6709\u770b\u5230\u4efb\u4f55\u932f\u8aa4\uff0c\u5247\u8aaa\u660e\u4e00\u5207\u5c31\u7dd2\u3002<\/strong><\/span>
\n\u5fc5\u8981\u6642\uff0cCertbot\u5c07\u7e8c\u8a02\u60a8\u7684\u8b49\u66f8\u4e26\u91cd\u65b0\u52a0\u8f09Apache\u4ee5\u53d6\u5f97\u8b8a\u66f4\u3002<\/strong><\/span>
\n\u5982\u679c\u81ea\u52d5\u7e8c\u8a02\u904e\u7a0b\u5931\u6557\uff0cLet’s Encrypt\u5c07\u5411\u60a8\u7279\u6b8a\u7684\u96fb\u5b50\u4fe1\u4ef6\u50b3\u9001\u5230\u8a0a\u606f\uff0c\u4e26\u5728\u8b49\u66f8\u5373\u5c07\u904e\u671f\u6642\u8b66\u793a\u60a8\u3002<\/strong><\/span><\/p>\n
\u7d50\u8ad6\uff1a<\/span>
\n\u5728\u672c\u6559\u5b78\u4e2d\uff0c\u60a8\u5b89\u88dd\u4e86Let’s Encrypt\u7528\u6236\u7aefcertbot\uff0c\u70ba\u60a8\u7684\u57df\u4e0b\u8f09\u4e86SSL\u8b49\u66f8\uff0c\u5c07Apache\u914d\u7f6e\u70ba\u4f7f\u7528\u9019\u4e9b\u8b49\u66f8\uff0c\u4e26\u8a2d\u5b9a\u4e86\u81ea\u52d5\u66f4\u65b0\u8b49\u66f8\u3002
\n\u5982\u679c\u60a8\u5c0d\u4f7f\u7528Certbot\u6709\u5176\u4ed6\u7591\u554f\uff0c\u90a3\u9ebc\u4ed6\u5011\u7684\u6587\u4ef6\u662f\u4e00\u500b\u5f88\u597d\u7684\u8d77\u9ede\u3002<\/span>
\n\u00a0<\/span><\/strong><\/p>\n
\u00a0<\/strong><\/span><\/p>\n
 <\/p>\n
<\/strong><\/span>
\n\u00a0<\/strong><\/span><\/p>\n
\u00a0<\/span><\/strong><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"
Let’s Encrypt \u662f\u4e00\u500b\u8b49\u66f8\u9812\u767c\u6a5f\u69cb\uff08CA\uff09\uff0c\u5b83\u63d0\u4f9b\u4e86\u4e00\u7a2e\u7372\u53d6\u548c\u5b89\u88dd\u514d\u8cbbTLS \/ SS […]<\/p>\n","protected":false},"author":1,"featured_media":585,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[20],"class_list":["post-584","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux","tag-linux"],"_links":{"self":[{"href":"https:\/\/por.tw\/linux\/wp-json\/wp\/v2\/posts\/584"}],"collection":[{"href":"https:\/\/por.tw\/linux\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/por.tw\/linux\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/por.tw\/linux\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/por.tw\/linux\/wp-json\/wp\/v2\/comments?post=584"}],"version-history":[{"count":0,"href":"https:\/\/por.tw\/linux\/wp-json\/wp\/v2\/posts\/584\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/por.tw\/linux\/wp-json\/wp\/v2\/media\/585"}],"wp:attachment":[{"href":"https:\/\/por.tw\/linux\/wp-json\/wp\/v2\/media?parent=584"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/por.tw\/linux\/wp-json\/wp\/v2\/categories?post=584"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/por.tw\/linux\/wp-json\/wp\/v2\/tags?post=584"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}