certbot

(base) a@test:~# certbot --help

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...

Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate. The most common SUBCOMMANDS and flags are:

obtain, install, and renew certificates:
(default) run Obtain & install a certificate in your current webserver
certonly Obtain or renew a certificate, but do not install it
renew Renew all previously obtained certificates that are near
expiry
enhance Add security enhancements to your existing configuration
-d DOMAINS Comma-separated list of domains to obtain a certificate for

(the certbot apache plugin is not installed)
--standalone Run a standalone webserver for authentication
--nginx Use the Nginx plugin for authentication & installation
--webroot Place files in a server's webroot folder for authentication
--manual Obtain certificates interactively, or using shell script
hooks

-n Run non-interactively
--test-cert Obtain a test certificate from a staging server
--dry-run Test "renew" or "certonly" without saving any certificates
to disk

manage certificates:
certificates Display information about certificates you have from Certbot
revoke Revoke a certificate (supply --cert-path or --cert-name)
delete Delete a certificate

manage your account with Let's Encrypt:
register Create a Let's Encrypt ACME account
update_account Update a Let's Encrypt ACME account
--agree-tos Agree to the ACME server's Subscriber Agreement
-m EMAIL Email address for important account notifications

More detailed help:

-h, --help [TOPIC] print this message, or detailed help on a topic;
the available TOPICS are:

all, automation, commands, paths, security, testing, or any of the
subcommands or plugins (certonly, renew, install, register, nginx,
apache, standalone, webroot, etc.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(base) a@test:~# nginx -t^C
(base) a@test:~# ^C
(base) a@test:~# ^C
(base) a@test:~# certbot run -d a.test.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for a.test.com
Using default address 80 for authentication.
Waiting for verification...
Cleaning up challenges
Could not automatically find a matching server block for a.test.com. Set the `server_name` directive to use the Nginx installer.

IMPORTANT NOTES:
- Unable to install the certificate
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/a.test.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/a.test.com/privkey.pem
Your cert will expire on 2020-10-05. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
(base) a@test:~#

Certbot - Ubuntuother Nginx https://certbot.eff.org/lets-encrypt/ubuntuother-nginx

(base) a@test:~# certbot run -d a.test.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/a.test.com.conf)

What would you like to do?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Keeping the existing certificate
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/default
nginx: [warn] conflicting server name "test.com" on 0.0.0.0:443, ignored

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
No matching insecure server blocks listening on port 80 found.
nginx: [warn] conflicting server name "test.com" on 0.0.0.0:443, ignored

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://a.test.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=a.test.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/a.test.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/a.test.com/privkey.pem
Your cert will expire on 2020-10-05. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

(base) a@test:~#

(base) root@SIT:/etc/nginx/sites-enabled/test# cat www.test.com.conf

server {

server_name www.test.com;

root /root/oo_game_official_website_pc_Tmp_domain/oo_game_official_website_pc/dist/;

}

(base) root@SIT:/etc/nginx/sites-enabled/test# certbot run -d www.test.com

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Plugins selected: Authenticator nginx, Installer nginx

Obtaining a new certificate

Performing the following challenges:

http-01 challenge for www.test.com

Waiting for verification...

Cleaning up challenges

Failed authorization procedure. www.test.com (http-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up A for www.test.com - check that a DNS record exists for this domain

IMPORTANT NOTES:

- The following errors were reported by the server:

Domain: www.test.com

Type:   None

Detail: DNS problem: NXDOMAIN looking up A for www.test.com -

check that a DNS record exists for this domain

(base) root@SIT:/etc/nginx/sites-enabled/test# certbot run -d www.test.com

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Plugins selected: Authenticator nginx, Installer nginx

Obtaining a new certificate

Performing the following challenges:

http-01 challenge for www.test.com

Waiting for verification...

Cleaning up challenges

Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/test/www.test.com.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

1: No redirect - Make no further changes to the webserver configuration.

2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for

new sites, or if you're confident your site works on HTTPS. You can undo this

change by editing your web server's configuration.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2

Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/test/www.test.com.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Congratulations! You have successfully enabled https://www.test.com

You should test your configuration at:

https://www.ssllabs.com/ssltest/analyze.html?d=www.test.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:

- Congratulations! Your certificate and chain have been saved at:

/etc/letsencrypt/live/www.test.com/fullchain.pem

Your key file has been saved at:

/etc/letsencrypt/live/www.test.com/privkey.pem

Your cert will expire on 2020-10-14. To obtain a new or tweaked

version of this certificate in the future, simply run certbot again

with the "certonly" option. To non-interactively renew *all* of

your certificates, run "certbot renew"

- If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate

Donating to EFF:                    https://eff.org/donate-le

(base) root@SIT:/etc/nginx/sites-enabled/test# cat www.test.com.conf

server {

server_name www.test.com;

root /root/oo_game_official_website_pc_Tmp_domain/oo_game_official_website_pc/dist/;

listen 443 ssl; # managed by Certbot

ssl_certificate /etc/letsencrypt/live/www.test.com/fullchain.pem; # managed by Certbot

ssl_certificate_key /etc/letsencrypt/live/www.test.com/privkey.pem; # managed by Certbot

include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot

ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {

if ($host = www.test.com) {

return 301 https://$host$request_uri;

} # managed by Certbot

server_name www.test.com;

listen 80;

return 404; # managed by Certbot

}(base) root@SIT:/etc/nginx/sites-enabled/test#

(base) root@uat-ms-server:/etc/nginx/sites-enabled/test# cat www.test.com.conf
server {    server_name www.test.com;    root /root/oo_game_official_website_pc_Tmp_domain/oo_game_official_website_pc/dist/;}(base) root@uat-ms-server:/etc/nginx/sites-enabled/test# certbot run -d www.test.comSaving debug log to /var/log/letsencrypt/letsencrypt.logPlugins selected: Authenticator nginx, Installer nginxObtaining a new certificatePerforming the following challenges:http-01 challenge for www.test.comWaiting for verification...Cleaning up challengesFailed authorization procedure. www.test.com (http-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up A for www.test.com - check that a DNS record exists for this domain
IMPORTANT NOTES: - The following errors were reported by the server:
   Domain: www.test.com   Type:   None   Detail: DNS problem: NXDOMAIN looking up A for www.test.com -   check that a DNS record exists for this domain(base) root@uat-ms-server:/etc/nginx/sites-enabled/test# certbot run -d www.test.comSaving debug log to /var/log/letsencrypt/letsencrypt.logPlugins selected: Authenticator nginx, Installer nginxObtaining a new certificatePerforming the following challenges:http-01 challenge for www.test.comWaiting for verification...Cleaning up challengesDeploying Certificate to VirtualHost /etc/nginx/sites-enabled/test/www.test.com.conf
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -1: No redirect - Make no further changes to the webserver configuration.2: Redirect - Make all requests redirect to secure HTTPS access. Choose this fornew sites, or if you're confident your site works on HTTPS. You can undo thischange by editing your web server's configuration.- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/test/www.test.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Congratulations! You have successfully enabled https://www.test.com
You should test your configuration at:https://www.ssllabs.com/ssltest/analyze.html?d=www.test.com- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at:   /etc/letsencrypt/live/www.test.com/fullchain.pem   Your key file has been saved at:   /etc/letsencrypt/live/www.test.com/privkey.pem   Your cert will expire on 2020-10-14. To obtain a new or tweaked   version of this certificate in the future, simply run certbot again   with the "certonly" option. To non-interactively renew *all* of   your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by:
   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate   Donating to EFF:                    https://eff.org/donate-le
(base) root@uat-ms-server:/etc/nginx/sites-enabled/test# cat www.test.com.conf
server {    server_name www.test.com;    root /root/oo_game_official_website_pc_Tmp_domain/oo_game_official_website_pc/dist/;

    listen 443 ssl; # managed by Certbot    ssl_certificate /etc/letsencrypt/live/www.test.com/fullchain.pem; # managed by Certbot    ssl_certificate_key /etc/letsencrypt/live/www.test.com/privkey.pem; # managed by Certbot    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {    if ($host = www.test.com) {        return 301 https://$host$request_uri;    } # managed by Certbot

    server_name www.test.com;    listen 80;    return 404; # managed by Certbot

}(base) root@uat-ms-server:/etc/nginx/sites-enabled/test#

Certbot CA 证书 https的更多相关文章

  1. iOS Burp suite CA证书 HTTPS

    设置好burp suite代理后,在浏览器地址输入http://burp/,下载CA证书: 在iOS上下载CA证书,可通过邮件或百度云等一切iOS可以访问证书文件的方法: 点击证书文件iOS提示安装, ...

  2. 给IIS添加CA证书以支持https

    一.在IIS中生成Certificate Signing Request (CSR) 个人理解:生成CSR就是生成“私钥/公钥对”之后从中提取出公钥. 1. 打开IIS Manager,在根节点中选择 ...

  3. CA证书扫盲,https讲解。

    很多关于CA证书的讲解. 1.什么是CA证书. 看过一些博客,写的比较形象具体. ◇ 普通的介绍信 想必大伙儿都听说过介绍信的例子吧?假设 A 公司的张三先生要到 B 公司去拜访,但是 B 公司的所有 ...

  4. http的CA证书安装(也就是https)

    近几年随着安全意识的提高,https流行起来,很多小伙伴不太了解https是什么,其实http和https并没有区别,简单的来说,https就是将http通信进行了加密和解密的一个过程.加上谷歌浏览器 ...

  5. 002. https通信(CA证书认证 + 密钥商定 )

    服务端与客户端建立https通信的过程: 一.认证:客户端第一次访问服务端时,要求服务端证明自己可被信任 1.证书:由服务端申请.第三方CA颁发的,存放在服务端的证书: 证书包含:服务端的公钥.服务端 ...

  6. [PHP] curl访问https与CA证书问题

    CA证书,用来在调用HTTPS资源的时候,验证对方网站是否是CA颁布的证书,而不是自己随便生成的 curl命令1.需要下载CA证书 文件地址是 http://curl.haxx.se/ca/cacer ...

  7. BurpSuit添加CA证书拦截HTTPS通信

    问题 BurpSuit 安装成功后可以直接使用代理对使用 HTTP 协议通信的会话进行拦截,但是对于使用 HTTPS 协议通信的会话进行代理使用时就会出现如下画面 例如访问百度主页: 原因 HTTPS ...

  8. Linux CA证书与https讲解

    1.什么是CA证书. ◇ 普通的介绍信 想必大伙儿都听说过介绍信的例子吧?假设 A 公司的张三先生要到 B 公司去拜访,但是 B 公司的所有人都不认识他,他咋办捏?常用的办法是带公司开的一张介绍信,在 ...

  9. HTTPS原理和CA证书申请(转)

    原文地址:http://blog.51cto.com/11883699/2160032 众所周知,WEB服务存在http和https两种通信方式,http默认采用80作为通讯端口,对于传输采用不加密的 ...

随机推荐

  1. MySQL忘记密码了怎么解决

    前言:在不考虑到原来用户对关联数据库的授权问题的情况下,有以下三种思路解决 #1.登录状态下修改 说明:在登录状态的话,直接使用命令修改密码就行了 mysql> use mysql; mysql ...

  2. java 字符串String.intern()方法学习

    在jdk1.6与jdk1.7中,String类中的intern()方法实现的原理是有一些差异的.1.在jdk1.6中,intern()方法是先查找字符串常量池是否含有当前字符串,如果没有,那么就在字符 ...

  3. 微服务 - 服务注册发现(三)Consule

    Consul 集群 在consul方案中,每个提供服务的节点上都要部署和运行consul的agent,所有运行consul agent节点的集合构成consul cluster.consul agen ...

  4. Mac 下 IDEA 启动慢的问题

    转自: http://blog.csdn.net/KingBoyWorld/article/details/73440717 从控制台来看,每次都会连接本地地址(127.0.0.1),问题可能就出在这 ...

  5. 浅入kubernetes(1):Kubernetes 入门基础

    目录 Kubernetes 入门基础 Introduction basic of kubernetes What Is Kubernetes? Components of Kubernetes Kub ...

  6. SQL中隔行编号的操作

    一般在sql中进行排序编号的时候都是: row_number() over(order by xxx) 但是有时候某些行不想让他们参与排序,这时候可以: row_number() over(order ...

  7. win shift s截图不能用(已解决)

    win10上面 win shift s不能的原因是快捷键冲突导致的: 比如说你的电脑上安装了OneNode2016(讽刺的是这是微软自家的软件),或者其他截图软件都有可能导致快捷键冲突,从而不能使用. ...

  8. Java 为每个原始类型提供了哪些包装类型:

    java的包装类型: 原始类型: boolean,char,byte,short,int,long,float,double 包装类型:Boolean,Character,Byte,Short,Int ...

  9. JTable写入数据库内容

    /*JTable中导入数据库数据. 创建2个Vector col和dat col存入字段名 dat存入数据内容. dbname=new JTable(dat,col); */package demo; ...

  10. JAVA顺序结构和选择结构

    顺序结构 JAVA的基本结构就是顺序结构,除非特别指明,否则按顺序一句一句执行 顺序结构是最简单的算法结构 语句和语句直接,框与框直接就是按从上到下的顺序执行的,它是由若干个依次执行的处理步骤组成的, ...