这篇帮助讲解了如何在CentOS 7乐鱼全站app下载上安装SSL证书的方法,Web服务器使用Apache。安装成功后,在服务端和客户端之间的流量将会加密。SSL证书广泛应用在电商网站和在线金融行业。Let's Encrypt是免费SSL证书的先驱,也是最常见的SSL证书之一。
安装Certbot
首先安装两个依赖包:
sudo yum install -y epel-release mod_ssl
安装Certbot客户端。Certbot是一种轻松管理SSL证书的工具。
sudo yum install python-certbot-apache
安装SSL证书
安装并配置SSL证书。example.com换成实际域名。
sudo certbot --apache -d example.com
如果需要为多个域名生产证书,可使用以下命令。注意第一个域名必须是根域名。
sudo certbot --apache -d example.com -d www.example.com
安装过程中,系统会给出一个分步骤的配置向导。我们可以选择是否强制HTTPS还是保留HTTP作为默认协议,向导还要求我们提供证书的管理员邮箱等。安装完成后,系统会显示如下结果:
IMPORTANT NOTES:
- If you lose your account credentials, you can recover through
emails sent to .
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/example.com/fullchain.pem. Your cert
will expire on 2019-04-21. To obtain a new version of the
certificate in the future, simply run Let's Encrypt again.
- Your account credentials have been saved in your Let's Encrypt
configuration directory at / etc / letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also have certificates and private keys obtained by Let's
Encrypt so regular backups of this folder is ideal.
- If you like Let's Encrypt, please consider supporting our work by:
设置自动续订
Let's encrypt证书的有效期为90天,因此需要及时进行续订。Certbot会协助我们完成证书的续订。这里我们需要确认Certbot的续订功能是否正常。
sudo certbot renew
如果证书是近期安装的,Certbot只会显示到期日期而不进行续订。
Processing /etc/letsencrypt/renewal/example.com.conf
The following certs are not due for renewal yet:
/etc/letsencrypt/live/example.com/fullchain.pem (skipped)
No renewals were attempted.
设置自动续订需要通过定时任务cronjob完成。
sudo crontab -e
添加以下定时任务,每周一凌晨执行一次。
0 0 * * 1 / usr / bin / certbot renew >> /var/log/sslrenew.log
以上就完成了CentOS 7乐鱼全站app下载下免费SSL证书的安装过程,至此在Apache和客户端之间的体育将会加密,确保网络传输的安全。