正在顯示「 2020 年 12 月 」的所有結果
Install Let's Encrypt SSL on LAMP & LEMP
12月 22, 2020 Nginx SSL 
> Source: https://www.vultr.com/docs/setup-letsencrypt-on-linux

### Introduction

Let’s Encrypt is an automated, open certificate authority that offers free TLS/SSL certificates for the public’s benefit. The service is provided by the Internet Security Research Group (ISRG). This tutorial shows how to install a Let's Encrypt SSL certificate on One-Click LAMP & LEMP apps using the certbot installation wizard. After completing this tutorial, the server will have a valid certificate and redirect all HTTP requests to HTTPS.

### Prerequisites

This tutorial assumes that you have deployed a Vultr One-Click LAMP (Apache) or One-Click LEMP (Nginx) VPS, have a domain name pointing to your server IP address, and you are logged in as root.

### 1. Install certbot

Install certbot with `apt`.

- One-Click LAMP (Apache)

```sh
# apt update && apt install certbot python-certbot-apache -y
```

- One-Click LEMP (Nginx)

```sh
# apt update && apt install certbot python-certbot-nginx -y
```

### 2. Install Certificate

Run `certbot` to install the certificate. Full examples are below, here are descriptions of the command line options:

- --apache
- - Use the Apache web server
- --nginx
- - Use the nginx web server
- --redirect
- - Redirect all HTTP requests to HTTPS.
- -d example.com -d www.example.com
- - Install a multiple domain (SAN) certificate. You may use up to 100 -d domain entries.
- -m admin@example.com
- - The notification email address for this certificate.
- --agree-tos
- - Agree to the terms of service.

Use `certbot --help` for more information.

### Example: One-Click LAMP (Apache)

Run certbot for Apache.

```sh
# certbot --apache --redirect -d example.com -d www.example.com -m admin@example.com --agree-tos
```

### Example: One-Click LEMP (Nginx)

1. Before running certbot, make sure server_name is set properly. Edit your Nginx configuration:

```sh
# nano /etc/nginx/conf.d/default.conf
```

2. Update server_name to include your domain name.

```sh
server {
    server_name  example.com www.example.com;
```

3. Save and exit the file.

4. Run certbot for Nginx.

```sh
# certbot --nginx --redirect -d example.com -d www.example.com -m admin@example.com --agree-tos
```

### 3. Verify Automatic Renewal

Let's Encrypt certificates are valid for 90 days. The certbot wizard updates the systemd timers and crontab to automatically renew your certificate.

1. Verify the timer is active.

```sh
# systemctl list-timers | grep 'certbot\|ACTIVATES'
```

2. Verify the crontab entry exists.

```sh
# ls -l /etc/cron.d/certbot
```

3. Verify the renewal process works with a dry run.

```sh
# certbot renew --dry-run
```

### Summary

Installing a free Let's Encrypt certificate is simple with certbot. For more information, see the official certbot installation documentation.
更多文章
過去文章
2025 (9)
4 (5)
3 (1)
2 (3)
2024 (25)
11 (3)
10 (3)
9 (1)
3 (18)
2022 (6)
10 (1)
6 (2)
5 (1)
3 (1)
1 (1)
2021 (21)
11 (7)
7 (1)
6 (2)
5 (2)
4 (6)
3 (2)
2 (1)
2020 (92)
12 (1)
11 (2)
10 (4)
9 (10)
8 (5)
7 (1)
6 (3)
5 (1)
4 (4)
3 (25)
2 (7)
1 (29)
2019 (57)
12 (25)
11 (7)
9 (25)
19Site
Youtube Facebook GitHub
Copyright © 19Site