Aynu si toos ah u cusboonaysiinno si toos ah?Cusbooneysii qoraalka dib u cusboonaysiinta kaararka duurjoogta ah

xaliyay markii ugu dambeysayKu guuldarraystay inuu codsado rakibaadda Aynu sirinno Fariinta Khaladka: Arrinta AutoSSL waa ku guul daraystayDhibaatada DNS ka dib, shahaadada SSL ee bilaashka ah waxay leedahay dhibaatooyin lagu xalliyo.

CWP Control PanelWaxay u muuqataa in shahaadada aynu sir qaadno la dejiyay si ay si toos ah u cusboonaysiiso oo dib loogu cusboonaysiiyo shahaadada ka hor inta aanay dhicin, si lama filaan ah, shalay, aynu si toos ah u cusboonaysiinSEOGaadiidka ayaa aad hoos ugu dhacay, laakiin nasiib wanaag waa la soo kaban karaa ka dib marka xalka la hagaajiyo.

Waa maxay Aynu Sirinno?

Aynu Encryption waa bilaash, otomaatig ah oo furan Hay'adda Shahaadada (CA) oo ay bixiso Kooxda Cilmi-baarista Amniga Internetka ee aan macaash doonka ahayn (ISRG).

Si fudud loo dhigo, HTTPS (SSL/TLS) waxaa loogu sahli karaa shabakadeena lacag la'aan iyadoo la kaashanayo shahaado ay bixisay Aynu Sirinno.

Soo saarista/cusboonaysiinta Aynu Sirinno shahaadooyinka bilaashka ah waxa si toos ah u sameeya qoraallo. Aynu si rasmi ah u dhigno waxa ay ku talinaysaa in la isticmaalo macmiilka Certbot si loo bixiyo shahaadooyin.

Kuwa soo socdaa waa casharro ku saabsan sida loo codsado Aan Encryption shahaado SSL bilaash ah▼

Sida loo codsado Aynu Sirino

Sidee loo codsadaa Aynu Encryption?Aynu sirno Mabda'a Shahaadada SSL & Tababarka Rakibaadda Waa maxay SSL?Maqaalkii hore ee Chen Weiliang "Waa maxay farqiga u dhexeeya http vs https? Waxaa lagu sheegay "Sharaxaadda Faahfaahinta ee Nidaamka Sireeynta SSL".Marka laga reebo shabakadaha e-commerce waa inay iibsadaan qiimo jaban...

Waa maxay Aan sirino shahaado kaarka duurjoogta ah?

Kahor intaanay soo bixin shahaadooyinka duurjoogta ah, Aynu sir qaadno kaliya 2 shahaado:

1. Shahaadada Domain Single: Shahaadada waxay ka kooban tahay hal martigeliyaha kaliya.
2. Shahaadada SAN: Sidoo kale loo yaqaan shahaadada magaca domain, shahaado waxaa ku jiri kara martigeliyayaal badan (Aan Encrypt limit is 20).

Isticmaalayaasha gaarka ah, maadaama aysan jirin marti-geliyayaal aad u badan, gabi ahaanba wax dhib ah ma leh isticmaalka shahaadooyinka SAN, laakiin shirkadaha waaweyn waxaa jira dhibaatooyin qaar:

1. Waxaa jira subdomains badan, waxaana laga yaabaa inay lagama maarmaan noqoto in la isticmaalo martigeliyaha cusub waqti ka dib.
2. Waxa kale oo jira goobo badan oo diiwaan gashan.

Shirkadaha waaweyn, shahaadooyinka SAN lagama yaabo inay daboolaan baahiyaha, dhammaan martigeliyayaashana waxay ku jiraan hal shahaado, taas oo aan ku qanci karin shahaadooyinka Aynu Sirinno (xadka 20).

Shahaadooyinka Wildcard waa shahaado ka koobnaan kara kaarka duurjoogta ah:

• Tusaale ahaan *.example.com, *.example.cn,Isticmaal * si toos ah ugu dhigma dhammaan subdomains;
• Shirkadaha waaweyni waxay sidoo kale isticmaali karaan shahaadooyinka duurjoogta ah, iyo hal shahaado SSL waxay dhigi kartaa martigeliyayaal badan.

Farqiga u dhexeeya shahaado caddaynta iyo shahaadada SAN

1. Shahaadooyinka Kaarka Duurjoogta - Shahaadooyinka kaarka duurjoogta ayaa si weyn loo isticmaalaa si loo ilaaliyo dhowr-hoosaadyo hoos yimaada magac domain oo dhamaystiran oo u qalma.Faa'iidada shahaado noocan oo kale ah maaha oo kaliya inay fududayso maareynta shahaadooyinka, laakiin waxay sidoo kale kaa caawineysaa inaad dhimato kharashyadaada sare.Waxay ilaalisaa domain-hoosaadyadaada hadda iyo kuwa mustaqbalka mar walba.
2. Shahaadooyinka SAN - Shahaadooyinka SAN (sidoo kale loo yaqaan shahaadooyinka domain-ka badan) ayaa loo isticmaalaa si loo sugo goobo badan oo leh hal shahaado.Waxay kaga duwan yihiin shahaadooyinka duurjoogta ah in ay taageeraan dhammaanaan xad lahaynsubdomains. SAN kaliya waxay taageertaa magaca domainka ee si buuxda u qalma ee lagu soo geliyey shahaadada. Shahaadooyinka SAN waa kuwo cajiib ah sababtoo ah isticmaalkooda waxaad ku ilaalin kartaa in ka badan 100 magac domain oo si buuxda u leh hal shahaado; si kastaba ha ahaatee, qadarka ilaalintu waxay kuxirantahay soo saarida maamulka shahaadada.

sida loo codsadoAan isku daynoShahaadooyinka kaarka duurjoogta ah?

Si loo hirgeliyo shahaadooyinka duurjoogta ah, Aynu Encrypt cusboonaysiiyay hirgelinta borotokoolka ACME, oo kaliya v2 borotokoolka ayaa taageeri kara shahaadooyinka duurjoogta ah.

Taasi waa in la yiraahdo, macmiil kastaa wuxuu codsan karaa shahaadada duurjoogta ah ilaa iyo inta ay taageerto ACME v2.

Soo deji Certbot-Auto

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
./certbot-auto --version

Aynu sirno Qoraalka Shahaadada Kaarka Duurjoogta

git clone https://github.com/ywdblog/certbot-letencrypt-wildcardcertificates-alydns-au
cd certbot-letencrypt-wildcardcertificates-alydns-au
chmod 0777 au.sh

Aynu sirno qoraalka cusboonaysiinta wakhtiga uu dhacayo kaadhka duurjoogta ah

Qoraalka halkan waa adeege la soo ururiyey oo lagu rakibay nginx ama lagu rakibay Docker, wakiil https iyada oo loo marayo wakiilka martida loo yahay ama culeyska culeyska martigeliyaha, si toos ah u dib u celiya shahaadada SSL, oo ​​dib u bilaw server-ka wakiil Nginx.

• Fiiro gaar ah: Qoraalku dhab ahaantii wuxuu isticmaalaa ./certbot-auto renew

#!/usr/bin/env bash

cmd="$HOME/certbot-auto" 
restartNginxCmd="docker restart ghost_nginx_1"
action="renew"
auth="$HOME/certbot/au.sh php aly add"
cleanup="$HOME/certbot/au.sh php aly clean"
deploy="cp -r /etc/letsencrypt/ /home/pi/dnmp/services/nginx/ssl/ && $restartNginxCmd"

$cmd $action \
--manual \
--preferred-challenges dns \
--deploy-hook \
"$deploy"\
--manual-auth-hook \
"$auth" \
--manual-cleanup-hook \
"$cleanup"

Ku biir crontab, wax ka beddel faylka▼

/etc/crontab

#证书有效期<30天才会renew，所以crontab可以配置为1天或1周
0 0 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && /home/pi/crontab.sh

Dib u dhiska qaabeynta serverka CWP

Waa kuwan tillaabooyinka CWP si ay dib ugu dhisto nginx/server Apache:

Tallaabada 1: Dhinaca bidix ee Guddiga Xakamaynta CWP, dhagsii Goobaha WebServer → Dooro WebServers ▼

Tallaabada 2:选择 Nginx & Varnish & Apache ▼

Tallaabada 3:Guji badhanka "Save & Rebuild Configuration" ee hoose si aad u kaydiso oo dib ugu dhisto qaabaynta.

• Dib u cusboonaysii website-ka oo waxaad arki doontaa in taariikhda uu dhacayo shahaadada SSL la cusboonaysiiyay.

Akhrinta dheeraadka ah:

Linux Crontab waxay fulisaa amarada hawsha qoraalka si joogto ah waxayna dejisaa isticmaalka faylka qaabeynta

Nidaamka cron-ku-dhismay ee Linux wuxuu naga caawin karaa inaan daboolno baahiyaha fulinta hawlaha la qorsheeyay.Adiga oo isticmaalaya qoraallada cron iyo qolofka, dhib kuma jirto in si joogto ah loo fuliyo amarada hawsha aad u adag.Waa maxay Cron?Waxa aan inta badan isticmaalno waa amarka crontab, kaas oo ah cron ta...