Tusitusiga Tusitusiga
Foia i le taimi mulimuliTalosaga e fa'apipi'i Let's Encrypt ua le manuia ma maua ai le Fa'amatalaga Sese: AutoSSL Issue Le manuiaA maeʻa le faʻafitauli DNS, o lenei tusi faamaonia SSL saoloto e iai ni faʻafitauli e manaʻomia ona foia.
CWP Pulea VaegaE foliga mai ua setiina le Let's Encrypt e otometi ona toe faafou le tusipasi ae le'i muta.SeoNa matua pa'ū le ta'avale, ae laki na mafai ona toe fa'aleleia ina ua fo'ia.
O le a le Let's Encrypt?
Let's Encrypt o se Pulega Tusi Faamaonia e leai se totogi, otometi ma tatala (CA) e tu'uina mai e le Vaega Su'esu'e Saogalemu Initaneti (ISRG).
Fa'afaigofie, HTTPS (SSL/TLS) e mafai ona fa'agaoioia mo la tatou 'upega tafa'ilagi mo le leai o se totogi ma le fesoasoani a se tusi faamaonia na tu'uina mai e Let's Encrypt.
O le tu'uina atu/fa'afouina o tusipasi fua a Let's Encrypt o lo'o fa'autometi fa'amaumauga. E fautuaina aloa'ia e Let's Encrypt le fa'aogaina o le tagata o tausia o le Certbot e tu'uina atu tusi pasi.
Ole a'oa'oga lea ile auala e talosaga ai mo se tusipasi SSL e leai se totogi mai le Let's Encrypt▼
O le a le tusipasi Let's Encrypt wildcard?
A'o le'i o'o mai tusi pasi, Let's Encrypt na'o le 2 ituaiga tusi pasi na lagolagoina:
- Tusitala igoa ole igoa tasi: O le tusipasi e na'o le tasi le talimalo.
- Tusipasi SAN: E taʻua foi o le igoa ole igoa ole tusi, o se tusi faamaonia e mafai ona aofia ai le tele o au (Let's Encrypt limit e 20).
Mo tagata taʻitoʻatasi, talu ai e le tele naua 'au, e leai se faʻafitauli i le faʻaaogaina o tusi faamaonia SAN, ae mo kamupani tetele, o loʻo i ai ni faʻafitauli:
- E tele subdomains, ma atonu e te manaʻomia le faʻaogaina o se talimalo fou pe a mavae sina taimi.
- E tele fo'i nofoaga resitalaina.
Mo atinaʻe tetele, e le mafai e tusi faamaonia a le SAN ona fetaui ma manaʻoga, ma o loʻo aofia uma 'au i totonu o le tusi faamaonia e tasi, e le mafai ona faʻafeiloaʻi e ala i le faʻaaogaina o tusi faamaonia Let's Encrypt (limita 20).
O le pepa fa'amaonia o lona uiga e mafai ona i ai i le tusi fa'amaonia se kata fa'amalama:
- Mo se fa'ata'ita'iga, *.example.com, *.example.cn,Fa'aoga * e otometi ona fa'afetaui igoa uma subdomain;
- E mafai fo'i e pisinisi tetele ona fa'aoga tusi fa'amaonia, ma e tasi le tusi fa'amaonia SSL e mafai ona fa'afeiloa'i nisi 'au.
Le eseesega i le va o tusi faamaonia wildcard ma tusi faamaonia SAN
- Wildcard tusipasi - Wildcard tusipasi e masani ona faʻaogaina e puipuia ai le tele o subdomains i lalo o se igoa tulaga faʻapitoa atoatoa. O le aoga o lenei ituaiga tusi faamaonia e le gata ina faafaigofie ai le puleaina o tusi faamaonia, ae e fesoasoani foi ia te oe e faaitiitia tau pulega. E puipuia au subdomains i le taimi nei ma le lumanaʻi i taimi uma.
- Tusi Faamaonia SAN - O se tusi faamaonia SAN (faʻapitoa foi o le multi-domain certificate) e faʻaaogaina e puipuia ai le tele o igoa ole igoa ile tasi tusi faamaonia. O le ese'esega i le va o latou ma pepa fa'ailoga e latou te lagolagoina uma tusi pasi i lalo ole igoa ole igoa.faʻatapulaʻainaigoa subdomain. Na'o le lagolago a le SAN igoa fa'aigoaina atoatoa na tu'uina i totonu o le tusi pasi. O tusi pasi a le SAN e mataʻina aua o le faʻaaogaina, e mafai ona e puipuia le sili atu i le 100 igoa faʻapitoa faʻapitoa faʻamaonia ma se tusi faamaonia e tasi; ae ui i lea, o le numera o puipuiga e faʻalagolago i le tuʻuina atu o tusi faamaonia.
faʻafefea ona apalaiTatou FaanatinatiPepa fa'amaonia?
Ina ia mafai ona fa'atinoina pepa fa'amaonia, Let's Encrypt ua fa'aleleia le fa'atinoga o le ACME protocol. Na'o le v2 protocol e mafai ona lagolagoina tusi wildcard.
I se isi faaupuga, e mafai e soʻo se tagata o tausia ona talosaga mo se pepa faʻamaonia pe afai e lagolagoina le ACME v2 version.
La'u mai le Certbot-Auto
wget https://dl.eff.org/certbot-auto chmod a+x certbot-auto ./certbot-auto --version
Se'i o tatou Encrypt wildcard certificate script
git clone https://github.com/ywdblog/certbot-letencrypt-wildcardcertificates-alydns-au cd certbot-letencrypt-wildcardcertificates-alydns-au chmod 0777 au.sh
Let's Encrypt wildcard tusipasi fa'amutaina fa'atulagaina fa'afouina fa'amatalaga
O le tusitusiga iinei o se 'auʻaunaga tuʻufaʻatasia ma faʻapipiʻiina e le nginx pe faʻapipiʻi e ala i Docker. E otometi lava ona tua i luga le tusi faamaonia SSL ma toe faʻafouina le Nginx sui server e ala i le host agent poʻo le load balancing host agent https.
- Manatua: O le tusitusiga sa'o na fa'aaogaina o lo'o tumau
./certbot-auto renew
#!/usr/bin/env bash cmd="$HOME/certbot-auto" restartNginxCmd="docker restart ghost_nginx_1" action="renew" auth="$HOME/certbot/au.sh php aly add" cleanup="$HOME/certbot/au.sh php aly clean" deploy="cp -r /etc/letsencrypt/ /home/pi/dnmp/services/nginx/ssl/ && $restartNginxCmd" $cmd $action \ --manual \ --preferred-challenges dns \ --deploy-hook \ "$deploy"\ --manual-auth-hook \ "$auth" \ --manual-cleanup-hook \ "$cleanup"
Auai crontab, teuteu faila▼
/etc/crontab
#证书有效期<30天才会renew,所以crontab可以配置为1天或1周 0 0 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && /home/pi/crontab.sh
Toe fausia le fa'atulagaina o le server CWP
O laasaga nei mo le CWP e toe fausia ai le server nginx/apache:
Laasaga 1: I le itu agavale o le CWP Control Panel, kiliki WebServer Settings → Select WebServers ▼
Laasaga 2:Filifili au Nginx & Varnish & Apache ▼
Laasaga 3:Kiliki le "Save & Rebuild Configuration" button i le pito i lalo e teu ma toe fausia le faʻatulagaga.
- Toe fa'afou le upega tafa'ilagi ma o le a e va'ai ua fa'afou le aso e muta ai le tusipasi SSL.
Faitau atili:
Hope Chen Weiliang Blog ( https://www.chenweiliang.com/ ) faasoa "Let's Encrypt e le otometi ona faafou?" Fa'afou le Wildcard Certificate Renewal Script" atonu e fesoasoani ia te oe.
Fa'afeiloa'i e fa'asoa le so'otaga o lenei tusitusiga:https://www.chenweiliang.com/cwl-1199.html
Faʻafeiloaʻi i le Telegram channel o le blog a Chen Weiliang e maua ai faʻamatalaga lata mai!
📚 O lenei taʻiala o loʻo i ai le taua tele, 🌟O se avanoa e seasea maua, aua le misia! ⏰⌛💨
Faasoa ma fiafia pe a e fiafia i ai!
O lau fefa'asoaa'i ma le fiafia o la matou fa'aosofiaga faifaipea!