Uhla lwemibhalo ye-athikili
Ungasifaka kanjani isitifiketi samahhala se-Letsencrypt SSL SSL segama lomethuleli we-CWP7?
- lokhu Iphaneli yokulawula ye-CWP Igayidi ye-AutoSSL yokufaka ngokuzenzakalelayo izitifiketi zamahhala ze-Letsencrypt SSL.
Uma umlayezo wephutha we-CWP7 SSL "cwpsrv.service failed.", sicela upheqa isixazululo sesifundo esilandelayo▼
Ungalishintsha kanjani igama lomethuleli ku-CWP?
Ake sithi igama lomethuleli wakho server.yourdomain.com
- Okokuqala, dala isizinda esingaphansi kwe-CWP:
server.yourdomain.com
- Engeza irekhodi elingu-A ku-DNS, isizinda esingaphansi sikhomba kwakhoLinuxIkheli le-IP yeseva.
- Iya kokuthi → Izilungiselelo ze-CWP → Shintsha Igama Lomethuleli kumenyu engakwesokunxele ye-cwp.admin ukuze ulondoloze igama lakho lomethuleli.
- I-SSL izofakwa ngokuzenzakalelayo, umbandela kuphela ukuthi usethe irekhodi le-DNS A legama lomethuleli.
- Uma ungenalo irekhodi elingu-A legama lomethuleli, i-CWP izofaka isitifiketi esizisayinele yona.
- Qaphela ukuthi igama lomethuleli kufanele libe isizinda esingaphansi kwesinye hhayi isizinda esikhulu.
Ku-http:// kuya ku-https:// ukuqondisa kabusha, ungakwazi/usr/local/apache/htdocs/.htaccess
Dala leli fayela le-htaccess:
RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
I-Let Encrypt inegunya lesitifiketi elethulwa ngo-April 2016, 4, ngenhloso yokususa ukudalwa kwamanje mathupha, ukuqinisekiswa, ukusayinda, ukufakwa nokubuyekezwa kwezitifiketi zamawebhusayithi avikelekile.
Igama lomethuleli/FQDN Faka Isitifiketi se-Letsencrypt SSL
- I-FQDN (
fully qualified domain name
) Igama lesizinda elifaneleke ngokugcwele, okuyigama lesizinda eliphelele lekhompyutha ethile noma umsingathi ku-inthanethi.
Usifaka kanjani isicelo se-Let Encrypt?
Kunemojula entsha efakwe ku-CWP7 Imenyu Engakwesokunxele → Izilungiselelo Zeseva Yewebhu → Izitifiketi Ze-SSL, ukusuka lapho ungafaka izitifiketi ze-Letsencrypt zanoma yisiphi isizinda/isizinda esincane usebenzisa i-AutoSSL.
(Uma ukhetha Yakha Masibhale Ngemfihlo ngesikhathi esifanayo lapho wengeza igama lesizinda noma igama lesizinda esingaphansi kwesinye, ungeqa izinyathelo ezingenhla)
Izici zesitifiketi se-Letsencrypt SSL
- I-Letsencrypt yesizinda se-akhawunti eyinhloko kanye ne-www alias
- I-Letsencrypt yengeza igama lesizinda kanye ne-www. alias
- I-Letsencrypt yezizinda ezingaphansi kanye ne-www.alias
- I-Letsencrypt nayo ingafaka ngokwezifiso
- Hlola usuku lokuphelelwa yisikhathi kwesitifiketi
- vuselela ngokuzenzakalelayo
- Phoqa inkinobho yokuvuselela
- Ukutholwa okuzenzakalelayo kwe-Apache port 443
Ukuvuselela okuzenzakalelayo kwezitifiketi ze-Letsencrypt SSL
Ngokuzenzakalelayo, izitifiketi ze-Letsencrypt zisebenza izinsuku ezingama-90.
Ukuvuselela kuyazenzakalela futhi izitifiketi zivuselelwa ezinsukwini ezingama-30 ngaphambi kokuphelelwa yisikhathi.
Kunemojula entsha efakwe ku-CWP7 Imenyu Engakwesokunxele → Izilungiselelo Zeseva Yewebhu → Izitifiketi Ze-SSL, ukusuka lapho ungafaka izitifiketi ze-Letsencrypt zanoma yisiphi isizinda/isizinda esincane usebenzisa i-AutoSSL.
Hlela ifayela lokumisa ukuze umiselele indlela yesitifiketi se-SSL
Okulandelayo, udinga ukuhlela ifayela lokucushwa bese wengeza indlela eya kusitifiketi se-SSL (inothi ukuze ususe amazwana, futhi ushintshe indlela eya eyakho).
Hlela ifayela lokumisa le-cwpsrv ▼
/usr/local/cwpsrv/conf/cwpsrv.conf
Engeza kuBheka ukuqaphaImbobo ye-SSL ▼
listen 2812 ssl;
Kukhona nesigaba esilandelayo ▼
ssl_certificate /etc/pki/tls/certs/hostname.crt; ssl_certificate_key /etc/pki/tls/private/hostname.key;
Faka esikhundleni ngale ndlela elandelayo ▼
ssl_certificate /etc/pki/tls/certs/server.yourdomain.com.bundle; ssl_certificate_key /etc/pki/tls/private/server.yourdomain.com.key;
Uma usuqedile, ungakhohlwa ukuqala kabusha insiza ye-cwpsrv ngomyalo olandelayo ▼
service cwpsrv restart
Bese uya kokuthi Izilungiselelo ZeWebserver → Isihleli Se-WebServers Conf → Apache → /usr/local/apache/conf.d/
Hlela iphrofayela ▼
hostname-ssl.conf
Faka isigaba esilandelayo ▼
ssl_certificate /etc/pki/tls/certs/hostname.crt; ssl_certificate_key /etc/pki/tls/private/hostname.key;
Faka esikhundleni ngale ndlela elandelayo ▼
ssl_certificate /etc/pki/tls/certs/server.yourdomain.com.bundle; ssl_certificate_key /etc/pki/tls/private/server.yourdomain.com.key;
- Uma usebenzisa i-Nginx, udinga ukwenza okufanayo.
Bese uqala kabusha isevisi ye-Apache (ne-Nginx) futhi uqiniseke ukuthi isebenza njengenjwayelo?
systemctl restart httpd systemctl restart nginx
Ekugcineni, vuselela isixhumanisi sokungena ukuze ubuke i-port 2087https:// server.yourdomain. com:2087/login/index.php
Ingabe ikhona i-dongle?
I-Hope Chen Weiliang Blog ( https://www.chenweiliang.com/ ) wabelane "ngephutha le-CWP7 SSL? Igama lomethuleli lisifaka kanjani isitifiketi samahhala se-Letsencrypt?", okuwusizo kuwe.
Siyakwamukela ukwabelana ngesixhumanisi salesi sihloko:https://www.chenweiliang.com/cwl-27950.html
Uyemukelwa esiteshini seTelegram sebhulogi ka-Chen Weiliang ukuze uthole izibuyekezo zakamuva!
📚 Lo mhlahlandlela uqukethe inani elikhulu, 🌟Leli ithuba eliyivelakancane, ungaphuthelwa! ⏰⌛💨
Yabelana futhi uthanda uma uthanda!
Ukwabelana kwakho nokuthanda kwakho kuyisisusa sethu esiqhubekayo!