Certbot:修订间差异

来自MalacoKnowledge
imported>Malacology
init
 
imported>Malacology
formatting
 
第1行: 第1行:
certbot 是个自动签发 HTTPS 证书的 bot
certbot 是个自动签发 HTTPS 证书的 bot
==安装==
==安装==
<pre>sudo pacman -S certbot
<pre># pacman -S certbot
sudo pacman -S certbot-nginx</pre>
# pacman -S certbot-nginx</pre>
==使用==
==使用==
先检查 nginx 有没有错误,没有报错才可以运行<pre>nginx -t</pre>没有报错则继续<pre>certbot -d DOMAIN1 -d DOMAIN2 -m YOUR_EMAIL --nginx certonly</pre>
先检查 nginx 有没有错误,没有报错才可以运行<pre>$ nginx -t</pre>没有报错则继续<pre>$ certbot -d DOMAIN1 -d DOMAIN2 -m YOUR_EMAIL --nginx certonly</pre>
==位置==
==位置==
<pre>Certificate is saved at: /etc/letsencrypt/live/DOMAIN/fullchain.pem
<pre>Certificate is saved at: /etc/letsencrypt/live/DOMAIN/fullchain.pem
Key is saved at:        /etc/letsencrypt/live/DOMAIN/privkey.pem</pre>
Key is saved at:        /etc/letsencrypt/live/DOMAIN/privkey.pem</pre>
==自动更新==
==自动更新==
<pre>sudo vim /etc/systemd/system/letsencrypt.service</pre><pre>[Unit]
<pre># vim /etc/systemd/system/letsencrypt.service</pre><pre>[Unit]
Description=Let's Encrypt renewal
Description=Let's Encrypt renewal


第15行: 第15行:
Type=oneshot
Type=oneshot
ExecStart=/usr/bin/certbot renew --quiet --agree-tos
ExecStart=/usr/bin/certbot renew --quiet --agree-tos
ExecStartPost=/bin/systemctl reload nginx.service</pre><pre>sudo vim /etc/systemd/system/letsencrypt.timer</pre><pre>[Unit]
ExecStartPost=/bin/systemctl reload nginx.service</pre><pre># vim /etc/systemd/system/letsencrypt.timer</pre><pre>[Unit]
Description=Monthly renewal of Let's Encrypt's certificates
Description=Monthly renewal of Let's Encrypt's certificates


第23行: 第23行:


[Install]
[Install]
WantedBy=timers.target</pre>开机自启<pre>sudo systemctl enable letsencrypt.timer
WantedBy=timers.target</pre>开机自启<pre># systemctl enable letsencrypt.timer
sudo systemctl start letsencrypt.timer</pre>
# systemctl start letsencrypt.timer</pre>
[[分类:Server]]
[[分类:Server]]

2022年5月25日 (三) 04:30的最新版本

certbot 是个自动签发 HTTPS 证书的 bot

安装

# pacman -S certbot
# pacman -S certbot-nginx

使用

先检查 nginx 有没有错误,没有报错才可以运行

$ nginx -t

没有报错则继续

$ certbot -d DOMAIN1 -d DOMAIN2 -m YOUR_EMAIL --nginx certonly

位置

Certificate is saved at: /etc/letsencrypt/live/DOMAIN/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/DOMAIN/privkey.pem

自动更新

# vim /etc/systemd/system/letsencrypt.service
[Unit]

Description=Let's Encrypt renewal

[Service] Type=oneshot ExecStart=/usr/bin/certbot renew --quiet --agree-tos

ExecStartPost=/bin/systemctl reload nginx.service
# vim /etc/systemd/system/letsencrypt.timer
[Unit]

Description=Monthly renewal of Let's Encrypt's certificates

[Timer] OnCalendar=daily Persistent=true

[Install]

WantedBy=timers.target

开机自启

# systemctl enable letsencrypt.timer
  1. systemctl start letsencrypt.timer