Kodi Let's Encrypt imangopanganso zokha?Sinthani script yokonzanso satifiketi ya wildcard

zathetsedwa nthawi yathaYalephera kuyikapo kuti muyike Uthenga Wolakwika wa Let Encrypt: Nkhani ya AutoSSL YalepheraPambuyo pavuto la DNS, satifiketi yaulere ya SSL iyi ili ndi mavuto ena oti athetse.

CWP Control PanelPoyamba, zimawoneka kuti satifiketi ya Let Encrypt idangokonzedwanso isanathe.SEOMagalimoto adatsika kwambiri, koma mwamwayi amatha kubwezeretsedwanso yankho likatha.

Kodi Let's Encrypt ndi chiyani?

Let's Encrypt ndi Sitifiketi Yaulere, yodzipangira yokha komanso yotseguka (CA) yoperekedwa ndi osachita phindu Internet Security Research Group (ISRG).

Mwachidule, HTTPS (SSL/TLS) itha kutsegulidwa patsamba lathu kwaulere mothandizidwa ndi satifiketi yoperekedwa ndi Let Encrypt.

Kutulutsa/kukonzanso ma satifiketi aulere a Let's Encrypt kumapangidwa ndi zolemba zokha.

Zotsatirazi ndi phunziro la momwe mungalembetsere satifiketi ya Let's Encrypt yaulere ya SSL▼

Momwe mungalembetsere Let's Encrypt? Tiyeni Tilembetse Mfundo Yaulere ya SSL & Maphunziro Oyikira

Kodi mungalembe bwanji Let Encrypt?Tiyeni Tilembetse Mfundo Yachiphaso cha SSL & Maphunziro Oyikirako Kodi SSL ndi chiyani?Nkhani yapitayi ya Chen Weiliang "Kodi pali kusiyana kotani pakati pa http vs https? Zimatchulidwa mu "Kufotokozera Mwatsatanetsatane kwa SSL Encryption Process".Pokhapokha mawebusayiti a ecommerce akuyenera kugula premium...

Kodi satifiketi ya Let Encrypt wildcard ndi chiyani?

Zisatifiketi za wildcard zisanawonekere, Tiyeni Tilembetsere satifiketi 2 zokha:

1. Single Domain Certificate: Sitifiketi ili ndi wolandira m'modzi yekha.
2. Satifiketi ya SAN: Imadziwikanso kuti satifiketi ya dzina la domain, satifiketi imatha kuphatikiza makamu angapo (Let's Encrypt malire ndi 20).

Kwa ogwiritsa ntchito payekhapayekha, popeza kulibe makamu ochulukirapo, palibe vuto kugwiritsa ntchito satifiketi za SAN, koma kwamakampani akulu pali zovuta zina:

1. Pali ma subdomain ambiri, ndipo pangakhale kofunikira kugwiritsa ntchito wolandila watsopano pakapita nthawi.
2. Palinso madambwe ambiri olembetsedwa.

Kwa mabizinesi akuluakulu, satifiketi za SAN sizingakwaniritse zosowa, ndipo onse omwe amakhala nawo ali mu satifiketi imodzi, yomwe singakhutitsidwe pogwiritsa ntchito satifiketi ya Let Encrypt (malire 20).

Satifiketi zaku Wildcard ndi satifiketi zomwe zimatha kukhala ndi wildcard:

• Mwachitsanzo *.example.com, *.example.cn,Gwiritsani ntchito * kuti mufanane ndi ma subdomain onse;
• Mabizinesi akulu amathanso kugwiritsa ntchito satifiketi zakutchire, ndipo satifiketi imodzi ya SSL imatha kuyika olandila ambiri.

Kusiyana pakati pa satifiketi yaku wildcard ndi satifiketi ya SAN

1. Zilembo za Wildcard - Satifiketi zaku Wildcard zimagwiritsidwa ntchito kwambiri kuteteza ma subdomain angapo pansi pa dzina lapadera lodziwika bwino.Phindu la satifiketi yamtunduwu ndikuti sikuti limangopangitsa kuwongolera satifiketi kukhala kosavuta, komanso kumakuthandizani kuti muchepetse ndalama zanu.Imateteza ma subdomain anu apano ndi amtsogolo nthawi zonse.
2. Satifiketi ya SAN - Satifiketi ya SAN (yomwe imadziwikanso kuti masitifiketi amitundu yambiri) imagwiritsidwa ntchito kuteteza madambwe angapo ndi satifiketi imodzi.Amasiyana ndi satifiketi zakutchire chifukwa amathandizira onsezopanda maliresubdomains. SAN imangogwirizira dzina la domain loyenerera lomwe lalowetsedwa mu satifiketi. Satifiketi za SAN ndizochititsa chidwi chifukwa mukazigwiritsa ntchito mutha kuteteza mayina opitilira 100 oyenerera ndi satifiketi imodzi; komabe, kuchuluka kwachitetezo kumadalira omwe amapereka satifiketi.

momwe mungagwiritsire ntchitoTiyeni TilembetseZitifiketi zakutchire?

Kuti tigwiritse ntchito satifiketi zakutchire, Let's Encrypt yakweza kukhazikitsidwa kwa protocol ya ACME, ndipo protocol ya v2 yokha ndi yomwe ingathandizire satifiketi zakutchire.

Ndiye kuti, kasitomala aliyense atha kulembetsa satifiketi yakutchire bola imathandizira ACME v2.

Tsitsani Certbot-Auto

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
./certbot-auto --version

Tiyeni Tilembetse Setifiketi ya Wildcard

git clone https://github.com/ywdblog/certbot-letencrypt-wildcardcertificates-alydns-au
cd certbot-letencrypt-wildcardcertificates-alydns-au
chmod 0777 au.sh

Tiyeni Tibisire script yokonzanso nthawi yomaliza ya satifiketi yaku wildcard

Zolemba apa ndi seva yopangidwa ndikuyikidwa ndi nginx kapena yoyikidwa kudzera pa Docker, proxy https kudzera pa proxy host or load balancing host, ingosungani chiphaso cha SSL, ndikuyambitsanso seva ya proxy ya Nginx.

• Zindikirani: Script imagwiritsa ntchito ./certbot-auto renew

#!/usr/bin/env bash

cmd="$HOME/certbot-auto" 
restartNginxCmd="docker restart ghost_nginx_1"
action="renew"
auth="$HOME/certbot/au.sh php aly add"
cleanup="$HOME/certbot/au.sh php aly clean"
deploy="cp -r /etc/letsencrypt/ /home/pi/dnmp/services/nginx/ssl/ && $restartNginxCmd"

$cmd $action \
--manual \
--preferred-challenges dns \
--deploy-hook \
"$deploy"\
--manual-auth-hook \
"$auth" \
--manual-cleanup-hook \
"$cleanup"

Lowani crontab, sinthani fayilo▼

/etc/crontab

#证书有效期<30天才会renew，所以crontab可以配置为1天或1周
0 0 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && /home/pi/crontab.sh

Kukonzanso kwa seva ya CWP

Nawa masitepe a CWP kuti amangenso seva ya nginx/apache:

Gawo 1: Kumanzere kwa CWP Control Panel, dinani Zikhazikiko za WebServer → Sankhani WebServers ▼

Khwerero 2:选择 Nginx & Varnish & Apache ▼

Khwerero 3:Dinani batani la "Save & Build Configuration" pansi kuti musunge ndikumanganso kasinthidwe.

• Tsitsani tsambalo ndipo muwona kuti tsiku lotha ntchito ya satifiketi ya SSL lasinthidwa.

Kuwerenga kowonjezera:

Linux Crontab imapanga script task command nthawi zonse ndikuyika kugwiritsa ntchito mafayilo

Njira ya cron yopangidwa ndi Linux ingatithandize kukwaniritsa zofunikira pochita ntchito zomwe zakonzedwa.Pogwiritsa ntchito zolemba za cron ndi zipolopolo, palibe vuto popanga nthawi zonse malamulo ovuta kwambiri.Cron ndi chiyani?Zomwe timagwiritsa ntchito nthawi zambiri ndi lamulo la crontab, lomwe ndi cron ta ...