Ka anyị encrypt megharia na-akpaghị aka?Melite edemede ọhụrụ akwụkwọ ikike anụ ọhịa

edoziziri oge ikpeazụEtinyeghị akwụkwọ iji wụnye Let's Encrypt Error Message: AutoSSL Issue EdaraMgbe nsogbu DNS gasịrị, asambodo SSL a n'efu nwere ụfọdụ nsogbu iji dozie.

Ogwe njikwa CWPNa mbụ, ọ dị ka emegharịrị akwụkwọ Let's Encrypt na-akpaghị aka tupu ọ kubie ume.SEOOkporo ụzọ ahụ dara nke ukwuu, mana ọ dabara nke ọma enwere ike nwetaghachi ya mgbe edozichara ngwọta ya.

Kedu ihe bụ Ka anyị ezoro ezo?

Ka anyị Encrypt bụ ikike Asambodo mepere emepe (CA) n'efu, nke akpaaka na mepere emepe nke ndị otu nyocha nchekwa ịntanetị na-anaghị akwụ ụgwọ (ISRG) nyere.

N'ikwu ya n'ụzọ dị mfe, enwere ike ịme HTTPS (SSL/TLS) maka weebụsaịtị anyị n'efu site n'enyemaka nke asambodo nke Let's Encrypt nyere.

Iwepụta/mmeghari nke Let's Encrypt free certificate bụ akpaghị aka site na scripts. Let's Encrypt na-atụ aro ka iji onye ahịa Certbot nye asambodo.

Ihe na-esonụ bụ nkuzi maka otu esi etinye akwụkwọ maka akwụkwọ anamachọihe SSL n'efu▼

Otu esi etinye akwụkwọ maka Let's Encrypt? Ka anyị ezobe ụkpụrụ Asambodo efu na nkuzi nwụnye SSL

Otu esi etinye akwụkwọ maka Let's Encrypt?Ka anyị zoo ụkpụrụ Asambodo SSL na nkuzi nwụnye Gịnị bụ SSL?Edemede gara aga Chen Weiliang "Gịnị bụ ọdịiche dị n'etiti http vs https? Akpọrọ ya aha na "Nkọwa zuru ezu nke usoro nzuzo SSL".Ewezuga saịtị ecommerce ga-azụta ọkaibe...

Gịnị bụ akwụkwọ ikike ka anyị zoo?

Tupu asambodo wildcard apụta, ka anyị zoo naanị asambodo 2:

1. Otu Asambodo ngalaba: Asambodo ahụ nwere naanị otu onye ọbịa.
2. SAN akwụkwọ: A makwaara dị ka ngalaba aha akwụkwọ, a akwụkwọ nwere ike ịgụnye multiple ụsụụ ndị agha (Ka encrypt ịgba bụ 20).

Maka ndị ọrụ n'otu n'otu, ebe ọ bụ na enweghị ọtụtụ ndị ọbịa, ọ nweghị nsogbu ọ bụla na iji asambodo SAN, mana maka nnukwu ụlọ ọrụ enwere ụfọdụ nsogbu:

1. Enwere ọtụtụ subdomains, ma ọ nwere ike ịdị mkpa iji onye nnabata ọhụrụ na-agafe oge.
2. Enwekwara ọtụtụ ngalaba edebanyere aha.

Maka nnukwu ụlọ ọrụ, asambodo SAN nwere ike ọ gaghị egbo mkpa, yana ndị ọbịa niile dị n'otu akwụkwọ, nke enweghị afọ ojuju site na iji asambodo Let's Encrypt (oke 20).

Asambodo Wildcard bụ asambodo nwere ike ịnwe kaadị ọhịa:

• Dịka ọmụmaatụ *.example.com, *.example.cn,Jiri * iji dakọtara subdomains niile na-akpaghị aka;
• Ụlọ ọrụ buru ibu nwekwara ike iji asambodo wildcard, na otu akwụkwọ SSL nwere ike idowe ọtụtụ ndị ọbịa.

Ọdịiche dị n'etiti akwụkwọ ikike anụ ọhịa na asambodo SAN

1. Asambodo Wildcard - A na-eji asambodo Wildcard kpuchie ọtụtụ subdomains n'okpuru aha ngalaba ruru eru zuru oke.Uru nke ụdị asambodo a bụ na ọ bụghị naanị na ọ na-eme ka njikwa asambodo dị mfe, mana ọ na-enyekwara gị aka ibelata ego ị na-akwụ.Ọ na-echekwa subdomains gị ugbu a na ọdịnihu n'oge niile.
2. Asambodo SAN - Asambodo SAN (nke a makwaara dị ka asambodo ngalaba ọtụtụ) na-eji otu asambodo chekwaa ọtụtụ ngalaba.Ha dị iche na asambodo wildcard na ha na-akwado mmadụ niileakparaghị ókèsubdomains. SAN naanị na-akwado n'ụzọ zuru ezu ruru eru ngalaba aha banyere na akwụkwọ. Asambodo SAN na-adọrọ mmasị n'ihi na iji ha, ị nwere ike iji otu akwụkwọ chekwaa ihe karịrị 100 aha ngalaba ruru eru zuru oke; Otú ọ dị, oke nchebe dabere na ndị na-enye ikike ikike.

esi etinye akwụkwọKa anyị zooAsambodo ohia?

Iji mejuputa asambodo wildcard, Let's Encrypt akwalitela mmejuputa iwu ACME, na naanị v2 protocol nwere ike ịkwado asambodo wildcard.

Nke ahụ bụ, onye ahịa ọ bụla nwere ike itinye akwụkwọ maka asambodo wildcard ma ọ bụrụhaala na ọ na-akwado ACME v2.

Budata Certbot-Auto

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
./certbot-auto --version

Ka anyị zoo akwukwọ Asambodo Wildcard

git clone https://github.com/ywdblog/certbot-letencrypt-wildcardcertificates-alydns-au
cd certbot-letencrypt-wildcardcertificates-alydns-au
chmod 0777 au.sh

Ka anyị ezoro ezoro agụ akwụkwọ mmechi oge ọhụrụ script

Edemede ebe a bụ ihe nkesa chịkọtara ma tinye ya site na nginx ma ọ bụ tinye ya site na Docker, proxy https site na proxy nnabata ma ọ bụ onye na-edozi ibu, kwadoo asambodo SSL na-akpaghị aka, wee malitegharịa ihe nkesa proxy Nginx.

• Mara: Edemede a na-eji n'ezie ./certbot-auto renew

#!/usr/bin/env bash

cmd="$HOME/certbot-auto" 
restartNginxCmd="docker restart ghost_nginx_1"
action="renew"
auth="$HOME/certbot/au.sh php aly add"
cleanup="$HOME/certbot/au.sh php aly clean"
deploy="cp -r /etc/letsencrypt/ /home/pi/dnmp/services/nginx/ssl/ && $restartNginxCmd"

$cmd $action \
--manual \
--preferred-challenges dns \
--deploy-hook \
"$deploy"\
--manual-auth-hook \
"$auth" \
--manual-cleanup-hook \
"$cleanup"

Soro na crontab, dezie faịlụ▼

/etc/crontab

#证书有效期<30天才会renew，所以crontab可以配置为1天或1周
0 0 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && /home/pi/crontab.sh

Nhazigharị ihe nkesa CWP

Nke a bụ usoro CWP iji wughachi sava nginx/apache:

Kwụpụ 1: N'akụkụ aka ekpe nke CWP Control Panel, pịa Ntọala WebServer → Họrọ WebServers ▼

nke 2:选择 Nginx & Varnish & Apache ▼

nke 3:Pịa bọtịnụ "Save & Rebuild Configuration" na ala iji chekwaa ma wughachi nhazi ahụ.

• Megharịa webụsaịtị ahụ ma ị ga-ahụ na emelitere ụbọchị ngafe nke asambodo SSL.

Ịgbatịkwu oge:

Linux Crontab na-eme iwu ọrụ script mgbe niile & na-ahazi ojiji faịlụ nhazi

Usoro cron wuru na Linux nwere ike inyere anyị aka igbo mkpa nke ịrụ ọrụ a haziri ahazi Site n'iji cron na shei scripts, enweghị nsogbu ọ bụla na-eme iwu ọrụ dị mgbagwoju anya mgbe niile.Kedu ihe bụ Cron?Ihe anyị na-ejikarị bụ iwu crontab, nke bụ cron ta...