Bari mu Encrypt sabuntawa ta atomatik?Sabunta rubutun sabunta takardar shedar kati

warware karsheBa a yi nasara ba don shigar da Saƙon Kuskuren Mu Rufe Saƙon Kuskuren: Ba a Fasa Batun AutoSSLBayan matsalar DNS, wannan takardar shaidar SSL ta kyauta tana da wasu matsaloli don warwarewa.

Cibiyar Kula da CWPAsali, kamar dai an sabunta satifiket ɗin Let's Encrypt ɗin ta atomatik kafin ta ƙare.SEOHanyoyin zirga-zirga sun ragu sosai, amma an yi sa'a ana iya dawo dasu bayan an gyara maganin.

Menene Mu Rufewa?

Bari mu Encrypt kyauta ne, mai sarrafa kansa kuma buɗe Hukumar Takaddun Shaida (CA) ta Ƙungiyar Binciken Tsaro ta Intanet (ISRG) mai zaman kanta.

A taƙaice, ana iya kunna HTTPS (SSL/TLS) don gidan yanar gizon mu kyauta tare da taimakon takaddun shaida da Mu Encrypt ya bayar.

Bayar da/sabuntawa na Let's Encrypt takardun shaida kyauta ana sarrafa su ta hanyar rubutun. Bari mu Encrypt a hukumance yana ba da shawarar amfani da abokin ciniki na Certbot don ba da takaddun shaida.

Mai zuwa shine koyawa kan yadda ake neman takardar shaidar SSL kyauta ▼

Yadda ake nema don Mu Encrypt? Bari Mu Encrypt SSL Free Certificate Principle & Installation Tutorial

Yadda ake nema don Mu Encrypt?Bari Mu Encrypt SSL Certificate Principle & Installation Tutorial Menene SSL?Labarin baya Chen Weiliang "Mene ne bambanci tsakanin http vs https? An ambaci shi a cikin "Cikakken Bayanin Tsari na Rufe SSL".Sai dai shafukan yanar gizo na e-commerce dole ne su sayi kima...

Menene takardar shedar kati mai lamba Bari Mu Encrypt?

Kafin takaddun shaida ya bayyana, Bari Mu Encrypt ɗin takaddun shaida guda 2 kawai ke tallafawa:

1. Takaddun yanki Guda Guda: Takaddun shaida ya ƙunshi runduna ɗaya kawai.
2. SAN takardar shaidar: Hakanan aka sani da takardar shaidar sunan yankin, takardar shaidar na iya haɗawa da runduna da yawa (Bari mu ɓoye iyaka shine 20).

Ga masu amfani ɗaya ɗaya, tunda ba a sami ma'aikata da yawa ba, babu shakka babu matsala ta amfani da takaddun shaida na SAN, amma ga manyan kamfanoni akwai wasu matsaloli:

1. Akwai yankuna da yawa, kuma ana iya buƙatar sabon mai watsa shiri akan lokaci.
2. Hakanan akwai yankuna masu rijista da yawa.

Ga manyan kamfanoni, takaddun shaida na SAN bazai cika buƙatun ba, kuma duk runduna suna ƙunshe a cikin takaddun shaida ɗaya, waɗanda ba za a iya gamsuwa da su ta amfani da takaddun shaida Mu Encrypt (iyaka 20).

Takaddun shaida na Wildcard takaddun shaida ne waɗanda zasu iya ƙunsar kati:

• Misali *.example.com, *.example.cn,Yi amfani da * don daidaita duk wuraren yanki ta atomatik;
• Manyan kamfanoni kuma za su iya amfani da takaddun shaida, kuma takardar shaidar SSL ɗaya na iya sanya ƙarin runduna.

Bambanci tsakanin takardar shaidar kati da takardar shedar SAN

1. Takaddun shaida na Wildcard - Ana amfani da takaddun shaida don kare yankuna da yawa a ƙarƙashin sunan yanki na musamman.Amfanin wannan nau'in takardar shaidar shine ba wai kawai yana sauƙaƙe sarrafa takaddun shaida ba, har ma yana taimaka muku rage yawan kuɗin da kuke kashewa.Yana kare yankin ku na yanzu da na gaba a kowane lokaci.
2. Takaddun shaida na SAN - Takaddun shaida na SAN (wanda kuma aka sani da takaddun yanki da yawa) ana amfani da su don amintar yankuna da yawa tare da takaddun shaida guda.Sun bambanta da takaddun shaida a cikin cewa suna tallafawa kowamarar iyakareshen yanki. SAN kawai yana goyan bayan cikakken sunan yankin da aka shigar a cikin takaddun shaida. Takaddun shaida na SAN suna da ban sha'awa saboda amfani da su za ku iya kare sunayen yanki sama da 100 daban-daban masu cancanta tare da takaddun shaida guda; duk da haka, adadin kariya ya dogara da ikon bayar da takardar shaida.

yadda ake nemaBari mu EncryptTakaddun shaida?

Domin aiwatar da takaddun shaida, Let's Encrypt ya haɓaka aiwatar da ka'idar ACME, kuma ƙa'idar v2 kawai zata iya tallafawa takaddun shaida.

Wato, kowane abokin ciniki na iya neman takardar shedar kati muddin yana goyan bayan ACME v2.

Zazzage Certbot-Auto

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
./certbot-auto --version

Bari Mu Rufe Rubutun Takaddun Takaddun Katin Wild

git clone https://github.com/ywdblog/certbot-letencrypt-wildcardcertificates-alydns-au
cd certbot-letencrypt-wildcardcertificates-alydns-au
chmod 0777 au.sh

Bari mu ɓoye rubutun sabuntawar lokacin karewa takardar shaidar karewa

Rubutun anan shine sabar da aka haɗa kuma aka shigar da nginx ko shigar ta Docker, wakili https ta hanyar wakili na mai watsa shiri ko daidaita mai ɗaukar nauyi, adana takardar shaidar SSL ta atomatik, sannan ta sake kunna sabar wakili na Nginx.

• Lura: Rubutun a zahiri yana amfani da ./certbot-auto renew

#!/usr/bin/env bash

cmd="$HOME/certbot-auto" 
restartNginxCmd="docker restart ghost_nginx_1"
action="renew"
auth="$HOME/certbot/au.sh php aly add"
cleanup="$HOME/certbot/au.sh php aly clean"
deploy="cp -r /etc/letsencrypt/ /home/pi/dnmp/services/nginx/ssl/ && $restartNginxCmd"

$cmd $action \
--manual \
--preferred-challenges dns \
--deploy-hook \
"$deploy"\
--manual-auth-hook \
"$auth" \
--manual-cleanup-hook \
"$cleanup"

Shiga crontab, gyara fayil▼

/etc/crontab

#证书有效期<30天才会renew，所以crontab可以配置为1天或1周
0 0 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && /home/pi/crontab.sh

Sake gina saitin uwar garken CWP

Anan akwai matakai don CWP don sake gina sabar nginx/apache:

Mataki 1: A gefen hagu na CWP Control Panel, danna Saitunan WebServer → Zaɓi WebServers ▼

shafi na 2:选择 Nginx & Varnish & Apache ▼

shafi na 3:Danna maɓallin "Ajiye & Sake Gina Kanfigareshan" a ƙasa don adanawa da sake gina tsarin.

• Sake sabunta gidan yanar gizon kuma za ku ga cewa an sabunta ranar karewa takardar shaidar SSL.

Karin karatu:

Linux Crontab yana aiwatar da umarnin aikin rubutun akai-akai & saita amfani da fayil ɗin sanyi

Tsarin cron na Linux wanda aka gina a ciki zai iya taimaka mana biyan buƙatun aiwatar da ayyukan da aka tsara.Ta amfani da rubutun cron da harsashi, babu matsala a kai a kai aiwatar da ƙayyadaddun umarni na ɗawainiya.Menene Cron?Abin da muke yawan amfani da shi shine umarnin crontab, wanda shine cron ta ...