Ko Let's Encrypt inovandudza otomatiki?Gadzirisa wildcard chitupa chekuvandudza script

yakagadziriswa nguva yekupedzisiraYatadza kunyorera kuisa Let's Encrypt Error Message: AutoSSL Issue YakundikanaMushure medambudziko reDNS, ichi chemahara SSL chitupa chine mamwe matambudziko ekugadzirisa.

CWP Control PanelPakutanga, zvaiita sekuti chitupa cheLet Encrypt chakangovandudzwa chisati chapera.Zvisinei, nezuro, Let's Encrypt haina kuzongoerekana yavandudza chitupa.SEOIyo traffic yakadonha zvakanyanya, asi rombo rakanaka inogona kudzoserwa mushure mekunge mhinduro yagadziriswa.

Chii chinonzi Let's Encrypt?

Let's Encrypt ndeye yemahara, otomatiki uye yakavhurika Sitifiketi Chiremera (CA) chakapihwa neasina purofiti Internet Security Research Group (ISRG).

Zvichitaurwa zviri nyore, HTTPS (SSL/TLS) inogona kugoneswa kune webhusaiti yedu mahara nerubatsiro rwechitupa chakapihwa Let's Encrypt.

Kuburitswa/kuvandudzwa kwe Let's Encrypt zvitupa zvemahara kunongoitwa nemagwaro. Let's Encrypt inokurudzira zviri pamutemo kushandisa mutengi weCertbot kuburitsa zvitupa.

Chinotevera chidzidzo chekuti unganyorera sei Let's Encrypt yemahara SSL chitupa▼

Maitiro ekunyorera kuti Let's Encrypt? Ngatinyorei SSL Yemahara Sitifiketi Musimboti & Kuisa Tutorial

Nzira yekushandisa sei Let's Encrypt?Ngativei Chete SSL Chitupa Nheyo & Kuisa Tutorial Chii chinonzi SSL?Chen Weiliang's yapfuura chinyorwa "Ndeupi musiyano uripo pakati pe http vs https? Inotaurwa mu "Detailed Tsananguro yeSSL Encryption process".Kunze kwekunge ecommerce saiti dzinofanirwa kutenga premium ...

Chii chinonzi Let's Encrypt wildcard certificate?

Pamberi pezvitupa zvemusango zvisati zvaoneka, Ngatisvererei anotsigira zvitupa zviviri chete:

1. Single Domain Certificate: Chitupa chine muenzi mumwe chete.
2. SAN chitupa: Iyo inozivikanwawo sezita rezita rezita, chitupa chinogona kusanganisira akawanda mauto (Ngatiti Encrypt muganho ndeye 20).

Kune vashandisi vega, sezvo pasina mauto akawandisa, hapana zvachose dambudziko nekushandisa SAN zvitupa, asi kumakambani makuru kune mamwe matambudziko:

1. Kune akawanda ma subdomain, uye zvingave zvakafanira kushandisa muenzi mutsva nekufamba kwenguva.
2. Kune zvakare akawanda akanyoreswa domains.

Kune mabhizinesi makuru, zvitupa zveSAN zvinogona kusasangana nezvinodiwa, uye ese anotambira ari muchitupa chimwe, chisingagutsikane nekushandisa Let's Encrypt zvitupa (muganhu 20).

Wildcard zvitupa zvitupa zvinogona kunge zvine wildcard:

• Semuenzaniso *.example.com, *.example.cn,Shandisa * kuenzanisa otomatiki ese subdomain;
• Mabhizinesi makuru anogona zvakare kushandisa zvitupa zvemusango, uye chitupa chimwe cheSSL chinogona kuisa mamwe mauto.

Musiyano pakati pewildcard chitupa uye SAN chitupa

1. Zvitupa zveWildcard - Zvitupa zveWildcard zvinoshandiswa zvakanyanya kuchengetedza akawanda subdomain pasi pezita rakasarudzika rakakwana rakazara rezita.Rubatsiro rwerudzi urwu rwechitupa nderekuti hachiite chete kuti manejimendi ekutonga kuve nyore, asi zvakare inokubatsira iwe kuderedza mari yako yepamusoro.Iyo inodzivirira yako yazvino uye yeramangwana subdomain nguva dzese.
2. SAN zvitupa - SAN zvitupa (zvinozivikanwawo semulti-domain zvitupa) zvinoshandiswa kuchengetedza akawanda madomasi nechitupa chimwe chete.Ivo vanosiyana nezvitupa wildcard mukuti vanotsigira veserisingagumisubdomains. SAN inongo tsigira iro rakazara rakakwana zita rezita rakaiswa muchitupa. Zvitupa zveSAN zvinokatyamadza nekuti uchizvishandisa unogona kuchengetedza anopfuura zana akasiyana anonyatsokodzera mazita emadomasi aine chitupa chimwe chete; zvisinei, huwandu hwedziviriro hunoenderana nekupa chiremera chechitupa.

maitiro ekushandisaRegai TinyoraWildcard zvitupa?

Kuti tiite zvitupa zvemusango, Let's Encrypt yakakwidziridza kuitwa kweiyo ACME protocol, uye chete v2 protocol inogona kutsigira wildcard zvitupa.

Kureva kuti, chero mutengi anogona kunyorera chitupa chemusango chero chichitsigira ACME v2.

Dhawunirodha Certbot-Auto

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
./certbot-auto --version

Ngatinyorei Wildcard Chitupa Script

git clone https://github.com/ywdblog/certbot-letencrypt-wildcardcertificates-alydns-au
cd certbot-letencrypt-wildcardcertificates-alydns-au
chmod 0777 au.sh

Ngatinyorei Wildcard chitupa kupera nguva yekuvandudza script

Iyo script pano iseva yakaunganidzwa uye yakaiswa ne nginx kana kuisirwa kuburikidza neDocker, proxy https kuburikidza neanotambira proxy kana load balancing host, otomatiki tsigira SSL chitupa, uye tangazve Nginx proxy server.

• Ongorora: Iyo script inonyanya kushandisa iyo ./certbot-auto renew

#!/usr/bin/env bash

cmd="$HOME/certbot-auto" 
restartNginxCmd="docker restart ghost_nginx_1"
action="renew"
auth="$HOME/certbot/au.sh php aly add"
cleanup="$HOME/certbot/au.sh php aly clean"
deploy="cp -r /etc/letsencrypt/ /home/pi/dnmp/services/nginx/ssl/ && $restartNginxCmd"

$cmd $action \
--manual \
--preferred-challenges dns \
--deploy-hook \
"$deploy"\
--manual-auth-hook \
"$auth" \
--manual-cleanup-hook \
"$cleanup"

Join crontab, gadzirisa faira▼

/etc/crontab

#证书有效期<30天才会renew，所以crontab可以配置为1天或1周
0 0 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && /home/pi/crontab.sh

CWP server kumisikidza kuvakazve

Heano matanho eCWP ekuvakazve nginx/apache server:

Step 1: Kuruboshwe rweCWP Control Panel, tinya WebServer Settings → Sarudza WebServers ▼

Chikamu 2 步:sarudza Nginx & Varnish & Apache ▼

Chikamu 3 步:Dzvanya bhatani re "Chengetedza & Vakazve Configuration" pazasi kuti uchengetedze uye uvakezve gadziriso.

• Nyoresa webhusaiti uye uchaona kuti zuva rekupera kwechitupa cheSSL rakagadziridzwa.

Yakawedzerwa kuverenga:

Linux Crontab inoita script basa mirairo nguva dzose & inoseta faira rekushandisa kushandiswa

Linux's built-in cron process inogona kutibatsira kuzadzisa zvinodiwa pakuita mabasa akarongwa.Nekushandisa cron and shell scripts, hapana dambudziko mukugara tichiita mirairo yebasa yakaoma kwazvo.Chii chinonzi Cron?Zvatinowanzo shandisa ndeye crontab command, inova cron ta...