Papa Kuhikuhi ʻatikala
hoʻoholo i ka manawa hopeʻAʻole hiki ke hoʻokomo i ka Let's Encrypt Error Message: AutoSSL Issue FailedMa hope o ka pilikia DNS, loaʻa i kēia palapala SSL manuahi kekahi mau pilikia e hoʻoponopono ai.
CWP Control PanelI ka wā mua, me he mea lā ua hoʻololi ʻokoʻa ʻia ka palapala Let's Encrypt ma mua o ka pau ʻana o ka palapala.SEOUa hāʻule nui ka huakaʻi, akā naʻe, hiki ke hoʻihoʻi hou ʻia ma hope o ka hoʻoponopono ʻana.
He aha ka Let's Encrypt?
ʻO Let's Encrypt kahi mana palapala manuahi, ʻokoʻa a wehe ʻia (CA) i hāʻawi ʻia e ka Pūʻulu ʻImi ʻImi Pūnaewele Pūnaewele (ISRG).
ʻO ka maʻalahi, hiki ke hoʻohana ʻia ʻo HTTPS (SSL/TLS) no kā mākou pūnaewele me ke kōkua o kahi palapala i hāʻawi ʻia e Let's Encrypt.
ʻO ka hoʻopuka ʻana/hōʻano hou ʻana o Let's Encrypt free palapala hōʻoia e hoʻohana ʻia e nā palapala.
ʻO kēia ka mea aʻo e pili ana i ke noi ʻana no kahi palapala SSL manuahi Let's Encrypt▼
He aha ka Let's Encrypt wildcard palapala?
Ma mua o ka puka ʻana mai o nā palapala wildcard, kākoʻo ʻo Let's Encrypt i 2 mau palapala hōʻoia:
- Single Domain Certificate: Hoʻokahi wale nō mea hoʻokipa i ka palapala hōʻoia.
- Palapala SAN: ʻIke pū ʻia ʻo ka inoa inoa inoa, hiki i kahi palapala ke hoʻokomo i nā pūʻali lehulehu (Let's Encrypt limit is 20).
No nā mea hoʻohana hoʻokahi, ʻoiai ʻaʻole nui loa nā mea hoʻokipa, ʻaʻohe pilikia i ka hoʻohana ʻana i nā palapala SAN, akā no nā hui nui aia kekahi mau pilikia:
- Nui nā subdomains, a makemake paha kahi mea hoʻokipa hou i ka manawa.
- Nui nō hoʻi nā kāʻei kapu i hoʻopaʻa ʻia.
No nā ʻoihana nui, ʻaʻole hiki i nā palapala SAN ke hoʻokō i nā pono, a aia nā pūʻali āpau i loko o ka palapala hoʻokahi, ʻaʻole hiki ke māʻona ma ka hoʻohana ʻana i nā palapala Let's Encrypt (palena 20).
ʻO nā palapala hōʻoia Wildcard nā palapala hōʻoia i hiki ke loaʻa i kahi wildcard:
- No ka laʻana *.example.com, *.example.cn,E hoʻohana i * no ka hoʻohālikelike ʻana i nā subdomain a pau;
- Hiki i nā ʻoihana nui ke hoʻohana i nā palapala hōʻoia wildcard, a hiki i kahi palapala SSL ke kau i nā mea hoʻokipa hou aku.
Ka ʻokoʻa ma waena o ka palapala wildcard a me ka palapala SAN
- Nā Palapala Kāleka - Hoʻohana nui ʻia nā palapala hōʻoia Wildcard no ka pale ʻana i nā subdomains he nui ma lalo o kahi inoa kikowaena kū hoʻokahi.ʻO ka pōmaikaʻi o kēia ʻano palapala hōʻoia ʻaʻole ia e maʻalahi ka mālama ʻana i nā palapala hōʻoia, akā kōkua pū kekahi iā ʻoe e hōʻemi i kāu mau kumukūʻai overhead.Mālama ia i kāu mau subdomains o kēia manawa a me ka wā e hiki mai ana i nā manawa a pau.
- Nā palapala hōʻoia SAN - Hoʻohana ʻia nā palapala SAN (ʻike ʻia ʻo multi-domain certificates) no ka hoʻopaʻa ʻana i nā kikowaena lehulehu me ka palapala hoʻokahi.He ʻokoʻa lākou mai nā palapala hōʻoia wildcard i kā lākou kākoʻo i nā mea āpaupalena ʻolesubdomains. Kākoʻo wale ʻo SAN i ka inoa kikowaena piha i hoʻokomo ʻia i loko o ka palapala hōʻoia. He mea kupanaha nā palapala SAN no ka hoʻohana ʻana iā lākou hiki iā ʻoe ke pale aku ma luna o 100 mau inoa kikowaena kūpono piha me kahi palapala hoʻokahi; akā naʻe, pili ka nui o ka pale i ka mana hoʻopuka palapala.
pehea e noi aiE hoʻopunipunipalapala hōʻoia wildcard?
No ka hoʻokō ʻana i nā palapala wildcard, ua hoʻonui ʻo Let's Encrypt i ka hoʻokō ʻana i ka protocol ACME, a ʻo ka protocol v2 wale nō ke kākoʻo i nā palapala hōʻoia wildcard.
ʻO ia hoʻi, hiki i kēlā me kēia mea kūʻai ke noi no kahi palapala wildcard inā lōʻihi ke kākoʻo iā ACME v2.
Hoʻoiho iā Certbot-Auto
wget https://dl.eff.org/certbot-auto chmod a+x certbot-auto ./certbot-auto --version
E hoʻopili kākou i ka palapala hōʻoia Wildcard
git clone https://github.com/ywdblog/certbot-letencrypt-wildcardcertificates-alydns-au cd certbot-letencrypt-wildcardcertificates-alydns-au chmod 0777 au.sh
E hoʻopaʻa i ka palapala hōʻoia wildcard i ka pau ʻana o ka manawa hōʻano hou
ʻO ka palapala ma aneʻi he kikowaena i hōʻuluʻulu ʻia a hoʻokomo ʻia e ka nginx a i hoʻokomo ʻia ma o Docker, proxy https ma o ka host proxy a i ʻole ka hoʻouka ʻana i ka host balancing, hoʻihoʻi aunoa i ka palapala SSL, a hoʻomaka hou i ka server proxy Nginx.
- Nānā: Hoʻohana maoli ka palapala i ka
./certbot-auto renew
#!/usr/bin/env bash cmd="$HOME/certbot-auto" restartNginxCmd="docker restart ghost_nginx_1" action="renew" auth="$HOME/certbot/au.sh php aly add" cleanup="$HOME/certbot/au.sh php aly clean" deploy="cp -r /etc/letsencrypt/ /home/pi/dnmp/services/nginx/ssl/ && $restartNginxCmd" $cmd $action \ --manual \ --preferred-challenges dns \ --deploy-hook \ "$deploy"\ --manual-auth-hook \ "$auth" \ --manual-cleanup-hook \ "$cleanup"
Hui crontab, hoʻoponopono faila▼
/etc/crontab
#证书有效期<30天才会renew,所以crontab可以配置为1天或1周 0 0 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && /home/pi/crontab.sh
Kūkulu hou ka hoʻonohonoho kikowaena CWP
Eia nā ʻanuʻu no CWP e kūkulu hou i ka server nginx/apache:
KaʻAnuʻu Hana 1: Ma ka ʻaoʻao hema o ka CWP Control Panel, kaomi WebServer Settings → Select WebServers ▼
KaʻAnuʻu 2:选择 Nginx & Varnish & Apache ▼
KaʻAnuʻu 3:Kaomi i ka pihi "Save & Rebuild Configuration" ma lalo e mālama a kūkulu hou i ka hoʻonohonoho.
- E hōʻoluʻolu i ka pūnaewele a ʻike ʻoe ua hōʻano hou ʻia ka lā pau o ka palapala SSL.
Heluhelu lōʻihi:
Hope Chen Weiliang Blog ( https://www.chenweiliang.com/ ) haʻi ʻia "ʻAʻole hoʻololi hou ʻia kā mākou Encrypt?Hoʻohou i ka palapala hōʻoia Wildcard Renewal Script" e kōkua iā ʻoe.
Welina mai e kaʻana like i ka loulou o kēia ʻatikala:https://www.chenweiliang.com/cwl-1199.html
Welina mai i ke kahawai Telegram o ka moʻomanaʻo ʻo Chen Weiliang e kiʻi i nā mea hou loa!
📚 He waiwai nui kēia alakaʻi, 🌟He manawa kakaikahi kēia, mai poina! ⏰⌛💨
Kaʻana like a like inā makemake ʻoe!
ʻO kāu kaʻana like a me kou makemake ʻo kā mākou hoʻoikaika mau!