{"id":1758,"date":"2023-06-29T21:51:30","date_gmt":"2023-06-29T13:51:30","guid":{"rendered":"https:\/\/www.aqwu.net\/wp\/?p=1758"},"modified":"2023-07-02T10:18:56","modified_gmt":"2023-07-02T02:18:56","slug":"%e5%ae%89%e8%a3%85-lets-encrypt-%e8%af%81%e4%b9%a6","status":"publish","type":"post","link":"https:\/\/www.aqwu.net\/wp\/?p=1758","title":{"rendered":"\u5b89\u88c5 Let’s Encrypt \u8bc1\u4e66"},"content":{"rendered":"\n

June 29, 2023<\/p>\n\n\n\n

Let’s Encrypt \u5b89\u88c5\u8bc1\u4e66\u7684\u65b9\u6cd5, ChatGPT \u63d0\u4f9b<\/p>\n\n\n\n

Let’s Encrypt \u63d0\u4f9b\u4e86\u4e00\u4e2a\u514d\u8d39\u3001\u81ea\u52a8\u5316\u3001\u5f00\u653e\u7684\u8bc1\u4e66\u9881\u53d1\u5e73\u53f0\uff0c\u8ba9\u60a8\u53ef\u4ee5\u83b7\u5f97\u548c\u5b89\u88c5 SSL\/TLS \u8bc1\u4e66\uff0c\u4ece\u800c\u4f7f\u4f60\u7684\u7f51\u7ad9\u80fd\u591f\u901a\u8fc7 HTTPS \u63d0\u4f9b\u670d\u52a1\u3002\u4e0b\u9762\u662f\u4e00\u4e2a\u57fa\u672c\u7684\u4f7f\u7528 certbot \u81ea\u52a8\u5316\u5b89\u88c5 Let’s Encrypt \u8bc1\u4e66\u7684\u6b65\u9aa4\uff0c\u4ee5 Debian\/Ubuntu \u4e3a\u4f8b\uff1a<\/p>\n\n\n\n

    \n
  1. \u5b89\u88c5 Certbot \u5ba2\u6237\u7aef\uff1a<\/li>\n<\/ol>\n\n\n\n
    $sudo apt-get update\nsudo apt-get install software-properties-common\nsudo add-apt-repository universe\nsudo add-apt-repository ppa:certbot\/certbot\nsudo apt-get update\nsudo apt-get install certbot python3-certbot-apache\n<\/code><\/pre>\n\n\n\n
      \n
    1. \u914d\u7f6e Apache \u6765\u4f7f\u7528 SSL\uff1a<\/li>\n<\/ol>\n\n\n\n
      $sudo certbot --apache -d your-domain.com -d www.your-domain.com
      <\/code><\/p>\n\n\n\n
      \u5728\u8fd9\u91cc\uff0c\u4f60\u9700\u8981\u5c06 your-domain.com<\/code> \u548c www.your-domain.com<\/code> \u66ff\u6362\u6210\u4f60\u7684\u5b9e\u9645\u57df\u540d\u3002<\/p>\n\n\n\n
        \n
      1. \u68c0\u67e5\u81ea\u52a8\u66f4\u65b0\u8bbe\u7f6e\uff1a<\/li>\n<\/ol>\n\n\n\n
        Let’s Encrypt \u7684\u8bc1\u4e66\u6bcf 90 \u5929\u9700\u8981\u66f4\u65b0\u4e00\u6b21\uff0cCertbot \u4f1a\u81ea\u52a8\u4e3a\u4f60\u505a\u8fd9\u4e2a\u5de5\u4f5c\u3002\u4f60\u53ef\u4ee5\u901a\u8fc7\u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\u6765\u68c0\u67e5\u5b83\u662f\u5426\u6b63\u5e38\u5de5\u4f5c\uff1a<\/p>\n\n\n\n
        $ sudo certbot renew --dry-run\n<\/code><\/pre>\n\n\n\n
        \u8fd9\u5c06\u6a21\u62df\u8bc1\u4e66\u7eed\u8ba2\u8fc7\u7a0b\uff0c\u4ee5\u4fbf\u60a8\u53ef\u4ee5\u786e\u8ba4\u5176\u81ea\u52a8\u66f4\u65b0\u6b63\u5e38\u3002<\/p>\n\n\n\n
        \u4ee5\u4e0a\u5c31\u662f\u901a\u8fc7 Certbot \u5728 Ubuntu\/Debian \u4e0a\u81ea\u52a8\u5316\u5b89\u88c5 Let’s Encrypt \u8bc1\u4e66\u7684\u57fa\u672c\u6b65\u9aa4\u3002\u5982\u679c\u4f60\u4f7f\u7528\u7684\u662f\u5176\u5b83\u7684\u7cfb\u7edf\u6216\u8005 web server\uff0c\u6bd4\u5982 CentOS \u6216\u8005 Nginx\uff0c\u6b65\u9aa4\u53ef\u80fd\u4f1a\u6709\u6240\u4e0d\u540c\uff0c\u4f60\u53ef\u4ee5\u53c2\u8003 Certbot \u7684\u5b98\u65b9\u6587\u6863\u8fdb\u884c\u64cd\u4f5c\u3002<\/p>\n\n\n\n
        root@mail:\/home\/ubuntu# add-apt-repository ppa:certbot\/certbot PPA publishes dbgsym, you may need to include ‘main\/debug’ component Repository: ‘deb https:\/\/ppa.launchpadcontent.net\/certbot\/certbot\/ubuntu\/ jammy main’ Description: The PPA has been DEPRECATED. To get up to date instructions on how to get certbot for your systems, please see https:\/\/certbot.eff.org\/docs\/install.html. More info: https:\/\/launchpad.net\/~certbot\/+archive\/ubuntu\/certbot Adding repository. Press [ENTER] to continue or Ctrl-c to cancel. Adding deb entry to \/etc\/apt\/sources.list.d\/certbot-ubuntu-certbot-jammy.list Adding disabled deb-src entry to \/etc\/apt\/sources.list.d\/certbot-ubuntu-certbot-jammy.list Adding key to \/etc\/apt\/trusted.gpg.d\/certbot-ubuntu-certbot.gpg with fingerprint 7BF576066ADA65728FC7E70A8C47BE8E75BCA694 Failed to start apt-news.service: Unit apt-news.service not found. Failed to start esm-cache.service: Unit esm-cache.service not found. Hit:1 http:\/\/ap-northeast-2.ec2.archive.ubuntu.com\/ubuntu jammy InRelease Hit:2 http:\/\/ap-northeast-2.ec2.archive.ubuntu.com\/ubuntu jammy-updates InRelease Hit:3 http:\/\/ap-northeast-2.ec2.archive.ubuntu.com\/ubuntu jammy-backports InRelease Hit:4 http:\/\/security.ubuntu.com\/ubuntu jammy-security InRelease Ign:5 https:\/\/ppa.launchpadcontent.net\/certbot\/certbot\/ubuntu jammy InRelease Hit:6 https:\/\/ppa.launchpadcontent.net\/groonga\/ppa\/ubuntu jammy InRelease Err:7 https:\/\/ppa.launchpadcontent.net\/certbot\/certbot\/ubuntu jammy Release 404 Not Found [IP: 185.125.190.52 443] Reading package lists… Done E: The repository ‘https:\/\/ppa.launchpadcontent.net\/certbot\/certbot\/ubuntu jammy Release’ does not have a Release file. N: Updating from such a repository can’t be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. root@mail:\/home\/ubuntu#ChatGPT<\/p>\n\n\n\n
        \u4ece\u4f60\u7684\u547d\u4ee4\u8f93\u51fa\u770b\uff0ccertbot\/certbot<\/code> \u8fd9\u4e2a PPA \u5df2\u7ecf\u88ab\u5f03\u7528\u4e86\u3002\u4f60\u5e94\u8be5\u9075\u5faa Certbot \u7684\u65b0\u7684\u5b89\u88c5\u6307\u5357\u3002\u4f60\u7684 Ubuntu \u7248\u672c\u53ef\u80fd\u6bd4\u6211\u4e4b\u524d\u7684\u5efa\u8bae\u66f4\u52a0\u65b0\uff0c\u56e0\u6b64\uff0c\u4f60\u5e94\u8be5\u4f7f\u7528 snapd \u6765\u5b89\u88c5 certbot\u3002\u4ee5\u4e0b\u662f\u901a\u8fc7 snap \u5b89\u88c5 Certbot \u7684\u6b65\u9aa4\uff1a<\/p>\n\n\n\n
          \n
        1. \u5982\u679c\u4f60\u7684\u7cfb\u7edf\u4e0a\u8fd8\u6ca1\u6709\u5b89\u88c5 snapd\uff0c\u4f60\u9700\u8981\u9996\u5148\u5b89\u88c5\u5b83\uff1a<\/li>\n<\/ol>\n\n\n\n
          $sudo apt update\nsudo apt install snapd\n<\/code><\/pre>\n\n\n\n
            \n
          1. \u4f7f\u7528 snap \u5b89\u88c5 Certbot\uff1a<\/li>\n<\/ol>\n\n\n\n
            $sudo snap install core; sudo snap refresh core\nsudo snap install --classic certbot\n<\/code><\/pre>\n\n\n\n
              \n
            1. \u786e\u4fdd Certbot \u547d\u4ee4\u53ef\u5728\u8def\u5f84\u4e2d\u627e\u5230\uff1a<\/li>\n<\/ol>\n\n\n\n
              $sudo ln -s \/snap\/bin\/certbot \/usr\/bin\/certbot\n<\/code><\/pre>\n\n\n\n
                \n
              1. \u8fd0\u884c Certbot \u6765\u914d\u7f6e\u4f60\u7684 SSL\uff1a<\/li>\n<\/ol>\n\n\n\n
                $sudo certbot --apache\n<\/code><\/pre>\n\n\n\n
                \u8fd9\u4e2a\u547d\u4ee4\u5c06\u4f1a\u81ea\u52a8\u83b7\u53d6\u548c\u914d\u7f6e SSL \u8bc1\u4e66\u3002\u6839\u636e\u63d0\u793a\u64cd\u4f5c\uff0c\u4f60\u53ef\u80fd\u9700\u8981\u63d0\u4f9b\u4f60\u7684\u90ae\u7bb1\u5730\u5740\u548c\u540c\u610f\u670d\u52a1\u6761\u6b3e\u3002\u5728\u8be2\u95ee\u662f\u5426\u8bbe\u7f6e HTTPS \u91cd\u5b9a\u5411\u65f6\uff0c\u9009\u62e9 \u201cSecure\u201d\u3002<\/p>\n\n\n\n
                  \n
                1. \u68c0\u67e5\u81ea\u52a8\u66f4\u65b0\u8bbe\u7f6e\uff1a<\/li>\n<\/ol>\n\n\n\n
                  $sudo certbot renew --dry-run\n<\/code><\/pre>\n\n\n\n
                  \u8fd9\u5c06\u6a21\u62df\u8bc1\u4e66\u7eed\u8ba2\u8fc7\u7a0b\uff0c\u4ee5\u4fbf\u60a8\u53ef\u4ee5\u786e\u8ba4\u5176\u81ea\u52a8\u66f4\u65b0\u6b63\u5e38\u3002<\/p>\n\n\n\n
                  \u4ee5\u4e0a\u5c31\u662f\u901a\u8fc7 snap \u5728 Ubuntu \u4e0a\u5b89\u88c5 Certbot \u7684\u6b65\u9aa4\u3002\u8fd9\u4e9b\u6b65\u9aa4\u5e94\u8be5\u9002\u7528\u4e8e Ubuntu 20.04 \u548c\u66f4\u9ad8\u7248\u672c\u3002\u5982\u679c\u4f60\u9047\u5230\u4efb\u4f55\u95ee\u9898\uff0c\u53ef\u4ee5\u53c2\u8003 Certbot \u7684\u5b98\u65b9\u6587\u6863<\/a>\u3002<\/p>\n\n\n\n
                  hich names would you like to activate HTTPS for? We recommend selecting either all domains, or all domains in a VirtualHost\/server block. – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – 1: huihui.ai – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – Select the appropriate numbers separated by commas and\/or spaces, or leave input blank to select all options shown (Enter ‘c’ to cancel): 1 Requesting a certificate for huihui.ai live directory exists for huihui.ai Ask for help or search for solutions at https:\/\/community.letsencrypt.org. See the logfile \/var\/log\/letsencrypt\/letsencrypt.log or re-run Certbot with -v for more details.ChatGPT<\/p>\n\n\n\n
                  \u4f60\u9047\u5230\u7684\u95ee\u9898\u53ef\u80fd\u662f\u7531\u4e8e\u5c1d\u8bd5\u4e3a\u5df2\u7ecf\u5b58\u5728\u7684\u8bc1\u4e66\u8bf7\u6c42\u65b0\u7684\u8bc1\u4e66\u3002live directory exists for huihui.ai<\/code> \u8fd9\u4e2a\u4fe1\u606f\u610f\u5473\u7740\u5df2\u7ecf\u6709\u4e00\u4e2a\u9488\u5bf9 huihui.ai<\/code> \u7684\u8bc1\u4e66\u5b58\u5728\u3002<\/p>\n\n\n\n
                  \u5982\u679c\u4f60\u53ea\u662f\u60f3\u66f4\u65b0\u73b0\u6709\u7684\u8bc1\u4e66\uff0c\u4f60\u53ef\u4ee5\u76f4\u63a5\u8fd0\u884c\uff1a<\/p>\n\n\n\n
                  $sudo certbot renew\n<\/code><\/pre>\n\n\n\n
                  \u5982\u679c\u4f60\u60f3\u8981\u4e3a huihui.ai<\/code> \u8bf7\u6c42\u65b0\u7684\u8bc1\u4e66\u5e76\u8986\u76d6\u73b0\u6709\u7684\u8bc1\u4e66\uff0c\u4f60\u53ef\u4ee5\u4f7f\u7528 --cert-name<\/code> \u53c2\u6570\uff1a<\/p>\n\n\n\n
                  $sudo certbot --cert-name huihui.ai --apache\n<\/code><\/pre>\n\n\n\n
                  \u8fd9\u5c06\u4f1a\u66f4\u65b0\u6307\u5b9a\u540d\u79f0\u7684\u8bc1\u4e66\u800c\u4e0d\u662f\u521b\u5efa\u65b0\u7684\u8bc1\u4e66\u3002\u6216\u8005\uff0c\u5982\u679c\u4f60\u60f3\u8981\u5f3a\u5236\u521b\u5efa\u4e00\u4e2a\u65b0\u7684\u8bc1\u4e66\u5e76\u8986\u76d6\u5df2\u7ecf\u5b58\u5728\u7684\u8bc1\u4e66\uff0c\u4f60\u53ef\u4ee5\u4f7f\u7528 --duplicate<\/code> \u53c2\u6570\uff1a<\/p>\n\n\n\n
                  $sudo certbot --apache --duplicate\n<\/code><\/pre>\n\n\n\n
                  \u4f46\u662f\u8981\u6ce8\u610f\uff0c\u91cd\u590d\u7684\u8bc1\u4e66\u8bf7\u6c42\u53ef\u80fd\u4f1a\u89e6\u53d1 Let’s Encrypt \u7684\u9891\u7387\u9650\u5236\uff0c\u6240\u4ee5\u53ea\u6709\u5728\u5fc5\u8981\u7684\u65f6\u5019\u624d\u4f7f\u7528\u8fd9\u4e2a\u9009\u9879\u3002<\/p>\n\n\n\n
                  \u8fd9\u4e9b\u64cd\u4f5c\u90fd\u9700\u8981\u6839\u636e Certbot \u7684\u63d0\u793a\u5b8c\u6210\u6b65\u9aa4\uff0c\u53ef\u80fd\u5305\u62ec\u63d0\u4f9b\u90ae\u7bb1\u5730\u5740\u3001\u540c\u610f\u670d\u52a1\u6761\u6b3e\u3001\u4ee5\u53ca\u8bbe\u7f6e HTTPS \u91cd\u5b9a\u5411\u7b49\u7b49\u3002\u5982\u679c\u9047\u5230\u95ee\u9898\uff0c\u4f60\u53ef\u4ee5\u67e5\u770b \/var\/log\/letsencrypt\/letsencrypt.log<\/code> \u65e5\u5fd7\u6587\u4ef6\u83b7\u53d6\u66f4\u591a\u4fe1\u606f\uff0c\u6216\u8005\u5728 Let’s Encrypt \u793e\u533a<\/a>\u5bfb\u6c42\u5e2e\u52a9\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"
                  June 29, 2023 Let’s Encrypt \u5b89\u88c5\u8bc1\u4e66\u7684\u65b9\u6cd5, ChatGPT \u63d0\u4f9b L […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[313,289],"tags":[242,367],"class_list":["post-1758","post","type-post","status-publish","format-standard","hentry","category-chatgpt","category-gpt","tag-chatgpt","tag-lets-encrypt-ssl-tls-"],"views":1742,"jetpack_sharing_enabled":true,"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=\/wp\/v2\/posts\/1758","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1758"}],"version-history":[{"count":2,"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=\/wp\/v2\/posts\/1758\/revisions"}],"predecessor-version":[{"id":1775,"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=\/wp\/v2\/posts\/1758\/revisions\/1775"}],"wp:attachment":[{"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1758"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1758"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1758"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}