二、連線到 cerbot 網站
https://certbot.eff.org/
選擇好你的 web server 及 os,我選的是 apache 、ubuntu 16.04
三、執行以下程式,安裝 cetbot
$ sudo apt-get update $ sudo apt-get install software-properties-common $ sudo add-apt-repository ppa:certbot/certbot $ sudo apt-get update $ sudo apt-get install python-certbot-apache
四、執行安裝導引程式
$ sudo certbot --apache1.填寫email
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel):
2.同意
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v01.api.letsencrypt.org/directory
-------------------------------------------------------------------------------
(A)gree/(C)ancel:
3.要收到他們的信嗎?
-------------------------------------------------------------------------------
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
-------------------------------------------------------------------------------
(Y)es/(N)o:
3.以下,叫你選你的Domain Name,通常就是第一個,選「1」後,按 Enter
Which names would you like to activate HTTPS for?
-------------------------------------------------------------------------------
1: xxx.xxx.chc.edu.tw
-------------------------------------------------------------------------------
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
4.以下,問你要不要把 http 直接導引到 https ,選 1 或 2 後,Enter
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):
成功!!
試看看,真的不用五分鐘就好了!!連 apache2 都不用 reload 和 restart
不過只有 90 天的期限,就要 renew
renew 的指令如下:
sudo certbot renew --dry-run你可以把它寫進 contab ,自動更新
sudo crontab -e
填上:
0 0 1 * * /root/certbot-auto renew --quiet
沒有留言:
張貼留言