12月 232019
确认物理及系统防火墙80端口可访问
确认EPEL已安装并更新缓存
[root@s4 ~]# yum makecache Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile epel/x86_64/metalink | 17 kB 00:00 * base: mirror.scalabledns.com * epel: mirror.lax.genesisadaptive.com * extras: mirrors.sonic.net * updates: mirrors.sonic.net base | 3.6 kB 00:00 epel | 5.4 kB 00:00 extras | 2.9 kB 00:00 updates | 2.9 kB 00:00 (1/9): epel/x86_64/filelists_db | 12 MB 00:00 (2/9): epel/x86_64/updateinfo | 1.0 MB 00:00 (3/9): epel/x86_64/prestodelta | 4.1 kB 00:00 (4/9): epel/x86_64/primary_db | 6.9 MB 00:00 (5/9): epel/x86_64/other_db | 3.3 MB 00:00 (6/9): epel/x86_64/updateinfo_zck | 1.5 MB 00:00 (7/9): updates/7/x86_64/filelists_db | 3.3 MB 00:00 (8/9): updates/7/x86_64/other_db | 368 kB 00:00 (9/9): updates/7/x86_64/primary_db | 5.9 MB 00:00 Metadata Cache Created [root@s4 ~]#
安装certbot工具
[root@s4 ~]# yum -y install certbot
确认所需服务器证书之CommonName已正确指向本机IP
执行证书申请
[root@s4 ~]# certbot certonly Saving debug log to /var/log/letsencrypt/letsencrypt.log How would you like to authenticate with the ACME CA? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: Spin up a temporary webserver (standalone) 2: Place files in webroot directory (webroot) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1 Plugins selected: Authenticator standalone, Installer None Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): harvey.mei@linuxcache.com Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v02.api.letsencrypt.org/directory - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (A)gree/(C)ancel: A - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y Starting new HTTPS connection (1): supporters.eff.org Please enter in your domain name(s) (comma and/or space separated) (Enter 'c' to cancel): s4.linuxcache.net Obtaining a new certificate Performing the following challenges: http-01 challenge for s4.linuxcache.net Waiting for verification... Cleaning up challenges IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/s4.linuxcache.net/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/s4.linuxcache.net/privkey.pem Your cert will expire on 2020-03-26. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le - We were unable to subscribe you the EFF mailing list because your e-mail address appears to be invalid. You can try again later by visiting https://act.eff.org. [root@s4 ~]#
证书更新
全部证书
certbot renew
指定证书
certbot renew --cert-name example.com