Let’s Encrypt 免费获取网站域名的https证书
昨日搭建完成网站之后,用Dnspod配置好了指向IP的A解析,之前也配置好了NS解析(配置:https://cloud.tencent.com/document/product/302/3449),然后发现域名出现了一种奇怪的问题,由于某种众所周知的原因无法访问:
具体参考见:https://www.v2ex.com/t/223261
看来必须配置https证书了!
比较懒,照搬英文教程,有问题的地方我会标注指明。
环境:Apache CentOS 7
原教程:https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-centos-7
-Introduction
Let’s Encrypt is a Certificate Authority (CA) that provides free certificates for Transport Layer Security (TLS) encryption, thereby enabling encrypted HTTPS on web servers. It simplifies the process of creation, validation, signing, installation, and renewal of certificates by providing a software client that automates most of the steps—Certbot.
In this tutorial, you will use Certbot to set up a TLS/SSL certificate from Let’s Encrypt on a CentOS 7 server running Apache as a web server. Additionally, you will automate the certificate renewal process using a cron job, which you can learn more about by reading How To Use Cron To Automate Tasks On a VPS.
-Prerequisites
In order to complete this guide, you will need:
- One CentOS 7 server set up by following the CentOS 7 initial server setup guide with a non-root user who has
sudoprivileges. - A basic firewall condivd by following the Additional Recommended Steps for New CentOS 7 Servers guide.
- Apache installed on the CentOS 7 server with a virtual host condivd. You can learn how to set this up by following our tutorial How To Install the Apache Web Server on CentOS 7. Be sure that you have a virtual host file for your domain. This tutorial will use
/etc/httpd/sites-available/example.com.confas an example.
建立虚拟主机:https://zhuanlan.zhihu.com/p/161412397
- You should own or control the registered domain name that you wish to use the certificate with. If you do not already have a registered domain name, you may purchase one on Namecheap, get one for free on Freenom, or use the domain registrar of your choice.
- A DNS A Record that points your domain to the public IP address of your server. You can follow this introduction to DigitalOcean DNS for details on how to add them with the DigitalOcean platform. DNS A records are required because of how Let’s Encrypt validates that you own the domain it is issuing a certificate for. For example, if you want to obtain a certificate for
example.com, that domain must resolve to your server for the validation process to work. Our setup will useexample.comandwww.example.comas the domain names, both of which will require a valid DNS record.
When you have all of these prerequisites completed, move on to install the Let’s Encrypt client software.
官网:
https://letsencrypt.org/
评论