Let's-Encrypt
为http站点添加https支持,需要从证书发行机构获取SSL/TLS 证书。常见的免费证书有两种:
- Let's-Encrypt,本文即将介绍,Let's-Encrypt大法好。
- caddy,原生支持 HTTP/2,自动创建 Let’s Encrypt 证书,非常简单易用。
安装
yum install epel-release -y
yum install certbot -y
配置
certbot certonly --webroot -w /www/html -d suncle.me -d www.suncle.me
--webroot
表示以webroot模式运行,此处我们不选择standalone模式-w /www/html
表示站点根目录在/www/html-d suncle.me -d www.suncle.me
表示为@主机和www主机生成共同的证书
按照提示操作成功后,提示:
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/suncle.me/fullchain.pem. Your cert will
expire on 2017-06-28. To obtain a new or tweaked version of this
certificate in the future, simply run certbot again. To
non-interactively renew *all* of your certificates, run "certbot
renew"
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a