免费SSL证书

1、Let's Encrypt 90天，支持泛域名

2、Buypass：https://www.buypass.com/ssl/resources/go-ssl-technical-specification 6个月，单域名

3、AlwaysOnSLL：https://alwaysonssl.com/ 1年，单域名

    可参考蜗牛（wn789）

4、TrustAsia

5、Alphassl 申请地址：https://ssl.ni-co.moe/ 单日证书数量限制

 

·CSR文件

在线生成工具：https://www.chinassl.net/ssltools/generator-csr.html

 

·证书签发

两者均可通过certbot签发，下方为buypass签发命令：

#按需输入
apt-get remove certbot
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

./certbot-auto register -m 'YOUR_EMAIL' --agree-tos --server 'https://api.buypass.com/acme/directory'
./certbot-auto certonly --standalone --email '邮箱' -d '域名' --server 'https://api.buypass.com/acme/directory'

也可以用LAMP一键安装包，自带工具生成Let's Encrypt和Buypass.com免费证书：

#先安装LNMP
#新增虚拟主机 注意：在新增虚拟主机之前，请务必确保域名已经解析到该服务器或 VPS 的 IP 上，否则在发行证书时，域名验证无法通过。
lamp add

#输入新增命令后的交互信息：

Please enter server names(example: example.com www.example.com): 此处输入网站域名（一个或多个）
Please enter website root directory(default:/data/www/网站域名): 此处输入网站根目录路径，默认回车即可
website root directory: 此处显示上一步输入的网站根目录路径
Please enter Administrator Email address: 此处输入管理员邮箱地址
Administrator Email address: 此处显示上一步输入的邮箱地址
Do you want to create a database and mysql user with same name? [y/n]: 此处输入 y 或 n，表示创建或不创建数据库（输入 y）
Virtual host [网站域名] has been created
Website root directory is: 网站根目录路径
Database [数据库名] and mysql user [数据库用户名] has been created
Reloading the apache config file...
Syntax OK
Reload succeed
Do you want to add a SSL certificate? [y/n]: 此处输入 y 或 n，表示添加或不添加证书（输入 y）
1. Use your own SSL Certificate and Key
2. Use Let's Encrypt CA to create SSL Certificate and Key
3. Use Buypass.com CA to create SSL Certificate and Key
Please enter 1 or 2 or 3: 此处输入 1，2 或 3。1 表示使用自己的证书；2 使用 Let's Encrypt 签发免费证书；3 使用 Buypass.com 签发免费证书。
You chosen Let's Encrypt CA, and it will be processed automatically
Do you want force redirection from HTTP to HTTPS? [y/n]:此处输入 y 或 n，询问是否强制 http 转 https
You chosen force redirection from HTTP to HTTPS, and it will be processed automatically

Starting create Let's Encrypt SSL Certificate...
此处开始安装 certbot 运行所需的依赖库等
Creating virtual environment...
Installing Python packages...
Installation succeeded.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for 网站域名
Using the webroot path /data/www/网站域名 for all unmatched domains.
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/网站域名/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/网站域名/privkey.pem
   Your cert will expire on 证书过期日. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Let's encrypt crontab renew rule is not exist, create it!
Create Let's Encrypt SSL Certificate successfully
Reloading the apache config file...
Syntax OK
Reload succeed

All done

#结束后，查看 crond 定时任务，命令如下：
crontab -l

#返回值包含：
0 3 */7 * * /bin/certbot renew --disable-hook-validation --renew-hook "/etc/init.d/httpd restart"

 

·SSL测试

MySSL（亚洲诚信旗下）：https://myssl.com/