Certbot:修订间差异
imported>Malacology init |
imported>Malacology 小 formatting |
||
| 第1行: | 第1行: | ||
certbot 是个自动签发 HTTPS 证书的 bot | certbot 是个自动签发 HTTPS 证书的 bot | ||
==安装== | ==安装== | ||
<pre> | <pre># pacman -S certbot | ||
# pacman -S certbot-nginx</pre> | |||
==使用== | ==使用== | ||
先检查 nginx 有没有错误,没有报错才可以运行<pre>nginx -t</pre>没有报错则继续<pre>certbot -d DOMAIN1 -d DOMAIN2 -m YOUR_EMAIL --nginx certonly</pre> | 先检查 nginx 有没有错误,没有报错才可以运行<pre>$ nginx -t</pre>没有报错则继续<pre>$ certbot -d DOMAIN1 -d DOMAIN2 -m YOUR_EMAIL --nginx certonly</pre> | ||
==位置== | ==位置== | ||
<pre>Certificate is saved at: /etc/letsencrypt/live/DOMAIN/fullchain.pem | <pre>Certificate is saved at: /etc/letsencrypt/live/DOMAIN/fullchain.pem | ||
Key is saved at: /etc/letsencrypt/live/DOMAIN/privkey.pem</pre> | Key is saved at: /etc/letsencrypt/live/DOMAIN/privkey.pem</pre> | ||
==自动更新== | ==自动更新== | ||
<pre> | <pre># vim /etc/systemd/system/letsencrypt.service</pre><pre>[Unit] | ||
Description=Let's Encrypt renewal | Description=Let's Encrypt renewal | ||
| 第15行: | 第15行: | ||
Type=oneshot | Type=oneshot | ||
ExecStart=/usr/bin/certbot renew --quiet --agree-tos | ExecStart=/usr/bin/certbot renew --quiet --agree-tos | ||
ExecStartPost=/bin/systemctl reload nginx.service</pre><pre> | ExecStartPost=/bin/systemctl reload nginx.service</pre><pre># vim /etc/systemd/system/letsencrypt.timer</pre><pre>[Unit] | ||
Description=Monthly renewal of Let's Encrypt's certificates | Description=Monthly renewal of Let's Encrypt's certificates | ||
| 第23行: | 第23行: | ||
[Install] | [Install] | ||
WantedBy=timers.target</pre>开机自启<pre> | WantedBy=timers.target</pre>开机自启<pre># systemctl enable letsencrypt.timer | ||
# systemctl start letsencrypt.timer</pre> | |||
[[分类:Server]] | [[分类:Server]] | ||
2022年5月25日 (三) 04:30的最新版本
certbot 是个自动签发 HTTPS 证书的 bot
安装
# pacman -S certbot # pacman -S certbot-nginx
使用
先检查 nginx 有没有错误,没有报错才可以运行
$ nginx -t
没有报错则继续
$ certbot -d DOMAIN1 -d DOMAIN2 -m YOUR_EMAIL --nginx certonly
位置
Certificate is saved at: /etc/letsencrypt/live/DOMAIN/fullchain.pem Key is saved at: /etc/letsencrypt/live/DOMAIN/privkey.pem
自动更新
# vim /etc/systemd/system/letsencrypt.service
[Unit]Description=Let's Encrypt renewal
[Service] Type=oneshot ExecStart=/usr/bin/certbot renew --quiet --agree-tos
ExecStartPost=/bin/systemctl reload nginx.service
# vim /etc/systemd/system/letsencrypt.timer
[Unit]Description=Monthly renewal of Let's Encrypt's certificates
[Timer] OnCalendar=daily Persistent=true
[Install]
WantedBy=timers.target
开机自启
# systemctl enable letsencrypt.timer
- systemctl start letsencrypt.timer