安装 .net framework4,怎么安装都不行,老是提示“安装未成功”、“沿未安装.net framework 4 ,原因是:一般信任关系失败。”。没办法只能先放放这些比较特殊的机器了,让他们休息休息!

出现这个问题的原因是dll文件注册不正确,需要重新注册Softpub.dll, Wintrust.dll, Initpki.dll, and Mssip32.dll这四个dll文件。

如果您尝试安装 .net framwork 4时出现『安装未成功』、因为『一般信任错误』时

这是因为您系统中的DLL注册存在问题,请按以下步骤解决问题:

按Win(Windows徽章键)+R,弹出运行对话框,输入『cmd』然后回车;

在弹出来的窗口中,依次输入下面的内容并回车:『regsvr32 /s Softpub.dll』,『regsvr32 /s Wintrust.dll』,『regsvr32 /s Initpki.dll』,『regsvr32 /s Mssip32.dll』

再重新安装。

在命令行中运行以下命令:
regsvr32 /s Softpub.dll
regsvr32 /s Wintrust.dll
regsvr32 /s Initpki.dll
regsvr32 /s Mssip32.dll

还有的用户主要是由于我系统登录的帐号不是Admin权限 ,所有报那个错误!

原文
http://www.cr173.com/html/14338_1.html

PS:如果报证书错误,可以更新一下系统

安装以下补丁
Windows6.1-KB2677070-x64
Windows6.1-KB3020369-x64
windows6.1-kb3125574-v4-x64

鉴于互联网的不稳定,建议升级网站为SSL

StartCom和沃通的证书(沃通即StartCom)有BUG和不和谐的原因,被各大浏览器厂商无限和谐,

更换网站证书更换为Let's Encrypt
项目网址
https://letsencrypt.org/

可以百度或者GOOGLE一下
申请地址
https://certbot.eff.org/
有对应操作系统指导向导

此脚本为自动化
不过先要安装OPENSSL和MODE SSL

安装 OPENSSL


[root@localhost ~]# yum install openssl mod_ssl -y

如果是有签名证书的情况下
------------------使用此步骤------------------
----------------也可以不使用------------------
自签名的证书。首先,生成2048位的加密私钥。

> [root@localhost ~]# openssl genrsa -out CA.key 2048

然后生成证书签名请求(CSR)。

> [root@localhost ~]# openssl req -new -key CA.key -out CA.csr

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,

If you enter '.', the field will be left blank.

Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:BJ
Locality Name (eg, city) [Default City]:BJ
Organization Name (eg, company) [Default Company Ltd]:随便填,最好是网站网址
Organizational Unit Name (eg, section) []:随便填,最好是网站网址
Common Name (eg, your name or your server's hostname) []:你申请证书的域名名字
Email Address []:[email protected]

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:XXXXXX
An optional company name []:你的网站域名

最后,生成类型为X509的自签名证书。

> [root@localhost ~]# openssl x509 -req -days 365 -in CA.csr -signkey
> CA.key -out CA.crt

Signature ok
subject=/C=CN/ST=BJ/L=BJWH/O=WoSign CA Limited/OU=CA XX G2/CN=XX/emailAddress=邮箱
Getting Private key

配置已申请的HTTPS证书

> [root@localhost ~]#vi /etc/httpd/conf.d/ssl.conf

修改以下3条,以下3条必须对应生成的证书网站生成的证书

服务器证书

Server Certificate:

SSLCertificateFile /etc/httpd/conf.d/SSL/CA.crt

服务器证书私有证书

Server Private Key:

SSLCertificateKeyFile /etc/httpd/conf.d/SSL/CA.key

授权CA证书

Certificate Authority (CA):

SSLCACertificateFile /etc/httpd/conf.d/SSL/root_bundle.crt

测试https://站点,无打叉报错为正常

参考
http://www.wosign.com/Support/ssl_installation.htm
http://freessl.wosign.com/centos-https.html

启用HTTPS

[root@localhost ~]# vi /etc/httpd/conf/httpd.conf

添加以下两个内容

强制跳转到HTTPS


RewriteEngine On
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R,L]

强制全站使用HTTPS

    DocumentRoot /var/www/html
    ServerName 你的网站
    SSLEngine on
    SSLCertificateFile /etc/httpd/conf.d/SSL/CA.crt
    SSLCertificateKeyFile /etc/httpd/conf.d/SSL/CA.key

升级OPENSSSL及apache php mysql
升级apache php mysql

[root@localhost ~]# yum update apache php mysql mysql-server -y

升级OPENSSSL
[root@localhost ~]# wget https://www.openssl.org/source/openssl-1.0.2h.tar.gz
解压

[root@localhost ~]#  ./config --prefix=/usr/local/openssl

[root@localhost ~]# ./config -t

[root@localhost ~]# make depend

[root@localhost ~]# make 

[root@localhost ~]# make test

[root@localhost ~]# make install

查看openssl的版本

[root@localhost ~]# openssl version

若还是旧版的话,执行下面的命令:

[root@localhost ~]# mv /usr/bin/openssl /root/
[root@localhost ~]# ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl

编辑
/etc/ld.so.conf
添加
/usr/local/ssl/lib

再查看版本
[root@localhost ~]# openssl version
OpenSSL 1.0.2h 3 May 2016

------------------此步骤结束------------------

安装SSL证书

certbot-auto
脚本必须放在网站可访问的目录下执行
自动化配置APACHE!! SSL文件!!

下载脚本
[root@localhost ~]# cd ..
[root@localhost /]# ls
aquota.group bin dev home lib64 media opt root selinux sys usr
aquota.user boot etc lib lost+found mnt proc sbin srv tmp var
[root@localhost /]# cd var
[root@localhost var]# ls
cache empty lib lock mail opt run tmp yp
db games local log nis preserve spool www
[root@localhost var]# cd www
[root@localhost www]# ls
cgi-bin error html html.tgz icons manual
[root@localhost www]# cd html
[root@localhost html]# wget https://dl.eff.org/certbot-auto
https://dl.eff.org/certbot-auto
Resolving dl.eff.org... 173.239.79.196
Connecting to dl.eff.org|173.239.79.196|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 44442 (43K) [text/plain]
Saving to: `certbot-auto'

100%[======================================>] 44,442 --.-K/s in 0.02s

(2.33 MB/s) - `certbot-auto' saved [44442/44442]

更改文件权限
[root@localhost html]# chmod a+x certbot-auto

执行文件
[root@localhost html]# ./certbot-auto

安装python支持
Bootstrapping dependencies for RedHat-based OSes...
yum is /usr/bin/yum
Loaded plugins: fastestmirror
Setting up Install Process
Loading mirror speeds from cached hostfile

  • base: mirrors.evowise.com
  • epel: linux.mirrors.es.net
  • extras: mirror.hostduplex.com
  • updates: centos-distro.1gservers.com

Package openssl-1.0.1e-48.el6_8.3.x86_64 already installed and latest version
Package openssl-devel-1.0.1e-48.el6_8.3.x86_64 already installed and latest version
Package ca-certificates-2015.2.6-65.0.1.el6_7.noarch already installed and latest version
Package python-2.6.6-66.el6_8.x86_64 already installed and latest version
Package 1:mod_ssl-2.2.15-55.el6.centos.2.x86_64 already installed and latest version
Resolving Dependencies
--> Running transaction check
---> Package augeas-libs.x86_64 0:1.0.0-10.el6 will be installed
---> Package dialog.x86_64 0:1.1-9.20080819.1.el6 will be installed
---> Package gcc.x86_64 0:4.4.7-17.el6 will be installed
--> Processing Dependency: libgomp = 4.4.7-17.el6 for package: gcc-4.4.7-17.el6.x86_64
--> Processing Dependency: cpp = 4.4.7-17.el6 for package: gcc-4.4.7-17.el6.x86_64
--> Processing Dependency: cloog-ppl >= 0.15 for package: gcc-4.4.7-17.el6.x86_64
--> Processing Dependency: libgomp.so.1()(64bit) for package: gcc-4.4.7-17.el6.x86_64
---> Package libffi-devel.x86_64 0:3.0.5-3.2.el6 will be installed
---> Package python-devel.x86_64 0:2.6.6-66.el6_8 will be installed
---> Package python-pip.noarch 0:7.1.0-1.el6 will be installed
---> Package python-tools.x86_64 0:2.6.6-66.el6_8 will be installed
--> Processing Dependency: tkinter = 2.6.6-66.el6_8 for package: python-tools-2.6.6-66.el6_8.x86_64
---> Package python-virtualenv.noarch 0:1.10.1-1.el6 will be installed
---> Package redhat-rpm-config.noarch 0:9.0.3-51.el6.centos will be installed
--> Running transaction check
---> Package cloog-ppl.x86_64 0:0.15.7-1.2.el6 will be installed
--> Processing Dependency: libppl_c.so.2()(64bit) for package: cloog-ppl-0.15.7-1.2.el6.x86_64
--> Processing Dependency: libppl.so.7()(64bit) for package: cloog-ppl-0.15.7-1.2.el6.x86_64
---> Package cpp.x86_64 0:4.4.7-17.el6 will be installed
--> Processing Dependency: libmpfr.so.1()(64bit) for package: cpp-4.4.7-17.el6.x86_64
---> Package libgomp.x86_64 0:4.4.7-17.el6 will be installed
---> Package tkinter.x86_64 0:2.6.6-66.el6_8 will be installed
--> Processing Dependency: libtk8.5.so()(64bit) for package: tkinter-2.6.6-66.el6_8.x86_64
--> Processing Dependency: libtcl8.5.so()(64bit) for package: tkinter-2.6.6-66.el6_8.x86_64
--> Processing Dependency: libTix.so()(64bit) for package: tkinter-2.6.6-66.el6_8.x86_64
--> Running transaction check
---> Package mpfr.x86_64 0:2.4.1-6.el6 will be installed
---> Package ppl.x86_64 0:0.10.2-11.el6 will be installed
---> Package tcl.x86_64 1:8.5.7-6.el6 will be installed
---> Package tix.x86_64 1:8.4.3-5.el6 will be installed
---> Package tk.x86_64 1:8.5.7-5.el6 will be installed
--> Processing Dependency: libXrender.so.1()(64bit) for package: 1:tk-8.5.7-5.el6.x86_64
--> Processing Dependency: libXft.so.2()(64bit) for package: 1:tk-8.5.7-5.el6.x86_64
--> Running transaction check
---> Package libXft.x86_64 0:2.3.2-1.el6 will be installed
---> Package libXrender.x86_64 0:0.9.8-2.1.el6_8.1 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================

Package Arch Version Repository Size

Installing:
augeas-libs x86_64 1.0.0-10.el6 base 314 k
dialog x86_64 1.1-9.20080819.1.el6 base 197 k
gcc x86_64 4.4.7-17.el6 base 10 M
libffi-devel x86_64 3.0.5-3.2.el6 base 18 k
python-devel x86_64 2.6.6-66.el6_8 updates 173 k
python-pip noarch 7.1.0-1.el6 epel 1.5 M
python-tools x86_64 2.6.6-66.el6_8 updates 871 k
python-virtualenv noarch 1.10.1-1.el6 epel 1.3 M
redhat-rpm-config noarch 9.0.3-51.el6.centos base 60 k
Installing for dependencies:
cloog-ppl x86_64 0.15.7-1.2.el6 base 93 k
cpp x86_64 4.4.7-17.el6 base 3.7 M
libXft x86_64 2.3.2-1.el6 base 55 k
libXrender x86_64 0.9.8-2.1.el6_8.1 updates 24 k
libgomp x86_64 4.4.7-17.el6 base 134 k
mpfr x86_64 2.4.1-6.el6 base 157 k
ppl x86_64 0.10.2-11.el6 base 1.3 M
tcl x86_64 1:8.5.7-6.el6 base 1.9 M
tix x86_64 1:8.4.3-5.el6 base 252 k
tk x86_64 1:8.5.7-5.el6 base 1.4 M
tkinter x86_64 2.6.6-66.el6_8 updates 258 k

Transaction Summary

Install 20 Package(s)

Total download size: 24 M
Installed size: 56 M
Is this ok [y/N]: y
Downloading Packages:
(1/20): augeas-libs-1.0.0-10.el6.x86_64.rpm | 314 kB 00:00
(2/20): cloog-ppl-0.15.7-1.2.el6.x86_64.rpm | 93 kB 00:00
(3/20): cpp-4.4.7-17.el6.x86_64.rpm | 3.7 MB 00:00
(4/20): dialog-1.1-9.20080819.1.el6.x86_64.rpm | 197 kB 00:00
(5/20): gcc-4.4.7-17.el6.x86_64.rpm | 10 MB 00:00
(6/20): libXft-2.3.2-1.el6.x86_64.rpm | 55 kB 00:00
(7/20): libXrender-0.9.8-2.1.el6_8.1.x86_64.rpm | 24 kB 00:00
(8/20): libffi-devel-3.0.5-3.2.el6.x86_64.rpm | 18 kB 00:00
(9/20): libgomp-4.4.7-17.el6.x86_64.rpm | 134 kB 00:00
(10/20): mpfr-2.4.1-6.el6.x86_64.rpm | 157 kB 00:00
(11/20): ppl-0.10.2-11.el6.x86_64.rpm | 1.3 MB 00:00
(12/20): python-devel-2.6.6-66.el6_8.x86_64.rpm | 173 kB 00:00
(13/20): python-pip-7.1.0-1.el6.noarch.rpm | 1.5 MB 00:00
(14/20): python-tools-2.6.6-66.el6_8.x86_64.rpm | 871 kB 00:00
(15/20): python-virtualenv-1.10.1-1.el6.noarch.rpm | 1.3 MB 00:00
(16/20): redhat-rpm-config-9.0.3-51.el6.centos.noarch.rp | 60 kB 00:00
(17/20): tcl-8.5.7-6.el6.x86_64.rpm | 1.9 MB 00:00
(18/20): tix-8.4.3-5.el6.x86_64.rpm | 252 kB 00:00
(19/20): tk-8.5.7-5.el6.x86_64.rpm | 1.4 MB 00:00

(20/20): tkinter-2.6.6-66.el6_8.x86_64.rpm | 258 kB 00:00

Total 2.6 MB/s | 24 MB 00:08
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : 1:tcl-8.5.7-6.el6.x86_64 1/20
Installing : libXrender-0.9.8-2.1.el6_8.1.x86_64 2/20
Installing : libXft-2.3.2-1.el6.x86_64 3/20
Installing : 1:tk-8.5.7-5.el6.x86_64 4/20
Installing : 1:tix-8.4.3-5.el6.x86_64 5/20
Installing : tkinter-2.6.6-66.el6_8.x86_64 6/20
Installing : ppl-0.10.2-11.el6.x86_64 7/20
Installing : cloog-ppl-0.15.7-1.2.el6.x86_64 8/20
Installing : libgomp-4.4.7-17.el6.x86_64 9/20
Installing : mpfr-2.4.1-6.el6.x86_64 10/20
Installing : cpp-4.4.7-17.el6.x86_64 11/20
Installing : python-devel-2.6.6-66.el6_8.x86_64 12/20
Installing : python-virtualenv-1.10.1-1.el6.noarch 13/20
Installing : gcc-4.4.7-17.el6.x86_64 14/20
Installing : python-tools-2.6.6-66.el6_8.x86_64 15/20
Installing : augeas-libs-1.0.0-10.el6.x86_64 16/20
Installing : dialog-1.1-9.20080819.1.el6.x86_64 17/20
Installing : libffi-devel-3.0.5-3.2.el6.x86_64 18/20
Installing : python-pip-7.1.0-1.el6.noarch 19/20
Installing : redhat-rpm-config-9.0.3-51.el6.centos.noarch 20/20
Verifying : libXft-2.3.2-1.el6.x86_64 1/20
Verifying : redhat-rpm-config-9.0.3-51.el6.centos.noarch 2/20
Verifying : libXrender-0.9.8-2.1.el6_8.1.x86_64 3/20
Verifying : python-pip-7.1.0-1.el6.noarch 4/20
Verifying : python-devel-2.6.6-66.el6_8.x86_64 5/20
Verifying : 1:tk-8.5.7-5.el6.x86_64 6/20
Verifying : tkinter-2.6.6-66.el6_8.x86_64 7/20
Verifying : mpfr-2.4.1-6.el6.x86_64 8/20
Verifying : libffi-devel-3.0.5-3.2.el6.x86_64 9/20
Verifying : python-virtualenv-1.10.1-1.el6.noarch 10/20
Verifying : gcc-4.4.7-17.el6.x86_64 11/20
Verifying : 1:tcl-8.5.7-6.el6.x86_64 12/20
Verifying : dialog-1.1-9.20080819.1.el6.x86_64 13/20
Verifying : libgomp-4.4.7-17.el6.x86_64 14/20
Verifying : ppl-0.10.2-11.el6.x86_64 15/20
Verifying : 1:tix-8.4.3-5.el6.x86_64 16/20
Verifying : cpp-4.4.7-17.el6.x86_64 17/20
Verifying : cloog-ppl-0.15.7-1.2.el6.x86_64 18/20
Verifying : python-tools-2.6.6-66.el6_8.x86_64 19/20
Verifying : augeas-libs-1.0.0-10.el6.x86_64 20/20

Installed:
augeas-libs.x86_64 0:1.0.0-10.el6
dialog.x86_64 0:1.1-9.20080819.1.el6
gcc.x86_64 0:4.4.7-17.el6
libffi-devel.x86_64 0:3.0.5-3.2.el6
python-devel.x86_64 0:2.6.6-66.el6_8
python-pip.noarch 0:7.1.0-1.el6
python-tools.x86_64 0:2.6.6-66.el6_8
python-virtualenv.noarch 0:1.10.1-1.el6
redhat-rpm-config.noarch 0:9.0.3-51.el6.centos

Dependency Installed:
cloog-ppl.x86_64 0:0.15.7-1.2.el6 cpp.x86_64 0:4.4.7-17.el6
libXft.x86_64 0:2.3.2-1.el6 libXrender.x86_64 0:0.9.8-2.1.el6_8.1
libgomp.x86_64 0:4.4.7-17.el6 mpfr.x86_64 0:2.4.1-6.el6
ppl.x86_64 0:0.10.2-11.el6 tcl.x86_64 1:8.5.7-6.el6
tix.x86_64 1:8.4.3-5.el6 tk.x86_64 1:8.5.7-5.el6
tkinter.x86_64 0:2.6.6-66.el6_8

Complete!
Creating virtual environment...
Installing Python packages...
Installation succeeded.
/root/.local/share/letsencrypt/lib/python2.6/site-packages/cryptography/__init__.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6
DeprecationWarning

日志
Version: 1.1-20080819
lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
x Saving debug log to /var/log/letsencrypt/letsencrypt.log x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj

输入网站网址 空格隔开
Version: 1.1-20080819
/root/.local/share/letsencrypt/lib/python2.6/site-packages/dialog.py:779: DeprecationWarning: the DIALOG_OK attribute of Dialog instances is obsolete; use the Dialog.OK class attribute instead.
DeprecationWarning)

                 lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
                 x No names were found in your      x
                 x configuration files. Please      x
                 x enter in your domain name(s)     x
                 x (comma and/or space separated)   x
                 x lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x
                 x xlocalhost.com www.localhost.com x
                 x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj x
                 tqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqu
                 x       <  OK  >    <Cancel>       x
                 mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj

输入邮箱地址

                    lqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
                    x Enter email address (used  x
                    x for urgent notices and     x
                    x lost key recovery)         x
                    x lqqqqqqqqqqqqqqqqqqqqqqqqk x
                    x [email protected]           x x
                    x mqqqqqqqqqqqqqqqqqqqqqqqqj x
                    tqqqqqqqqqqqqqqqqqqqqqqqqqqqqu
                    x   <  OK  >  <Cancel>       x
                    mqqqqqqqqqqqqqqqqqqqqqqqqqqqqj

保存日志
lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
x Saving debug log to /var/log/letsencrypt/letsencrypt.log x
x Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj

同意协议

lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
x Please read the Terms of Service at                               x
x https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf. x
x You must agree in order to register with the ACME server at       x
x https://acme-v01.api.letsencrypt.org/directory                    x
tqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqu
x                   <Agree >          <Cancel>                      x
mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj

保存日志,开始验证连接
lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
x Saving debug log to /var/log/letsencrypt/letsencrypt.log x
x Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org x
x Obtaining a new certificate x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj

验证并申请证书
lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
x Saving debug log to /var/log/letsencrypt/letsencrypt.log x
x Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org x
x Obtaining a new certificate x
x Performing the following challenges: x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj

申请证书
lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
x Saving debug log to /var/log/letsencrypt/letsencrypt.log x
x Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org x
x Obtaining a new certificate x
x Performing the following challenges: x
x tls-sni-01 challenge for localhost.com x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj

验证网站所有权并申请
lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
x Saving debug log to /var/log/letsencrypt/letsencrypt.log x
x Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org x
x Obtaining a new certificate x
x Performing the following challenges: x
x tls-sni-01 challenge for localhost.com x
x tls-sni-01 challenge for www.localhost.com x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj

配置SSL.conf
lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
x We were unable to find a vhost with a ServerName or Address of x
x localhost.com. x
x Which virtual host would you like to choose? x
x (note: conf files with multiple vhosts are not yet supported) x
x lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x
x x1 ssl.conf | | HTTPS x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj x
tqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqu
x < Select > < Cancel > x
mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj

配置SSL.conf
lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
x We were unable to find a vhost with a ServerName or Address of x
x www.localhost.com. x
x Which virtual host would you like to choose? x
x (note: conf files with multiple vhosts are not yet supported) x
x lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x
x x1 ssl.conf | | HTTPS x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj x
tqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqu
x < Select > < Cancel > x
mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj

申请证书并验证
lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
x Saving debug log to /var/log/letsencrypt/letsencrypt.log x
x Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org x
x Obtaining a new certificate x
x Performing the following challenges: x
x tls-sni-01 challenge for localhost.com x
x tls-sni-01 challenge for www.localhost.com x
x Waiting for verification... x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj

关闭握手
lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
x Saving debug log to /var/log/letsencrypt/letsencrypt.log x
x Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org x
x Obtaining a new certificate x
x Performing the following challenges: x
x tls-sni-01 challenge for localhost.com x
x tls-sni-01 challenge for www.localhost.com x
x Waiting for verification... x
x Cleaning up challenges x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj

保存证书
lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
x Saving debug log to /var/log/letsencrypt/letsencrypt.log x
x Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org x
x Obtaining a new certificate x
x Performing the following challenges: x
x tls-sni-01 challenge for localhost.com x
x tls-sni-01 challenge for www.localhost.com x
x Waiting for verification... x
x Cleaning up challenges x
x Generating key (2048 bits): x
x /etc/letsencrypt/keys/0000_key-certbot.pem x
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x
mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj

保存证书
lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
x Saving debug log to /var/log/letsencrypt/letsencrypt.log x
x Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org x
x Obtaining a new certificate x
x Performing the following challenges: x
x tls-sni-01 challenge for localhost.com x
x tls-sni-01 challenge for www.localhost.com x
x Waiting for verification... x
x Cleaning up challenges x
x Generating key (2048 bits): x
x /etc/letsencrypt/keys/0000_key-certbot.pem x
x Creating CSR: /etc/letsencrypt/csr/0000_csr-certbot.pem x
x x
x x
x x
x x
x x
x x
x x
x x
x x
mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj

配置SSL.conf
lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
x We were unable to find a vhost with a ServerName or Address of x
x localhost.com. x
x Which virtual host would you like to choose? x
x (note: conf files with multiple vhosts are not yet supported) x
x lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x
x x1 ssl.conf | | HTTPS x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj x
tqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqu
x < Select > < Cancel > x
mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj

保存证书
lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
x Saving debug log to /var/log/letsencrypt/letsencrypt.log x
x Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org x
x Obtaining a new certificate x
x Performing the following challenges: x
x tls-sni-01 challenge for localhost.com x
x tls-sni-01 challenge for www.localhost.com x
x Waiting for verification... x
x Cleaning up challenges x
x Generating key (2048 bits): x
x /etc/letsencrypt/keys/0000_key-certbot.pem x
x Creating CSR: /etc/letsencrypt/csr/0000_csr-certbot.pem x
x Deploying Certificate to VirtualHost /etc/httpd/conf.d/ssl.conf x
x x
x x
x x
x x
x x
x x
x x
x x
mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj

配置SSL.conf
lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
x We were unable to find a vhost with a ServerName or Address of x
x www.localhost.com. x
x Which virtual host would you like to choose? x
x (note: conf files with multiple vhosts are not yet supported) x
x lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x
x x1 ssl.conf | localhost.com | HTTPS x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj x
tqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqu
x < Select > < Cancel > x
mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj

保存证书
lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
x Saving debug log to /var/log/letsencrypt/letsencrypt.log x
x Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org x
x Obtaining a new certificate x
x Performing the following challenges: x
x tls-sni-01 challenge for localhost.com x
x tls-sni-01 challenge for www.localhost.com x
x Waiting for verification... x
x Cleaning up challenges x
x Generating key (2048 bits): x
x /etc/letsencrypt/keys/0000_key-certbot.pem x
x Creating CSR: /etc/letsencrypt/csr/0000_csr-certbot.pem x
x Deploying Certificate to VirtualHost /etc/httpd/conf.d/ssl.conf x
x Deploying Certificate to VirtualHost /etc/httpd/conf.d/ssl.conf x
x x
x x
x x
x x
x x
x x
x x
mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj

配置证书类型
简单加密 还是 全站加密
lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
x Please choose whether HTTPS access is required or optional. x
x lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x
x x Easy Allow both HTTP and HTTPS access to these sites x x
x x Secure Make all requests redirect to secure HTTPS access x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj x
tqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqu
x < OK > x
mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj

配置SSL.conf
lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
x Saving debug log to /var/log/letsencrypt/letsencrypt.log x
x Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org x
x Obtaining a new certificate x
x Performing the following challenges: x
x tls-sni-01 challenge for localhost.com x
x tls-sni-01 challenge for www.localhost.com x
x Waiting for verification... x
x Cleaning up challenges x
x Generating key (2048 bits): x
x /etc/letsencrypt/keys/0000_key-certbot.pem x
x Creating CSR: /etc/letsencrypt/csr/0000_csr-certbot.pem x
x Deploying Certificate to VirtualHost /etc/httpd/conf.d/ssl.conf x
x Deploying Certificate to VirtualHost /etc/httpd/conf.d/ssl.conf x
x Created redirect file: le-redirect-localhost.com.conf x
x x
x x
x x
x x
x x
x x
mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj

保存证书
lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
x Saving debug log to /var/log/letsencrypt/letsencrypt.log x
x Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org x
x Obtaining a new certificate x
x Performing the following challenges: x
x tls-sni-01 challenge for localhost.com x
x tls-sni-01 challenge for www.localhost.com x
x Waiting for verification... x
x Cleaning up challenges x
x Generating key (2048 bits): x
x /etc/letsencrypt/keys/0000_key-certbot.pem x
x Creating CSR: /etc/letsencrypt/csr/0000_csr-certbot.pem x
x Deploying Certificate to VirtualHost /etc/httpd/conf.d/ssl.conf x
x Deploying Certificate to VirtualHost /etc/httpd/conf.d/ssl.conf x
x Created redirect file: le-redirect-localhost.com.conf x
x Rollback checkpoint is empty (no changes made?) x
x x
x x
x x
x x
x x
mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj

完成

 lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
 x Congratulations! You have successfully enabled                  x
 x https://localhost.com and https://www.localhost.com             x
 x                                                                 x
 x You should test your configuration at:                          x
 x https://www.ssllabs.com/ssltest/analyze.html?d=localhost.com    x
 x https://www.ssllabs.com/ssltest/analyze.html?d=www.localhost.comx
 tqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqu
 x                           <  OK  >                              x
 mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj

IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at
    /etc/letsencrypt/live/localhost.com/fullchain.pem. Your cert will
    expire on 2010-03-00. To obtain a new or tweaked version of this
    certificate in the future, simply run certbot-auto again with the
    "certonly" option. To non-interactively renew all of your
    certificates, run "certbot-auto renew"
  • If you lose your account credentials, you can recover through
    e-mails sent to [email protected].
  • Your account credentials have been saved in your Certbot
    configuration directory at /etc/letsencrypt. You should make a
    secure backup of this folder now. This configuration directory will
    also contain certificates and private keys obtained by Certbot so
    making regular backups of this folder is ideal.

  • If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
    Donating to EFF: https://eff.org/donate-le

3个月更新一次
使用此命令
certbot-auto renew
如果懒,写个计划任务脚本
参见
https://imququ.com/post/letsencrypt-certificate.html

如果提示失败,那么请使用rollback命令
前提是日志有保存!

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: localhost.com
    Type: unauthorized
    Detail: Incorrect validation certificate for TLS-SNI-01 challenge.
    Requested
    !!!!! e011376b4af110335.1a0cc4ffefb107b4.acme.invalid !!!!!
    from 127.000.000.001:443. Received certificate containing
    'localhost, www.localhost.com'

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A record(s) for that domain
    contain(s) the right IP address.

本站由以下要素构成
1.域名 外网可正常访问和指向
2.空间 外网可正常访问和指向
3.域名绑定空间做指针指向

原文参考:
http://www.linuxidc.com/Linux/2014-07/104563.htm
架构 LAMP CNETOS

1、安装Apache
[root@localhost ~]# yum -y install httpd

开机自启动

[root@localhost ~]# chkconfig httpd on

启动httpd 服务

[root@localhost ~]# service httpd start

安装 SSL 建议此步骤在安装mysql完成后进行

root@localhost ~]# yum -y install httpd-manual mod_ssl mod_perl mod_auth_mysql

2、安装配置MySQL

mysql 客户端程序

mysql-server服务端程序

mysql-devel开发设计的库

[root@localhost ~]# yum -y install mysql mysql-server mysql-devel

开机启动

[root@localhost ~]# chkconfig mysqld on

启动mysqld服务

[root@localhost ~]# service mysqld start

进行一些安全性配置

[root@localhost ~]# /usr/bin/mysql_secure_installation

检查是否成功

[root@localhost ~]# netstat -tulpn | grep -i mysql

tcp0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 1723/mysqld

OK, 我们看到mysqld已经启动,监听在3306端口上。

3.安装 PHP
安装相关模块:为了让PHP支持MySQL,我们可以安装php-mysql软件包;

[root@localhost ~]# yum -y install php php-mysql

安装php常用扩展

[root@localhost ~]# yum search php

搜索可用的php模块

[root@localhost ~]# yum -y install gd php-gd gd-devel php-xml php-common php-mbstring php-ldap php-pear php-xmlrpc php-imap

其他PHP模块

[root@localhost ~]# yum -y php-需要模块名称

PHP7只需要安装一下即安装以上
yum install php70w-common php70w-fpm php70w-opcache php70w-gd php70w-mysqlnd php70w-mbstring php70w-pecl-redis php70w-pecl-memcached php70w-devel

安装之前先同步源
http://blog.csdn.net/dxywx/article/details/50609137

CentOS/RHEL 7.x:

rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
CentOS/RHEL 6.x:

rpm -Uvh https://mirror.webtatic.com/yum/el6/latest.rpm
Now you can install PHP 7.0 (along with an opcode cache) by doing:

yum install php70w php70w-opcache

重启httpd服务,这一步很重要

[root@localhost ~]# service httpd restart

这里可以下探针查看服务器配置
http://www.yahei.net/
http://down.chinaz.com/server/201206/1994_1.htm
或者
vi命令建一个phpinfo

[root@localhost ~]# cd /var/www/html/
[root@localhost html]# vi index.php

PHPINFO请百度

iptables没设置错,不出意外,在浏览器键入http://域名 或 http://IP

应该会看到测试页面

剩下的如果PHP扩展没安装安装Mcrypt
方案1.
查询命令
原文参考:
http://www.cnblogs.com/ccdc/archive/2013/04/19/3030156.html
原文参考:
http://www.yiweihy.com/knowledge/develop/176-centos-yum-mcrypt.html
1.安装如下更新
epel-release-6-5.noarch.rpm

[root@localhost ~]# rpm -ivh epel-release-6-7.noarch.rpm

yum update 更新系统

[root@localhost ~]# yum update

2.查看是否已经有了 EPEL(Extra Packages for Enterprise Linux) 扩展包

[root@localhost ~]# yum repolist

3.执行命令:

安装mcrypt扩展包

[root@localhost ~]yum install php-mcrypt

重启apache使扩展生效

[root@localhost ~]# service httpd restart

方案2
原文参考:
http://www.blogjava.net/nkjava/archive/2015/01/20/422289.html
Centos下Yum安装PHP5.5,5.6,7.0
默认的版本太低了,手动安装有一些麻烦,想采用Yum安装的可以使用下面的方案:
1.检查当前安装的PHP包

[root@localhost ~]yum list installed | grep php

如果有安装的PHP包,先删除他们

[root@localhost ~]yum remove php.x86_64 php-cli.x86_64 php-common.x86_64 php-gd.x86_64 php-ldap.x86_64 php-mbstring.x86_64 php-mcrypt.x86_64 php-mysql.x86_64 php-pdo.x86_64

2.
Centos 5.X

[root@localhost ~]rpm -Uvh http://mirror.webtatic.com/yum/el5/latest.rpm

CentOs 6.x

[root@localhost ~]rpm -Uvh http://mirror.webtatic.com/yum/el6/latest.rpm

CentOs 7.X
[root@localhost ~]rpm -Uvh https://mirror.webtatic.com/yum/el7/epel-release.rpm
[root@localhost ~]rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm

如果想删除上面安装的包,重新安装
rpm -qa | grep webstatic
rpm -e 上面搜索到的包即可

3.运行

[root@localhost ~]yum install php55w.x86_64 php55w-cli.x86_64 php55w-common.x86_64 php55w-gd.x86_64 php55w-ldap.x86_64 php55w-mbstring.x86_64 php55w-mcrypt.x86_64 php55w-mysql.x86_64 php55w-pdo.x86_64

[root@localhost ~]yum install php56w.x86_64 php56w-cli.x86_64 php56w-common.x86_64 php56w-gd.x86_64 php56w-ldap.x86_64 php56w-mbstring.x86_64 php56w-mcrypt.x86_64 php56w-mysql.x86_64 php56w-pdo.x86_64

注:如果想升级到5.6把上面的55w换成56w就可以了。

[root@localhost ~]yum install php70w.x86_64 php70w-cli.x86_64 php70w-common.x86_64 php70w-gd.x86_64 php70w-ldap.x86_64 php70w-mbstring.x86_64 php70w-mcrypt.x86_64 php70w-mysql.x86_64 php70w-pdo.x86_64

4.安装PHP FPM
[root@localhost ~]yum install php55w-fpm
[root@localhost ~]yum install php56w-fpm
[root@localhost ~]yum install php70w-fpm

注:如果想升级到5.6把上面的55w换成56w就可以了。

4.上传需要的网页程序
执行并安装,如此BOLG程序

  1. 1
  2. ...
  3. 7
  4. 8
  5. 9
  6. 10