Install
On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you'll need to do is apt-get the following packages.
$ sudo apt-get update $ sudo apt-get install software-properties-common $ sudo add-apt-repository ppa:certbot/certbot $ sudo apt-get update $ sudo apt-get install python-certbot-apache
Get Started
Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates certificate installation.
Due to a security issue, Let's Encrypt has stopped offering the mechanism that the Apache plugin previously used to prove you control a domain. You can read more about this here.
We are planning on releasing a new version of Certbot in the next few days that works around this but if you have to obtain a certificate and cannot wait, you have a couple of options. If you're serving files for that domain out of a directory on that server, you can run the following command:
$ sudo certbot --authenticator webroot --installer apache
If you're not serving files out of a directory on the server, you can temporarily stop your server while you obtain the certificate and restart it after Certbot has obtained the certificate. This would look like:
$ sudo certbot --authenticator standalone --installer apache --pre-hook "apachectl -k stop" --post-hook "apachectl -k start"
Running either of these commands will get a certificate for you and have Certbot edit your Apache configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonlysubcommand. To see instructions on how to use this subcommand, select "None of the above" in the first drop-down menu above.
To learn more about how to use Certbot read our documentation.
Automating renewal
The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:
$ sudo certbot renew --dry-run
More detailed information and options about renewal can be found in the full documentation.
之前装过SSL出现情况:
7127
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
