APCHE SSL加密网站 作者: _囧rz_ 时间: 2016-12-19 分类: 计算机类 鉴于互联网的不稳定,建议升级网站为SSL StartCom和沃通的证书(沃通即StartCom)有BUG和不和谐的原因,被各大浏览器厂商无限和谐, 更换网站证书更换为Let's Encrypt 项目网址 https://letsencrypt.org/ 可以百度或者GOOGLE一下 申请地址 https://certbot.eff.org/ 有对应操作系统指导向导 --------------------- 此脚本为自动化 不过先要安装OPENSSL和MODE SSL 安装 OPENSSL [root@localhost ~]# yum install openssl mod_ssl -y 如果是有签名证书的情况下 ------------------使用此步骤------------------ ----------------也可以不使用------------------ 自签名的证书。首先,生成2048位的加密私钥。 > [root@localhost ~]# openssl genrsa -out CA.key 2048 然后生成证书签名请求(CSR)。 > [root@localhost ~]# openssl req -new -key CA.key -out CA.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:BJ Locality Name (eg, city) [Default City]:BJ Organization Name (eg, company) [Default Company Ltd]:随便填,最好是网站网址 Organizational Unit Name (eg, section) []:随便填,最好是网站网址 Common Name (eg, your name or your server's hostname) []:你申请证书的域名名字 Email Address []:XXXX@CCCC.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:XXXXXX An optional company name []:你的网站域名 最后,生成类型为X509的自签名证书。 > [root@localhost ~]# openssl x509 -req -days 365 -in CA.csr -signkey > CA.key -out CA.crt Signature ok subject=/C=CN/ST=BJ/L=BJWH/O=WoSign CA Limited/OU=CA XX G2/CN=XX/emailAddress=邮箱 Getting Private key 配置已申请的HTTPS证书 > [root@localhost ~]#vi /etc/httpd/conf.d/ssl.conf 修改以下3条,以下3条必须对应生成的证书网站生成的证书 服务器证书 # Server Certificate: SSLCertificateFile /etc/httpd/conf.d/SSL/CA.crt 服务器证书私有证书 # Server Private Key: SSLCertificateKeyFile /etc/httpd/conf.d/SSL/CA.key 授权CA证书 # Certificate Authority (CA): SSLCACertificateFile /etc/httpd/conf.d/SSL/root_bundle.crt 测试https://站点,无打叉报错为正常 参考 http://www.wosign.com/Support/ssl_installation.htm http://freessl.wosign.com/centos-https.html 启用HTTPS [root@localhost ~]# vi /etc/httpd/conf/httpd.conf 添加以下两个内容 #强制跳转到HTTPS <VirtualHost 你的网站:80> RewriteEngine On RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R,L] </VirtualHost> #强制全站使用HTTPS <VirtualHost 你的网站:443> DocumentRoot /var/www/html ServerName 你的网站 SSLEngine on SSLCertificateFile /etc/httpd/conf.d/SSL/CA.crt SSLCertificateKeyFile /etc/httpd/conf.d/SSL/CA.key </VirtualHost> 升级OPENSSSL及apache php mysql 升级apache php mysql [root@localhost ~]# yum update apache php mysql mysql-server -y 升级OPENSSSL [root@localhost ~]# wget https://www.openssl.org/source/openssl-1.0.2h.tar.gz 解压 [root@localhost ~]# ./config --prefix=/usr/local/openssl [root@localhost ~]# ./config -t [root@localhost ~]# make depend [root@localhost ~]# make [root@localhost ~]# make test [root@localhost ~]# make install 查看openssl的版本 [root@localhost ~]# openssl version 若还是旧版的话,执行下面的命令: [root@localhost ~]# mv /usr/bin/openssl /root/ [root@localhost ~]# ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl 编辑 /etc/ld.so.conf 添加 /usr/local/ssl/lib 再查看版本 [root@localhost ~]# openssl version OpenSSL 1.0.2h 3 May 2016 ------------------此步骤结束------------------ 安装SSL证书 certbot-auto 脚本必须放在网站可访问的目录下执行 自动化配置APACHE!! SSL文件!! 下载脚本 [root@localhost ~]# cd .. [root@localhost /]# ls aquota.group bin dev home lib64 media opt root selinux sys usr aquota.user boot etc lib lost+found mnt proc sbin srv tmp var [root@localhost /]# cd var [root@localhost var]# ls cache empty lib lock mail opt run tmp yp db games local log nis preserve spool www [root@localhost var]# cd www [root@localhost www]# ls cgi-bin error html html.tgz icons manual [root@localhost www]# cd html [root@localhost html]# wget https://dl.eff.org/certbot-auto https://dl.eff.org/certbot-auto Resolving dl.eff.org... 173.239.79.196 Connecting to dl.eff.org|173.239.79.196|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 44442 (43K) [text/plain] Saving to: `certbot-auto' 100%[======================================>] 44,442 --.-K/s in 0.02s (2.33 MB/s) - `certbot-auto' saved [44442/44442] 更改文件权限 [root@localhost html]# chmod a+x certbot-auto 执行文件 [root@localhost html]# ./certbot-auto 安装python支持 Bootstrapping dependencies for RedHat-based OSes... yum is /usr/bin/yum Loaded plugins: fastestmirror Setting up Install Process Loading mirror speeds from cached hostfile * base: mirrors.evowise.com * epel: linux.mirrors.es.net * extras: mirror.hostduplex.com * updates: centos-distro.1gservers.com Package openssl-1.0.1e-48.el6_8.3.x86_64 already installed and latest version Package openssl-devel-1.0.1e-48.el6_8.3.x86_64 already installed and latest version Package ca-certificates-2015.2.6-65.0.1.el6_7.noarch already installed and latest version Package python-2.6.6-66.el6_8.x86_64 already installed and latest version Package 1:mod_ssl-2.2.15-55.el6.centos.2.x86_64 already installed and latest version Resolving Dependencies --> Running transaction check ---> Package augeas-libs.x86_64 0:1.0.0-10.el6 will be installed ---> Package dialog.x86_64 0:1.1-9.20080819.1.el6 will be installed ---> Package gcc.x86_64 0:4.4.7-17.el6 will be installed --> Processing Dependency: libgomp = 4.4.7-17.el6 for package: gcc-4.4.7-17.el6.x86_64 --> Processing Dependency: cpp = 4.4.7-17.el6 for package: gcc-4.4.7-17.el6.x86_64 --> Processing Dependency: cloog-ppl >= 0.15 for package: gcc-4.4.7-17.el6.x86_64 --> Processing Dependency: libgomp.so.1()(64bit) for package: gcc-4.4.7-17.el6.x86_64 ---> Package libffi-devel.x86_64 0:3.0.5-3.2.el6 will be installed ---> Package python-devel.x86_64 0:2.6.6-66.el6_8 will be installed ---> Package python-pip.noarch 0:7.1.0-1.el6 will be installed ---> Package python-tools.x86_64 0:2.6.6-66.el6_8 will be installed --> Processing Dependency: tkinter = 2.6.6-66.el6_8 for package: python-tools-2.6.6-66.el6_8.x86_64 ---> Package python-virtualenv.noarch 0:1.10.1-1.el6 will be installed ---> Package redhat-rpm-config.noarch 0:9.0.3-51.el6.centos will be installed --> Running transaction check ---> Package cloog-ppl.x86_64 0:0.15.7-1.2.el6 will be installed --> Processing Dependency: libppl_c.so.2()(64bit) for package: cloog-ppl-0.15.7-1.2.el6.x86_64 --> Processing Dependency: libppl.so.7()(64bit) for package: cloog-ppl-0.15.7-1.2.el6.x86_64 ---> Package cpp.x86_64 0:4.4.7-17.el6 will be installed --> Processing Dependency: libmpfr.so.1()(64bit) for package: cpp-4.4.7-17.el6.x86_64 ---> Package libgomp.x86_64 0:4.4.7-17.el6 will be installed ---> Package tkinter.x86_64 0:2.6.6-66.el6_8 will be installed --> Processing Dependency: libtk8.5.so()(64bit) for package: tkinter-2.6.6-66.el6_8.x86_64 --> Processing Dependency: libtcl8.5.so()(64bit) for package: tkinter-2.6.6-66.el6_8.x86_64 --> Processing Dependency: libTix.so()(64bit) for package: tkinter-2.6.6-66.el6_8.x86_64 --> Running transaction check ---> Package mpfr.x86_64 0:2.4.1-6.el6 will be installed ---> Package ppl.x86_64 0:0.10.2-11.el6 will be installed ---> Package tcl.x86_64 1:8.5.7-6.el6 will be installed ---> Package tix.x86_64 1:8.4.3-5.el6 will be installed ---> Package tk.x86_64 1:8.5.7-5.el6 will be installed --> Processing Dependency: libXrender.so.1()(64bit) for package: 1:tk-8.5.7-5.el6.x86_64 --> Processing Dependency: libXft.so.2()(64bit) for package: 1:tk-8.5.7-5.el6.x86_64 --> Running transaction check ---> Package libXft.x86_64 0:2.3.2-1.el6 will be installed ---> Package libXrender.x86_64 0:0.9.8-2.1.el6_8.1 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: augeas-libs x86_64 1.0.0-10.el6 base 314 k dialog x86_64 1.1-9.20080819.1.el6 base 197 k gcc x86_64 4.4.7-17.el6 base 10 M libffi-devel x86_64 3.0.5-3.2.el6 base 18 k python-devel x86_64 2.6.6-66.el6_8 updates 173 k python-pip noarch 7.1.0-1.el6 epel 1.5 M python-tools x86_64 2.6.6-66.el6_8 updates 871 k python-virtualenv noarch 1.10.1-1.el6 epel 1.3 M redhat-rpm-config noarch 9.0.3-51.el6.centos base 60 k Installing for dependencies: cloog-ppl x86_64 0.15.7-1.2.el6 base 93 k cpp x86_64 4.4.7-17.el6 base 3.7 M libXft x86_64 2.3.2-1.el6 base 55 k libXrender x86_64 0.9.8-2.1.el6_8.1 updates 24 k libgomp x86_64 4.4.7-17.el6 base 134 k mpfr x86_64 2.4.1-6.el6 base 157 k ppl x86_64 0.10.2-11.el6 base 1.3 M tcl x86_64 1:8.5.7-6.el6 base 1.9 M tix x86_64 1:8.4.3-5.el6 base 252 k tk x86_64 1:8.5.7-5.el6 base 1.4 M tkinter x86_64 2.6.6-66.el6_8 updates 258 k Transaction Summary ================================================================================ Install 20 Package(s) Total download size: 24 M Installed size: 56 M Is this ok [y/N]: y Downloading Packages: (1/20): augeas-libs-1.0.0-10.el6.x86_64.rpm | 314 kB 00:00 (2/20): cloog-ppl-0.15.7-1.2.el6.x86_64.rpm | 93 kB 00:00 (3/20): cpp-4.4.7-17.el6.x86_64.rpm | 3.7 MB 00:00 (4/20): dialog-1.1-9.20080819.1.el6.x86_64.rpm | 197 kB 00:00 (5/20): gcc-4.4.7-17.el6.x86_64.rpm | 10 MB 00:00 (6/20): libXft-2.3.2-1.el6.x86_64.rpm | 55 kB 00:00 (7/20): libXrender-0.9.8-2.1.el6_8.1.x86_64.rpm | 24 kB 00:00 (8/20): libffi-devel-3.0.5-3.2.el6.x86_64.rpm | 18 kB 00:00 (9/20): libgomp-4.4.7-17.el6.x86_64.rpm | 134 kB 00:00 (10/20): mpfr-2.4.1-6.el6.x86_64.rpm | 157 kB 00:00 (11/20): ppl-0.10.2-11.el6.x86_64.rpm | 1.3 MB 00:00 (12/20): python-devel-2.6.6-66.el6_8.x86_64.rpm | 173 kB 00:00 (13/20): python-pip-7.1.0-1.el6.noarch.rpm | 1.5 MB 00:00 (14/20): python-tools-2.6.6-66.el6_8.x86_64.rpm | 871 kB 00:00 (15/20): python-virtualenv-1.10.1-1.el6.noarch.rpm | 1.3 MB 00:00 (16/20): redhat-rpm-config-9.0.3-51.el6.centos.noarch.rp | 60 kB 00:00 (17/20): tcl-8.5.7-6.el6.x86_64.rpm | 1.9 MB 00:00 (18/20): tix-8.4.3-5.el6.x86_64.rpm | 252 kB 00:00 (19/20): tk-8.5.7-5.el6.x86_64.rpm | 1.4 MB 00:00 (20/20): tkinter-2.6.6-66.el6_8.x86_64.rpm | 258 kB 00:00 -------------------------------------------------------------------------------- Total 2.6 MB/s | 24 MB 00:08 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : 1:tcl-8.5.7-6.el6.x86_64 1/20 Installing : libXrender-0.9.8-2.1.el6_8.1.x86_64 2/20 Installing : libXft-2.3.2-1.el6.x86_64 3/20 Installing : 1:tk-8.5.7-5.el6.x86_64 4/20 Installing : 1:tix-8.4.3-5.el6.x86_64 5/20 Installing : tkinter-2.6.6-66.el6_8.x86_64 6/20 Installing : ppl-0.10.2-11.el6.x86_64 7/20 Installing : cloog-ppl-0.15.7-1.2.el6.x86_64 8/20 Installing : libgomp-4.4.7-17.el6.x86_64 9/20 Installing : mpfr-2.4.1-6.el6.x86_64 10/20 Installing : cpp-4.4.7-17.el6.x86_64 11/20 Installing : python-devel-2.6.6-66.el6_8.x86_64 12/20 Installing : python-virtualenv-1.10.1-1.el6.noarch 13/20 Installing : gcc-4.4.7-17.el6.x86_64 14/20 Installing : python-tools-2.6.6-66.el6_8.x86_64 15/20 Installing : augeas-libs-1.0.0-10.el6.x86_64 16/20 Installing : dialog-1.1-9.20080819.1.el6.x86_64 17/20 Installing : libffi-devel-3.0.5-3.2.el6.x86_64 18/20 Installing : python-pip-7.1.0-1.el6.noarch 19/20 Installing : redhat-rpm-config-9.0.3-51.el6.centos.noarch 20/20 Verifying : libXft-2.3.2-1.el6.x86_64 1/20 Verifying : redhat-rpm-config-9.0.3-51.el6.centos.noarch 2/20 Verifying : libXrender-0.9.8-2.1.el6_8.1.x86_64 3/20 Verifying : python-pip-7.1.0-1.el6.noarch 4/20 Verifying : python-devel-2.6.6-66.el6_8.x86_64 5/20 Verifying : 1:tk-8.5.7-5.el6.x86_64 6/20 Verifying : tkinter-2.6.6-66.el6_8.x86_64 7/20 Verifying : mpfr-2.4.1-6.el6.x86_64 8/20 Verifying : libffi-devel-3.0.5-3.2.el6.x86_64 9/20 Verifying : python-virtualenv-1.10.1-1.el6.noarch 10/20 Verifying : gcc-4.4.7-17.el6.x86_64 11/20 Verifying : 1:tcl-8.5.7-6.el6.x86_64 12/20 Verifying : dialog-1.1-9.20080819.1.el6.x86_64 13/20 Verifying : libgomp-4.4.7-17.el6.x86_64 14/20 Verifying : ppl-0.10.2-11.el6.x86_64 15/20 Verifying : 1:tix-8.4.3-5.el6.x86_64 16/20 Verifying : cpp-4.4.7-17.el6.x86_64 17/20 Verifying : cloog-ppl-0.15.7-1.2.el6.x86_64 18/20 Verifying : python-tools-2.6.6-66.el6_8.x86_64 19/20 Verifying : augeas-libs-1.0.0-10.el6.x86_64 20/20 Installed: augeas-libs.x86_64 0:1.0.0-10.el6 dialog.x86_64 0:1.1-9.20080819.1.el6 gcc.x86_64 0:4.4.7-17.el6 libffi-devel.x86_64 0:3.0.5-3.2.el6 python-devel.x86_64 0:2.6.6-66.el6_8 python-pip.noarch 0:7.1.0-1.el6 python-tools.x86_64 0:2.6.6-66.el6_8 python-virtualenv.noarch 0:1.10.1-1.el6 redhat-rpm-config.noarch 0:9.0.3-51.el6.centos Dependency Installed: cloog-ppl.x86_64 0:0.15.7-1.2.el6 cpp.x86_64 0:4.4.7-17.el6 libXft.x86_64 0:2.3.2-1.el6 libXrender.x86_64 0:0.9.8-2.1.el6_8.1 libgomp.x86_64 0:4.4.7-17.el6 mpfr.x86_64 0:2.4.1-6.el6 ppl.x86_64 0:0.10.2-11.el6 tcl.x86_64 1:8.5.7-6.el6 tix.x86_64 1:8.4.3-5.el6 tk.x86_64 1:8.5.7-5.el6 tkinter.x86_64 0:2.6.6-66.el6_8 Complete! Creating virtual environment... Installing Python packages... Installation succeeded. /root/.local/share/letsencrypt/lib/python2.6/site-packages/cryptography/__init__.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6 DeprecationWarning 日志 Version: 1.1-20080819 lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x Saving debug log to /var/log/letsencrypt/letsencrypt.log x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj 输入网站网址 空格隔开 Version: 1.1-20080819 /root/.local/share/letsencrypt/lib/python2.6/site-packages/dialog.py:779: DeprecationWarning: the DIALOG_OK attribute of Dialog instances is obsolete; use the Dialog.OK class attribute instead. DeprecationWarning) lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x No names were found in your x x configuration files. Please x x enter in your domain name(s) x x (comma and/or space separated) x x lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x x xlocalhost.com www.localhost.com x x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj x tqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqu x < OK > <Cancel> x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj 输入邮箱地址 lqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x Enter email address (used x x for urgent notices and x x lost key recovery) x x lqqqqqqqqqqqqqqqqqqqqqqqqk x x xXXXX@XXXX.com x x x mqqqqqqqqqqqqqqqqqqqqqqqqj x tqqqqqqqqqqqqqqqqqqqqqqqqqqqqu x < OK > <Cancel> x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqj 保存日志 lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x Saving debug log to /var/log/letsencrypt/letsencrypt.log x x Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj 同意协议 lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x Please read the Terms of Service at x x https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf. x x You must agree in order to register with the ACME server at x x https://acme-v01.api.letsencrypt.org/directory x tqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqu x <Agree > <Cancel> x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj 保存日志,开始验证连接 lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x Saving debug log to /var/log/letsencrypt/letsencrypt.log x x Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org x x Obtaining a new certificate x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj 验证并申请证书 lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x Saving debug log to /var/log/letsencrypt/letsencrypt.log x x Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org x x Obtaining a new certificate x x Performing the following challenges: x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj 申请证书 lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x Saving debug log to /var/log/letsencrypt/letsencrypt.log x x Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org x x Obtaining a new certificate x x Performing the following challenges: x x tls-sni-01 challenge for localhost.com x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj 验证网站所有权并申请 lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x Saving debug log to /var/log/letsencrypt/letsencrypt.log x x Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org x x Obtaining a new certificate x x Performing the following challenges: x x tls-sni-01 challenge for localhost.com x x tls-sni-01 challenge for www.localhost.com x x x x x x x x x x x x x x x x x x x x x x x x x x x x x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj 配置SSL.conf lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x We were unable to find a vhost with a ServerName or Address of x x localhost.com. x x Which virtual host would you like to choose? x x (note: conf files with multiple vhosts are not yet supported) x x lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x x x1 ssl.conf | | HTTPS x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj x tqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqu x < Select > < Cancel > <More Info> x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj 配置SSL.conf lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x We were unable to find a vhost with a ServerName or Address of x x www.localhost.com. x x Which virtual host would you like to choose? x x (note: conf files with multiple vhosts are not yet supported) x x lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x x x1 ssl.conf | | HTTPS x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj x tqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqu x < Select > < Cancel > <More Info> x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj 申请证书并验证 lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x Saving debug log to /var/log/letsencrypt/letsencrypt.log x x Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org x x Obtaining a new certificate x x Performing the following challenges: x x tls-sni-01 challenge for localhost.com x x tls-sni-01 challenge for www.localhost.com x x Waiting for verification... x x x x x x x x x x x x x x x x x x x x x x x x x x x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj 关闭握手 lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x Saving debug log to /var/log/letsencrypt/letsencrypt.log x x Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org x x Obtaining a new certificate x x Performing the following challenges: x x tls-sni-01 challenge for localhost.com x x tls-sni-01 challenge for www.localhost.com x x Waiting for verification... x x Cleaning up challenges x x x x x x x x x x x x x x x x x x x x x x x x x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj 保存证书 lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x Saving debug log to /var/log/letsencrypt/letsencrypt.log x x Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org x x Obtaining a new certificate x x Performing the following challenges: x x tls-sni-01 challenge for localhost.com x x tls-sni-01 challenge for www.localhost.com x x Waiting for verification... x x Cleaning up challenges x x Generating key (2048 bits): x x /etc/letsencrypt/keys/0000_key-certbot.pem x x x x x x x x x x x x x x x x x x x x x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj 保存证书 lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x Saving debug log to /var/log/letsencrypt/letsencrypt.log x x Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org x x Obtaining a new certificate x x Performing the following challenges: x x tls-sni-01 challenge for localhost.com x x tls-sni-01 challenge for www.localhost.com x x Waiting for verification... x x Cleaning up challenges x x Generating key (2048 bits): x x /etc/letsencrypt/keys/0000_key-certbot.pem x x Creating CSR: /etc/letsencrypt/csr/0000_csr-certbot.pem x x x x x x x x x x x x x x x x x x x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj 配置SSL.conf lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x We were unable to find a vhost with a ServerName or Address of x x localhost.com. x x Which virtual host would you like to choose? x x (note: conf files with multiple vhosts are not yet supported) x x lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x x x1 ssl.conf | | HTTPS x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj x tqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqu x < Select > < Cancel > <More Info> x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj 保存证书 lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x Saving debug log to /var/log/letsencrypt/letsencrypt.log x x Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org x x Obtaining a new certificate x x Performing the following challenges: x x tls-sni-01 challenge for localhost.com x x tls-sni-01 challenge for www.localhost.com x x Waiting for verification... x x Cleaning up challenges x x Generating key (2048 bits): x x /etc/letsencrypt/keys/0000_key-certbot.pem x x Creating CSR: /etc/letsencrypt/csr/0000_csr-certbot.pem x x Deploying Certificate to VirtualHost /etc/httpd/conf.d/ssl.conf x x x x x x x x x x x x x x x x x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj 配置SSL.conf lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x We were unable to find a vhost with a ServerName or Address of x x www.localhost.com. x x Which virtual host would you like to choose? x x (note: conf files with multiple vhosts are not yet supported) x x lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x x x1 ssl.conf | localhost.com | HTTPS x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj x tqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqu x < Select > < Cancel > <More Info> x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj 保存证书 lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x Saving debug log to /var/log/letsencrypt/letsencrypt.log x x Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org x x Obtaining a new certificate x x Performing the following challenges: x x tls-sni-01 challenge for localhost.com x x tls-sni-01 challenge for www.localhost.com x x Waiting for verification... x x Cleaning up challenges x x Generating key (2048 bits): x x /etc/letsencrypt/keys/0000_key-certbot.pem x x Creating CSR: /etc/letsencrypt/csr/0000_csr-certbot.pem x x Deploying Certificate to VirtualHost /etc/httpd/conf.d/ssl.conf x x Deploying Certificate to VirtualHost /etc/httpd/conf.d/ssl.conf x x x x x x x x x x x x x x x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj 配置证书类型 简单加密 还是 全站加密 lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x Please choose whether HTTPS access is required or optional. x x lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x x x Easy Allow both HTTP and HTTPS access to these sites x x x x Secure Make all requests redirect to secure HTTPS access x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj x tqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqu x < OK > <Cancel> x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj 配置SSL.conf lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x Saving debug log to /var/log/letsencrypt/letsencrypt.log x x Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org x x Obtaining a new certificate x x Performing the following challenges: x x tls-sni-01 challenge for localhost.com x x tls-sni-01 challenge for www.localhost.com x x Waiting for verification... x x Cleaning up challenges x x Generating key (2048 bits): x x /etc/letsencrypt/keys/0000_key-certbot.pem x x Creating CSR: /etc/letsencrypt/csr/0000_csr-certbot.pem x x Deploying Certificate to VirtualHost /etc/httpd/conf.d/ssl.conf x x Deploying Certificate to VirtualHost /etc/httpd/conf.d/ssl.conf x x Created redirect file: le-redirect-localhost.com.conf x x x x x x x x x x x x x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj 保存证书 lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x Saving debug log to /var/log/letsencrypt/letsencrypt.log x x Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org x x Obtaining a new certificate x x Performing the following challenges: x x tls-sni-01 challenge for localhost.com x x tls-sni-01 challenge for www.localhost.com x x Waiting for verification... x x Cleaning up challenges x x Generating key (2048 bits): x x /etc/letsencrypt/keys/0000_key-certbot.pem x x Creating CSR: /etc/letsencrypt/csr/0000_csr-certbot.pem x x Deploying Certificate to VirtualHost /etc/httpd/conf.d/ssl.conf x x Deploying Certificate to VirtualHost /etc/httpd/conf.d/ssl.conf x x Created redirect file: le-redirect-localhost.com.conf x x Rollback checkpoint is empty (no changes made?) x x x x x x x x x x x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj 完成 lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x Congratulations! You have successfully enabled x x https://localhost.com and https://www.localhost.com x x x x You should test your configuration at: x x https://www.ssllabs.com/ssltest/analyze.html?d=localhost.com x x https://www.ssllabs.com/ssltest/analyze.html?d=www.localhost.comx tqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqu x < OK > x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/localhost.com/fullchain.pem. Your cert will expire on 2010-03-00. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot-auto renew" - If you lose your account credentials, you can recover through e-mails sent to xxxxx@xxxxx.com. - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le 3个月更新一次 使用此命令 certbot-auto renew 如果懒,写个计划任务脚本 参见 https://imququ.com/post/letsencrypt-certificate.html 如果提示失败,那么请使用rollback命令 前提是日志有保存! IMPORTANT NOTES: - The following errors were reported by the server: Domain: localhost.com Type: unauthorized Detail: Incorrect validation certificate for TLS-SNI-01 challenge. Requested !!!!! e011376b4af110335.1a0cc4ffefb107b4.acme.invalid !!!!! from 127.000.000.001:443. Received certificate containing 'localhost, www.localhost.com' To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address. 标签: none