Certbot CA 证书 https
certbot
(base) a@test:~# certbot --help
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...
Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate. The most common SUBCOMMANDS and flags are:
obtain, install, and renew certificates:
(default) run Obtain & install a certificate in your current webserver
certonly Obtain or renew a certificate, but do not install it
renew Renew all previously obtained certificates that are near
expiry
enhance Add security enhancements to your existing configuration
-d DOMAINS Comma-separated list of domains to obtain a certificate for
(the certbot apache plugin is not installed)
--standalone Run a standalone webserver for authentication
--nginx Use the Nginx plugin for authentication & installation
--webroot Place files in a server's webroot folder for authentication
--manual Obtain certificates interactively, or using shell script
hooks
-n Run non-interactively
--test-cert Obtain a test certificate from a staging server
--dry-run Test "renew" or "certonly" without saving any certificates
to disk
manage certificates:
certificates Display information about certificates you have from Certbot
revoke Revoke a certificate (supply --cert-path or --cert-name)
delete Delete a certificate
manage your account with Let's Encrypt:
register Create a Let's Encrypt ACME account
update_account Update a Let's Encrypt ACME account
--agree-tos Agree to the ACME server's Subscriber Agreement
-m EMAIL Email address for important account notifications
More detailed help:
-h, --help [TOPIC] print this message, or detailed help on a topic;
the available TOPICS are:
all, automation, commands, paths, security, testing, or any of the
subcommands or plugins (certonly, renew, install, register, nginx,
apache, standalone, webroot, etc.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(base) a@test:~# nginx -t^C
(base) a@test:~# ^C
(base) a@test:~# ^C
(base) a@test:~# certbot run -d a.test.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for a.test.com
Using default address 80 for authentication.
Waiting for verification...
Cleaning up challenges
Could not automatically find a matching server block for a.test.com. Set the `server_name` directive to use the Nginx installer.
IMPORTANT NOTES:
- Unable to install the certificate
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/a.test.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/a.test.com/privkey.pem
Your cert will expire on 2020-10-05. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
(base) a@test:~#
Certbot - Ubuntuother Nginx https://certbot.eff.org/lets-encrypt/ubuntuother-nginx
(base) a@test:~# certbot run -d a.test.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Cert not yet due for renewal
You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/a.test.com.conf)
What would you like to do?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Keeping the existing certificate
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/default
nginx: [warn] conflicting server name "test.com" on 0.0.0.0:443, ignored
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
No matching insecure server blocks listening on port 80 found.
nginx: [warn] conflicting server name "test.com" on 0.0.0.0:443, ignored
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://a.test.com
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=a.test.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/a.test.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/a.test.com/privkey.pem
Your cert will expire on 2020-10-05. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
(base) a@test:~#
(base) root@SIT:/etc/nginx/sites-enabled/test# cat www.test.com.conf
server {
server_name www.test.com;
root /root/oo_game_official_website_pc_Tmp_domain/oo_game_official_website_pc/dist/;
}
(base) root@SIT:/etc/nginx/sites-enabled/test# certbot run -d www.test.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.test.com
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. www.test.com (http-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up A for www.test.com - check that a DNS record exists for this domain
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: www.test.com
Type: None
Detail: DNS problem: NXDOMAIN looking up A for www.test.com -
check that a DNS record exists for this domain
(base) root@SIT:/etc/nginx/sites-enabled/test# certbot run -d www.test.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.test.com
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/test/www.test.com.conf
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/test/www.test.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://www.test.com
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=www.test.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/www.test.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/www.test.com/privkey.pem
Your cert will expire on 2020-10-14. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
(base) root@SIT:/etc/nginx/sites-enabled/test# cat www.test.com.conf
server {
server_name www.test.com;
root /root/oo_game_official_website_pc_Tmp_domain/oo_game_official_website_pc/dist/;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/www.test.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.test.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.test.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name www.test.com;
listen 80;
return 404; # managed by Certbot
}(base) root@SIT:/etc/nginx/sites-enabled/test#
(base) root@uat-ms-server:/etc/nginx/sites-enabled/test# cat www.test.com.conf
server { server_name www.test.com; root /root/oo_game_official_website_pc_Tmp_domain/oo_game_official_website_pc/dist/;}(base) root@uat-ms-server:/etc/nginx/sites-enabled/test# certbot run -d www.test.comSaving debug log to /var/log/letsencrypt/letsencrypt.logPlugins selected: Authenticator nginx, Installer nginxObtaining a new certificatePerforming the following challenges:http-01 challenge for www.test.comWaiting for verification...Cleaning up challengesFailed authorization procedure. www.test.com (http-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up A for www.test.com - check that a DNS record exists for this domain
IMPORTANT NOTES: - The following errors were reported by the server:
Domain: www.test.com Type: None Detail: DNS problem: NXDOMAIN looking up A for www.test.com - check that a DNS record exists for this domain(base) root@uat-ms-server:/etc/nginx/sites-enabled/test# certbot run -d www.test.comSaving debug log to /var/log/letsencrypt/letsencrypt.logPlugins selected: Authenticator nginx, Installer nginxObtaining a new certificatePerforming the following challenges:http-01 challenge for www.test.comWaiting for verification...Cleaning up challengesDeploying Certificate to VirtualHost /etc/nginx/sites-enabled/test/www.test.com.conf
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -1: No redirect - Make no further changes to the webserver configuration.2: Redirect - Make all requests redirect to secure HTTPS access. Choose this fornew sites, or if you're confident your site works on HTTPS. You can undo thischange by editing your web server's configuration.- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/test/www.test.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Congratulations! You have successfully enabled https://www.test.com
You should test your configuration at:https://www.ssllabs.com/ssltest/analyze.html?d=www.test.com- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/www.test.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/www.test.com/privkey.pem Your cert will expire on 2020-10-14. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
(base) root@uat-ms-server:/etc/nginx/sites-enabled/test# cat www.test.com.conf
server { server_name www.test.com; root /root/oo_game_official_website_pc_Tmp_domain/oo_game_official_website_pc/dist/;
listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/www.test.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/www.test.com/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server { if ($host = www.test.com) { return 301 https://$host$request_uri; } # managed by Certbot
server_name www.test.com; listen 80; return 404; # managed by Certbot
}(base) root@uat-ms-server:/etc/nginx/sites-enabled/test#
Certbot CA 证书 https的更多相关文章
- iOS Burp suite CA证书 HTTPS
设置好burp suite代理后,在浏览器地址输入http://burp/,下载CA证书: 在iOS上下载CA证书,可通过邮件或百度云等一切iOS可以访问证书文件的方法: 点击证书文件iOS提示安装, ...
- 给IIS添加CA证书以支持https
一.在IIS中生成Certificate Signing Request (CSR) 个人理解:生成CSR就是生成“私钥/公钥对”之后从中提取出公钥. 1. 打开IIS Manager,在根节点中选择 ...
- CA证书扫盲,https讲解。
很多关于CA证书的讲解. 1.什么是CA证书. 看过一些博客,写的比较形象具体. ◇ 普通的介绍信 想必大伙儿都听说过介绍信的例子吧?假设 A 公司的张三先生要到 B 公司去拜访,但是 B 公司的所有 ...
- http的CA证书安装(也就是https)
近几年随着安全意识的提高,https流行起来,很多小伙伴不太了解https是什么,其实http和https并没有区别,简单的来说,https就是将http通信进行了加密和解密的一个过程.加上谷歌浏览器 ...
- 002. https通信(CA证书认证 + 密钥商定 )
服务端与客户端建立https通信的过程: 一.认证:客户端第一次访问服务端时,要求服务端证明自己可被信任 1.证书:由服务端申请.第三方CA颁发的,存放在服务端的证书: 证书包含:服务端的公钥.服务端 ...
- [PHP] curl访问https与CA证书问题
CA证书,用来在调用HTTPS资源的时候,验证对方网站是否是CA颁布的证书,而不是自己随便生成的 curl命令1.需要下载CA证书 文件地址是 http://curl.haxx.se/ca/cacer ...
- BurpSuit添加CA证书拦截HTTPS通信
问题 BurpSuit 安装成功后可以直接使用代理对使用 HTTP 协议通信的会话进行拦截,但是对于使用 HTTPS 协议通信的会话进行代理使用时就会出现如下画面 例如访问百度主页: 原因 HTTPS ...
- Linux CA证书与https讲解
1.什么是CA证书. ◇ 普通的介绍信 想必大伙儿都听说过介绍信的例子吧?假设 A 公司的张三先生要到 B 公司去拜访,但是 B 公司的所有人都不认识他,他咋办捏?常用的办法是带公司开的一张介绍信,在 ...
- HTTPS原理和CA证书申请(转)
原文地址:http://blog.51cto.com/11883699/2160032 众所周知,WEB服务存在http和https两种通信方式,http默认采用80作为通讯端口,对于传输采用不加密的 ...
随机推荐
- springMVC搭建分布式框架
https://www.cnblogs.com/lr393993507/p/7652717.html https://www.cnblogs.com/Tpf386/p/10987931.html
- win10 设置文件夹别名、修改文件夹图标、修改文件夹别名、英文目录和中文目录、设置文件夹中文名称、快捷访问显示设置中文
最近在设置文件夹的时候发现个有趣的事情: 系统路径 C:\Users\Administrator 内的文件夹不仅有图标还显示中文名称,但是打开路径的时候显示的却是英文,这就激发了我的探索欲,究竟是为 ...
- JavaDailyReports10_05
1 package varycode; 2 3 import java.util.ArrayList; 4 import java.util.Random; 5 6 public class Vary ...
- 分布式一致性协议 Raft
分布式领域,CP模型下 数据一致性协议至关重要,不然两边数据不一致容易出现数据读混乱问题.像Etcd Consul zookeeper Eureka ,Redis集群方案这些中间件 都有一致性算法来 ...
- mysql事务-简介
mysql事务 问题 概要 storage engine必须支持事务 事务根据隔离级别的不同,不同事务之间有不同的可见性 begin 或者 start transaction, 显式开启事务:comm ...
- 使用GitHub Actions自动编译部署hexo博客
前言 使用hexo博客也挺久的,最开始是本地hexo clean && hexo g,最后hexo d推送到服务器.后来是本地hexo clean && hexo g, ...
- Liunx运维(十二)-Liunx系统常用内置命令
文档目录: 一.Liunx内置命令概述 二.LIunx常用内置命令实例 1.help查看内置命令帮助2.查看内置命令使用方法3.":" 占位符4. "." 与s ...
- php 去除路由中index.php 通过 .htaccess 文件
首先在入口文件index.php得的当前目录下 创建 .htaccess文件. 然后将下面一段代码放进去: <IfModule mod_rewrite.c> RewriteEngine o ...
- ArrayDeque API 与算法分析
ArrayDeque 是双端队列的动态数组实现,可以当作栈和队列来使用.作为栈时,它的效率比 Stack 更高,作为队列时,效率比 LinkedList 更高.ArrayDeque 大部分操作的时间复 ...
- Logrotate工具使用
Logrotate logrotate是一个被设计来简化系统管理日志文件的工具,在系统运行时,如果产生大量的日志文件,可以使用该工具进行管理,如/var/log/*文件夹是存储系统和应用日志的目录 ...