Hoʻololi ʻokoʻa anei ʻo Let's Encrypt?Hoʻohou i ka palapala hōʻoia hōʻano hou

hoʻoholo i ka manawa hopeʻAʻole hiki ke hoʻokomo i ka Let's Encrypt Error Message: AutoSSL Issue FailedMa hope o ka pilikia DNS, loaʻa i kēia palapala SSL manuahi kekahi mau pilikia e hoʻoponopono ai.

CWP Control PanelI ka wā mua, me he mea lā ua hoʻololi ʻokoʻa ʻia ka palapala Let's Encrypt ma mua o ka pau ʻana o ka palapala.SEOUa hāʻule nui ka huakaʻi, akā naʻe, hiki ke hoʻihoʻi hou ʻia ma hope o ka hoʻoponopono ʻana.

He aha ka Let's Encrypt?

ʻO Let's Encrypt kahi mana palapala manuahi, ʻokoʻa a wehe ʻia (CA) i hāʻawi ʻia e ka Pūʻulu ʻImi ʻImi Pūnaewele Pūnaewele (ISRG).

ʻO ka maʻalahi, hiki ke hoʻohana ʻia ʻo HTTPS (SSL/TLS) no kā mākou pūnaewele me ke kōkua o kahi palapala i hāʻawi ʻia e Let's Encrypt.

ʻO ka hoʻopuka ʻana/hōʻano hou ʻana o Let's Encrypt free palapala hōʻoia e hoʻohana ʻia e nā palapala.

ʻO kēia ka mea aʻo e pili ana i ke noi ʻana no kahi palapala SSL manuahi Let's Encrypt▼

Pehea e noi ai no Let's Encrypt? Let's Encrypt SSL Free Certificate Principle & Installation Tutorial

Pehea e noi ai no Let's Encrypt?E hoʻopaʻa iā mākou i ke kumu o ka palapala hōʻoia SSL a me ke aʻo ʻana he aha ka SSL?ʻO ka ʻatikala mua a Chen Weiliang "He aha ka ʻokoʻa ma waena o http vs https? Ua ʻōlelo ʻia ma ka "Detailed Explanation of SSL Encryption Process".ʻAʻole pono nā pūnaewele ecommerce e kūʻai i ka premium...

He aha ka Let's Encrypt wildcard palapala?

Ma mua o ka puka ʻana mai o nā palapala wildcard, kākoʻo ʻo Let's Encrypt i 2 mau palapala hōʻoia:

1. Single Domain Certificate: Hoʻokahi wale nō mea hoʻokipa i ka palapala hōʻoia.
2. Palapala SAN: ʻIke pū ʻia ʻo ka inoa inoa inoa, hiki i kahi palapala ke hoʻokomo i nā pūʻali lehulehu (Let's Encrypt limit is 20).

No nā mea hoʻohana hoʻokahi, ʻoiai ʻaʻole nui loa nā mea hoʻokipa, ʻaʻohe pilikia i ka hoʻohana ʻana i nā palapala SAN, akā no nā hui nui aia kekahi mau pilikia:

1. Nui nā subdomains, a makemake paha kahi mea hoʻokipa hou i ka manawa.
2. Nui nō hoʻi nā kāʻei kapu i hoʻopaʻa ʻia.

No nā ʻoihana nui, ʻaʻole hiki i nā palapala SAN ke hoʻokō i nā pono, a aia nā pūʻali āpau i loko o ka palapala hoʻokahi, ʻaʻole hiki ke māʻona ma ka hoʻohana ʻana i nā palapala Let's Encrypt (palena 20).

ʻO nā palapala hōʻoia Wildcard nā palapala hōʻoia i hiki ke loaʻa i kahi wildcard:

• No ka laʻana *.example.com, *.example.cn,E hoʻohana i * no ka hoʻohālikelike ʻana i nā subdomain a pau;
• Hiki i nā ʻoihana nui ke hoʻohana i nā palapala hōʻoia wildcard, a hiki i kahi palapala SSL ke kau i nā mea hoʻokipa hou aku.

Ka ʻokoʻa ma waena o ka palapala wildcard a me ka palapala SAN

1. Nā Palapala Kāleka - Hoʻohana nui ʻia nā palapala hōʻoia Wildcard no ka pale ʻana i nā subdomains he nui ma lalo o kahi inoa kikowaena kū hoʻokahi.ʻO ka pōmaikaʻi o kēia ʻano palapala hōʻoia ʻaʻole ia e maʻalahi ka mālama ʻana i nā palapala hōʻoia, akā kōkua pū kekahi iā ʻoe e hōʻemi i kāu mau kumukūʻai overhead.Mālama ia i kāu mau subdomains o kēia manawa a me ka wā e hiki mai ana i nā manawa a pau.
2. Nā palapala hōʻoia SAN - Hoʻohana ʻia nā palapala SAN (ʻike ʻia ʻo multi-domain certificates) no ka hoʻopaʻa ʻana i nā kikowaena lehulehu me ka palapala hoʻokahi.He ʻokoʻa lākou mai nā palapala hōʻoia wildcard i kā lākou kākoʻo i nā mea āpaupalena ʻolesubdomains. Kākoʻo wale ʻo SAN i ka inoa kikowaena piha i hoʻokomo ʻia i loko o ka palapala hōʻoia. He mea kupanaha nā palapala SAN no ka hoʻohana ʻana iā lākou hiki iā ʻoe ke pale aku ma luna o 100 mau inoa kikowaena kūpono piha me kahi palapala hoʻokahi; akā naʻe, pili ka nui o ka pale i ka mana hoʻopuka palapala.

pehea e noi aiE hoʻopunipunipalapala hōʻoia wildcard?

No ka hoʻokō ʻana i nā palapala wildcard, ua hoʻonui ʻo Let's Encrypt i ka hoʻokō ʻana i ka protocol ACME, a ʻo ka protocol v2 wale nō ke kākoʻo i nā palapala hōʻoia wildcard.

ʻO ia hoʻi, hiki i kēlā me kēia mea kūʻai ke noi no kahi palapala wildcard inā lōʻihi ke kākoʻo iā ACME v2.

Hoʻoiho iā Certbot-Auto

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
./certbot-auto --version

E hoʻopili kākou i ka palapala hōʻoia Wildcard

git clone https://github.com/ywdblog/certbot-letencrypt-wildcardcertificates-alydns-au
cd certbot-letencrypt-wildcardcertificates-alydns-au
chmod 0777 au.sh

E hoʻopaʻa i ka palapala hōʻoia wildcard i ka pau ʻana o ka manawa hōʻano hou

ʻO ka palapala ma aneʻi he kikowaena i hōʻuluʻulu ʻia a hoʻokomo ʻia e ka nginx a i hoʻokomo ʻia ma o Docker, proxy https ma o ka host proxy a i ʻole ka hoʻouka ʻana i ka host balancing, hoʻihoʻi aunoa i ka palapala SSL, a hoʻomaka hou i ka server proxy Nginx.

• Nānā: Hoʻohana maoli ka palapala i ka ./certbot-auto renew

#!/usr/bin/env bash

cmd="$HOME/certbot-auto" 
restartNginxCmd="docker restart ghost_nginx_1"
action="renew"
auth="$HOME/certbot/au.sh php aly add"
cleanup="$HOME/certbot/au.sh php aly clean"
deploy="cp -r /etc/letsencrypt/ /home/pi/dnmp/services/nginx/ssl/ && $restartNginxCmd"

$cmd $action \
--manual \
--preferred-challenges dns \
--deploy-hook \
"$deploy"\
--manual-auth-hook \
"$auth" \
--manual-cleanup-hook \
"$cleanup"

Hui crontab, hoʻoponopono faila▼

/etc/crontab

#证书有效期<30天才会renew，所以crontab可以配置为1天或1周
0 0 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && /home/pi/crontab.sh

Kūkulu hou ka hoʻonohonoho kikowaena CWP

Eia nā ʻanuʻu no CWP e kūkulu hou i ka server nginx/apache:

KaʻAnuʻu Hana 1: Ma ka ʻaoʻao hema o ka CWP Control Panel, kaomi WebServer Settings → Select WebServers ▼

KaʻAnuʻu 2:选择 Nginx & Varnish & Apache ▼

KaʻAnuʻu 3:Kaomi i ka pihi "Save & Rebuild Configuration" ma lalo e mālama a kūkulu hou i ka hoʻonohonoho.

• E hōʻoluʻolu i ka pūnaewele a ʻike ʻoe ua hōʻano hou ʻia ka lā pau o ka palapala SSL.

Heluhelu lōʻihi:

Hoʻokō mau ʻo Linux Crontab i nā kauoha hana palapala a hoʻonohonoho i ka hoʻohana ʻana i ka faila hoʻonohonoho

Hiki i ke kaʻina hana cron i kūkulu ʻia ma Linux ke kōkua iā mākou e hoʻokō i nā pono o ka hoʻokō ʻana i nā hana i hoʻonohonoho ʻia.He aha ka Cron?ʻO ka mea a mākou e hoʻohana pinepine ai ʻo ke kauoha crontab, ʻo ia ka cron ta...