Me pehea te tono mo Let's Encrypt, Let's Encryption SSL Free Tiwhikete Tikanga & Whakaakoranga Whakataunga

Me pehea te tono mo Let's Encrypt?

Kia Whakamuna te Tikanga Tiwhikete SSL me te Akoranga Whakataunga

He aha te SSL?Ko Chen WeiliangI roto i te tuhinga o mua "He aha te rereketanga i waenga i te http me te https? He whakamaramatanga mo te tukanga whakamunatanga SSL"Kua whakahuahia i roto.

Tuhinga ka whai maiE-tauhokohokoMe hoko te paetukutuku i tetahi tiwhikete SSL whakamunatia matatau me te whakamahi i te paetukutuku hei WeChatTe whakatairanga kaute a te iwiTuhinga o muapāpāho houE te iwi, ki te hiahia koe ki te whakauru i tetahi tiwhikete SSL, ka taea e koe te whakauru i tetahi tiwhikete SSL whakamunatia mo te kore utu.SEOHe awhina, ka taea te whakapai ake i te rangatira o nga kupu matua paetukutuku i roto i nga miihini rapu.

Kua tuhia e tatou a Whakamuna he huinga tukanga (https://certbot.eff.org/), whakamahiLinuxe hoa ma, ka taea e koe te whai i tenei akoranga i te wa e korero ana koe ki te mahi.

Tangohia te taputapu certbot-auto i te tuatahi, katahi ka whakahaere i nga whakawhirinakitanga whakaurunga o te taputapu.

wget https://dl.eff.org/certbot-auto --no-check-certificate
chmod +x ./certbot-auto
./certbot-auto -n

Hanga tiwhikete SSL

Whai muri, meKo Chen WeiliangTangohia te ingoa rohe rangitaki hei tauira, tena koa whakarereketia kia rite ki o hiahia. Ka whakahaerehia e SSH nga whakahau e whai ake nei.

Kia mahara ki te whakarereke i te tono:

1. Pouakaeta
2. ara tūmau
3. ingoa rohe paetukutuku

Takitaki rohe kotahi, whakaputa tiwhikete:

./certbot-auto certonly --email [email protected] --agree-tos --no-eff-email --webroot -w /home/admin/web/chenweiliang.com/public_html -d www.chenweiliang.com

Whaiaronga rohe-maha kotahi, hangaia he tiwhikete: (ara, ingoa rohe maha, whaiaronga kotahi, whakamahia te tiwhikete kotahi)

./certbot-auto certonly --email [email protected] --agree-tos --no-eff-email --webroot -w /home/admin/web/chenweiliang.com/public_html -d www.chenweiliang.com -d img.chenweiliang.com

Ka tiakina te tiwhikete SSL i hangaia ki:/etc/letsencrypt/live/www.chenweiliang.com/ I raro i nga korero.

He maha nga ingoa rohe me nga raarangi maha, hangaia he tiwhikete: (ara, ingoa rohe maha, raarangi maha, whakamahia te tiwhikete kotahi)

./certbot-auto certonly --email [email protected] --agree-tos --no-eff-email --webroot -w /home/admin/web/chenweiliang.com/public_html -d www.chenweiliang.com -d img.chenweiliang.com -w /home/eloha/public_html/site/etufo.org -d www.etufo.org -d img.etufo.org

I muri i te whakaurunga pai o te Tiwhikete Whakamuna Tatou, ka puta te karere tere e whai ake nei ki SSH:

NGĀ WHAKAMAHI MANA'O:
– Kia ora to tiwhikete me te chain kua tiakina ki:
/etc/letsencrypt/live/www.chenweiliang.com/fullchain.pem
Kua tiakina to kōnae matua ki:
/etc/letsencrypt/live/www.chenweiliang.com/privkey.pem
Ka pau to tiwhikete a te 2018-02-26. Ki te whiwhi i tetahi mea hou, kua takawiri ranei
putanga o tenei tiwhikete a meake nei, whakahaere noa certbot-auto
Ki te whakahou kore-tauwhitiwhiti *katoa* o o tiwhikete, rere
"certbot-aunoa whakahou"
- Mena he pai ki a koe a Certbot, me whakaaro ki te tautoko i a maatau mahi ma:
Koha ki te ISRG / Kia Whakamuna: https://letsencrypt.org/donate
Te tuku ki te EFF: https://eff.org/donate-le

Whakahoutanga Tiwhikete SSL

Ko te whakahou Tiwhikete he tino watea hoki, ma te whakamahicrontabWhakahou-aunoa.Ko etahi o Debian kaore he crontab i whakauruhia, ka taea e koe te whakauru ma te ringa tuatahi.

apt-get install cron

Ko nga whakahau e whai ake nei kei te nginx me te apache / etc / crontab Ko te whakahau i whakauruhia ki roto i te konae ko te tikanga ka whakahoutia ia 10 nga ra, a ka ranea te 90-ra te wa mana.

Nginx crontab kōnae, tēnā tāpirihia:

0 3 */10 * * /root/certbot-auto renew --renew-hook "/etc/init.d/nginx reload"

Kōnae Apache crontab, tāpirihia koa:

0 3 */10 * * /root/certbot-auto renew --renew-hook "service httpd restart"

Tiwhikete SSL whirihoranga Apache

Inaianei, me whakarereke tatou ki te whirihoranga Apache.

Tips:

• ki te whakamahi koePaewhiri Mana CWP, i roto i te Tāpiri ingoa rohe taki Whakaputa aunoa i te tiwhikete SSL, ka whirihora aunoa i te tiwhikete SSL mo Apache.
• Mena ka mahia e koe etahi atu waahanga e whai ake nei, ka puta he hapa i muri i te whakaara ano i a Apache.
• Mena he hapa, mukua te whirihoranga i tapiritia e koe ma te ringa.

Whakatikaina te kōnae httpd.conf ▼

/usr/local/apache/conf/httpd.conf

Kimihia ▼

Listen 443

• (tangohia te nama korero o mua #)

tāpirihia rānei te tauranga whakarongo 443 ▼

Listen 443

SSH tirohia te tauranga whakarongo a Apache ▼

grep ^Listen /usr/local/apache/conf/httpd.conf

Kimihia ▼

mod_ssl

• (tangohia te nama korero o mua #)

tāpiri ranei ▼

LoadModule ssl_module modules/mod_ssl.so

Kimihia ▼

httpd-ssl

• (tangohia te nama korero o mua #)

Na, mahia e te SSH te whakahau e whai ake nei (tohu kia huri te ara ki a koe ake):

at >/usr/local/apache/conf/extra/httpd-ssl.conf<<EOF
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProxyCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLHonorCipherOrder on
SSLProtocol all -SSLv2 -SSLv3
SSLProxyProtocol all -SSLv2 -SSLv3
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/usr/local/apache/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
SSLMutex "file:/usr/local/apache/logs/ssl_mutex"
EOF

I muri mai, i te mutunga o te whirihoranga Apache mo te paetukutuku i hanga e koei raro.

Taapirihia te konae whirihoranga o te waahanga SSL (tohua hei tango i te korero, ka huri i te huarahi ki a koe ake):

<VirtualHost *:443>
DocumentRoot /home/admin/web/chenweiliang.com/public_html //网站目录
ServerName www.chenweiliang.com:443 //域名
ServerAdmin [email protected] //邮箱
ErrorLog "/var/log/www.chenweiliang.com-error_log" //错误日志
CustomLog "/var/log/www.chenweiliang.com-access_log" common //访问日志
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/www.chenweiliang.com/fullchain.pem //之前生成的证书
SSLCertificateKeyFile /etc/letsencrypt/live/www.chenweiliang.com/privkey.pem //之前生成的密钥
<Directory "/home/admin/web/chenweiliang.com/public_html"> //网站目录
SetOutputFilter DEFLATE
Options FollowSymLinks
AllowOverride All
suPHP_UserGroup eloha eloha //用户组（有些服务器配置需要，有些可能不需要，出错请删除此行）
Order allow,deny
Allow from all
DirectoryIndex index.html index.phps
</Directory>
</VirtualHost>

Ka mutu ka whakaara ano a Apache ki runga:

service httpd restart

Ka kaha a Apache ki te whakawhiti HTTP ki HTTPS

• He maha nga tono tukutuku ka taea anake te whakahaere me te SSL.
• Me mohio tatou i nga wa katoa ka whakamahi tatou i te SSL, me uru te paetukutuku ma te SSL.
• Mena ka ngana tetahi kaiwhakamahi ki te uru atu ki te paetukutuku me te URL kore-SSL, me tukuna atu ia ki te paetukutuku SSL.
• Tukuna ki SSL URL ma te whakamahi i te Apache mod_rewrite module.
• Mēnā ka whakamahi koe i te mōkihi tāutanga paato-kotahi o te LAMP, te whakaurunga aunoa o te tiwhikete SSL me te huri ano ki te HTTPS, te hurihanga ki te HTTPS.Kei te kaha, kaore koe e hiahia ki te taapiri i te HTTPS anga whakamua.

Tāpiri ture anga whakamua

• I roto i te konae whirihoranga a Apache, whakatikahia te kaihautu mariko o te paetukutuku me te taapiri i nga tautuhinga e whai ake nei.
• Ka taea hoki e koe te taapiri i nga tautuhinga rite ki te pakiaka tuhinga i to paetukutuku i roto i to konae .htaccess.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Mena kei te hiahia koe ki te tautuhi i tetahi URL hei tuku ki te HTTPS:

RewriteEngine On
RewriteRule ^message$ https://www.etufo.org/message [R=301,L]

• Mena ka ngana tetahi ki te uru karere , ka peke te wharangi ki https, ka taea e te kaiwhakamahi te uru ki te URL me SSL anake.

Tīmataria anō a Apache kia whai mana te kōnae .htaccess:

service httpd restart

Nga Whakatakarotanga

• Tena koa hurihia te wahitau imeera i runga ake nei ki to wahitau imeera.
• Kia mahara ki te huri i te ingoa rohe paetukutuku i runga ake nei ki to ingoa rohe paetukutuku.

Anō te raruraru tauwāhi ture

I raro i nga ture pseudo-static, i te wa e whakatakoto ana i nga ture peke whakahuri, ka tupono koe Kaore e taea e http te anga ki https Te raru.

I te tuatahi i kapea e matou te waehere anga ki .htaccess ka puta mai i nga keehi e whai ake nei ▼

• E tohu ana [L] ko te ture o naianei te ture whakamutunga, kati te tātari i nga ture tuhi ano e whai ake nei.
• No reira ka uru atu koe ki te wharangi tuhinga kua tukuna ano, ka whakamutua e [L] te ture e whai ake nei, no reira karekau te ture anga atu e mahi.

Ina toro ana matou ki te wharangi wharangi http, ka hiahia matou ki te whakaoho i te hurihanga URL, pekehia te ture pseudo-static ki te mahia te ture peke whakahuri, kia taea aiPae-whānui http anga ki https .

Kaua e whakaurua nga ture whakatika https [L] Ki raro i nga ture, tuu [L] kei runga ake i nga ture ▼

Pānuitanga roa:

• He aha te rereketanga i waenga i te http me te https? He whakamaramatanga mo te tukanga whakamunatanga SSL
• Me aha ahau ki te whiwhi ahau i te hapa 500 i muri i te whakauru i te Tiwhikete Whakamuna SSL i roto i te paewhiri mana CWP?
• Peke aunoa ki te ingoa rohe taumata tuarua kaore he www te ingoa rohe taumata-runga: ka anga te ingoa rohe pakiaka 301 www