\u4e00\u5411 SSL cert \u662f\u6709\u9322\u4eba\u7684\u73a9\u610f\uff0c\u627e\u9593\u6709\u540d\u7684 CA \u7c3d\u767c\uff0c\u4e00\u500b domain \u5f80\u5f80\u8981\u6578\u5343\u751a\u81f3\u4e0a\u842c\u6e2f\u5143\u4e00\u5e74\uff0c\u83ab\u8b1b\u8a71\u500b\u4eba\uff0c\u597d\u591a\u4e2d\u5c0f\u4f01\u90fd\u8ca0\u64d4\u5514\u8d77\uff0c\u9019\u4e0d\u55ae\u963b\u7919\u4e86\u7db2\u7d61\u5b89\u5168\u7684\u767c\u5c55\uff0c\u66f4\u963b\u7919\u4e86 SPDY (HTTP\/2) \u7684\u63a8\u5ee3\u3002\u60c5\u6cc1\u53ef\u80fd\u88ab Let’s Encrypt \u6253\u7834\uff0c\u5979\u63d0\u4f9b\u4e86\u514d\u8cbb SSL cert \u7c3d\u767c\u670d\u52d9\uff0c\u7c3d\u51fa\u4f86\u7684 cert \u5728 IE11\u3001Edge\u3001Safari\u3001Firefox\u3001Chrome\u3001Android\u3001iOS \u90fd\u88ab\u8a8d\u53ef\u3002\u9019\u5be6\u5728\u662f\u7db2\u7d61\u767c\u5c55\u4e00\u5927\u9032\u6b65\u3002<\/p>\n
\u8981 Let’s Encrypt \u7c3d\u7f72\uff0c\u4f60\u53ef\u4ee5\u7528 Certbot<\/a>\uff0c\u800c\u4f7f\u7528 Certbot \u6700\u7c21\u55ae\u7684\u65b9\u6cd5\u5c31\u662f\u4f7f\u7528 Docker<\/a>\u3002Docker \u5df2\u6210\u4e86\u6700\u7c21\u55ae deployment \u7684\u65b9\u6cd5\uff0c\u6bd4 RPM\u3001DEB \u66f4\u65b9\u4fbf\uff01<\/p>\n \u9996\u5148 pull \u500b image \u4e0b\u4f86\u672c\u6a5f \u4e4b\u5f8c\u5efa\u7acb\u672c\u6a5f\u8cc7\u6599\u593e\u7528\u4f86\u5b58\u65b9\u7c3d\u597d\u7684 cert\u3001key\u3001config \u7b49\u6a94\u6848 \u518d\u8d77\u52d5 docker container \u7531\u65bc\u8981\u5f97\u5230 Let’s Encrypt \u8a8d\u8b49 domain\uff0cFirewall \u8981\u6253\u958b port 80 \u53ca 443\uff0c\u4ee5\u53ca\u4e0d\u80fd\u4f54\u7528\u4ee5\u4e0a\u5169\u500b ports\uff0c\u6b64\u6642\u8981\u95dc\u9589 web server\u3002<\/p>\n Container \u8d77\u52d5\u5f8c\uff0c\u8ddf screen \u6307\u793a\uff0c\u4fbf\u53ef\u5728\u672c\u6a5f \/etc\/letsencrypt\/archive\/ \u5f97\u5230\u4ee5\u4e0b files\uff1a<\/p>\n \u628a cert1.pem\u3001chain1.pem\u3001privkey1.pem copy \u53bb Apache HTTP server \u7684 conf\/\uff0c\u628a\u4ee5\u4e0b files \u91cd\u65b0\u540d\u547d\uff1a \u66f4\u6539 Apache conf\/extra\/httpd-ssl.conf\uff0c\u78ba\u4fdd\u6709\u4ee5\u4e0b\u5e7e\u884c\uff1a \u6700\u5f8c\u78ba\u4fdd httpd-ssl.conf \u6709\u88ab include \u5728 conf\/httpd.conf \u53ca\u91cd\u555f Apache HTTP server \u4fbf\u53ef\u3002<\/p>\n \u5982\u9700\u4e0d\u540c domain \u7528 SSL\uff0c\u90a3\u5728 conf\/extra\/httpd-vhosts.conf \u505a\u6539\u52d5\u4fbf\u53ef\u3002<\/p>\n","protected":false},"excerpt":{"rendered":" \u4e00\u5411 SSL cert \u662f\u6709\u9322\u4eba\u7684\u73a9\u610f\uff0c\u627e\u9593\u6709\u540d\u7684 CA \u7c3d\u767c\uff0c\u4e00\u500b domain \u5f80\u5f80\u8981\u6578\u5343\u751a\u81f3\u4e0a\u842c\u6e2f\u5143\u4e00\u5e74\uff0c\u83ab\u8b1b\u8a71\u500b\u4eba\uff0c\u597d\u591a\u4e2d\u5c0f\u4f01\u90fd\u8ca0\u64d4\u5514\u8d77\uff0c\u9019\u4e0d\u55ae\u963b\u7919\u4e86\u7db2\u7d61\u5b89\u5168\u7684\u767c\u5c55\uff0c\u66f4\u963b\u7919\u4e86 SPDY (HTTP\/2) \u7684\u63a8\u5ee3\u3002\u60c5\u6cc1\u53ef\u80fd\u88ab Let’s Encrypt \u6253\u7834\uff0c\u5979\u63d0\u4f9b\u4e86\u514d\u8cbb SSL cert \u7c3d\u767c\u670d\u52d9\uff0c\u7c3d\u51fa\u4f86\u7684 cert \u5728 IE11\u3001Edge\u3001Safari\u3001Firefox\u3001Chrome\u3001Android\u3001iOS \u90fd\u88ab\u8a8d\u53ef\u3002\u9019\u5be6\u5728\u662f\u7db2\u7d61\u767c\u5c55\u4e00\u5927\u9032\u6b65\u3002 \u8981 Let’s Encrypt \u7c3d\u7f72\uff0c\u4f60\u53ef\u4ee5\u7528 Certbot\uff0c\u800c\u4f7f\u7528 Certbot \u6700\u7c21\u55ae\u7684\u65b9\u6cd5\u5c31\u662f\u4f7f\u7528 Docker\u3002Docker \u5df2\u6210\u4e86\u6700\u7c21\u55ae deployment \u7684\u65b9\u6cd5\uff0c\u6bd4 RPM\u3001DEB \u66f4\u65b9\u4fbf\uff01 \u9996\u5148 pull \u500b image \u4e0b\u4f86\u672c\u6a5f $ docker pull quay.io\/letsencrypt\/letsencrypt:latest \u4e4b\u5f8c\u5efa\u7acb\u672c\u6a5f\u8cc7\u6599\u593e\u7528\u4f86\u5b58\u65b9\u7c3d\u597d\u7684 cert\u3001key\u3001config \u7b49\u6a94\u6848 $ sudo mkdir \/var\/lib\/letsencrypt \/etc\/letsencrypt \u518d\u8d77\u52d5 docker container $\u2026 Read More »<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[17],"tags":[],"_links":{"self":[{"href":"https:\/\/carlos.aboutmy.info\/blog\/index.php?rest_route=\/wp\/v2\/posts\/557"}],"collection":[{"href":"https:\/\/carlos.aboutmy.info\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/carlos.aboutmy.info\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/carlos.aboutmy.info\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/carlos.aboutmy.info\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=557"}],"version-history":[{"count":4,"href":"https:\/\/carlos.aboutmy.info\/blog\/index.php?rest_route=\/wp\/v2\/posts\/557\/revisions"}],"predecessor-version":[{"id":579,"href":"https:\/\/carlos.aboutmy.info\/blog\/index.php?rest_route=\/wp\/v2\/posts\/557\/revisions\/579"}],"wp:attachment":[{"href":"https:\/\/carlos.aboutmy.info\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=557"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/carlos.aboutmy.info\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=557"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/carlos.aboutmy.info\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=557"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\n$ docker pull quay.io\/letsencrypt\/letsencrypt:latest<\/code><\/p>\n
\n$ sudo mkdir \/var\/lib\/letsencrypt \/etc\/letsencrypt<\/code><\/p>\n
\n$ docker run -it --rm -p 443:443 -p 80:80 --name certbot -v \/etc\/letsencrypt:\/etc\/letsencrypt -v \/var\/lib\/letsencrypt:\/var\/lib\/letsencrypt quay.io\/letsencrypt\/letsencrypt:latest certonly<\/code><\/p>\n
\n
\nmv cert1.pem server.crt
\nmv chain1.pem server-ca.crt
\nmv privkey1.pem server.key
\n<\/code><\/p>\n
\n
\nSSLCertificateFile conf\/server.crt
\nSSLCertificateKeyFile conf\/server.key
\nSSLCertificateChainFile conf\/server-ca.crt
\n<\/code><\/p>\n$ sudo systemctl restart httpd<\/code><\/p>\n