certbot apply for free SSL certificate, automatic renewal

Mobile 2023-08-09 02:42:10 views: null

Introduction

Let's Encrypt is a certificate authority, and Certbot is the client of Let's Encrypt. They use the ACME protocol to communicate with each other. There are other clients besides Certbot, but the official recommendation is CertBot . Certbot is a free and open source software that can automatically download from Let's Encrypt Encrypt downloads certificates, automatically renews certificates, and supports nginx/tomcat. In the past, we bought certificates from Alibaba Cloud and Tencent Cloud. With Let's Encrypt, we can save this part of the money.

Certbot is a free, open source software tool for automatically using
Let’s Encrypt certificates on manually-administrated websites to
enable HTTPS.

Let's Encrypt is a free, automated, and open certificate authority.

Let’s Encrypt is a free, automated, and open certificate authority
brought to you by the nonprofit Internet Security Research Group
(ISRG).

Install

To install certbot, you need to choose a web server and an operating system. For example, my web server is nginx, and my operating system is CentOS7. Check the CentOS version . I have to say that the documentation of Certbot is really detailed, and you can install it step by step according to the documentation. .

insert image description here
Briefly talk about the understanding of Certbot,

  • The certificate will be automatically generated according to the domain name,
  • Automatically add https configuration to nginx (optional, you can only generate certificates and manually configure nginx)
  • Automatic certificate renewal, (add scheduled tasks to regularly update expired certificates)
    • View the scheduled task command,systemctl list-timers

Problems encountered during installation

When executing sudo certbot --nginxthis step, an error was reported nginx command not found. After trying it, sudo which nginxthe nginx command could not be found, because it was installed openresty. Later, it ln -s /usr/local/openresty/nginx/sbin/nginx /usr/bin/nginxwas solved by using it. In fact, a soft link/usr/bin was created in the directory to point to the real nginx command path. After working with colleagues According to the discussion, it is more reasonable to use, so that you don't have to care about the installation directory of openresty.ln -s /usr/bin/openresty /usr/bin/nginx

Guess you like

Origin blog.csdn.net/wangjun5159/article/details/131120586
Recommended
TIOBE May list: Fortran “resurrected” into Top 10
GCC 14.1 released
Ranking
B. Little Girl and Game【1300 / 回文字符串 博弈论】
CIKERS Shane 20190613
"Javascript advanced programming" study notes - the constructor and prototype
beeline hiveserver2 start
springboot - Automatically backup mysql data every day
Data Storage Full Solution--Detailed Persistence Technology
Detailed Explanation of Spring Web MVC DispatcherServlet—Official Original
TCP / IP protocol layers structure and function
Command type literal pos: unknown; Fallback type literal pos: unknown] with root cause
Design of multifunctional curtain controller with indoor anti-theft alarm
Daily
More
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)

Code World

© 2018 codetd.com