Shulou(Shulou.com)06/03 Report--

This article mainly shows you "aspnetcore how to use Let's Encrypt to support https", the content is easy to understand, clear, hope to help you solve your doubts, the following let the editor lead you to study and learn "aspnetcore how to use Let's Encrypt to support https" this article.

Let's Encrypt is a free project that automatically issues https certificates.

Certbot is a client tool officially recommended by Let's Encrypt for certificate generation.

Basic operation 0 preparation work

The domain name to be issued (such as you.domain.com) is resolved to a server that can be accessed normally on the external network.

1 Log in to the server my-pc$ ssh user@you.domain.com2 to install certbot

Take Ubuntu 16.04 as an example.

Each system is installed in different ways, which can be found on the home page of the official website.

My-server$ cat / etc/issueUbuntu 16.04.2 LTS\ n\ lmy-server$ sudo apt-get updatemy-server$ sudo apt-get install software-properties-commonmy-server$ sudo add-apt-repository ppa:certbot/certbotmy-server$ sudo apt-get updatemy-server$ sudo apt-get install certbotmy-server$ certbot-- versioncertbot 0.19.03 check port occupancy

If port 443 on the server is being occupied, please shut down the corresponding service process first

Otherwise, it may cause an error in the operation of certbot.

4 start making the certificate my-server$ certbot certonly-> Open the command Saving debug log to / var/log/letsencrypt/letsencrypt.logHow would you like to authenticate with the ACME CA?1: Spin up a temporary webserver (standalone) 2: Place files in webroot directory (webroot) Select the appropriate number [1-2] then [enter] (press 'c'to cancel): 1-> here we choose 1 standalone mode Plugins selected: Authenticator standalone Installer NoneEnter email address (used for urgent renewal and security notices) (Enter 'c' tocancel): you@gmail.com-> enter your email account creation account (it will only appear when you use it for the first time) Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf. You must agreein order to register with the ACME server at https://acme-v01.api.letsencrypt.org/directory(A)gree/(C)ancel: a-> Select A to agree (only when it is first used) Would you be willing to share your email address with the Electronic FrontierFoundation, a founding partner of the Let's Encrypt project and the non-profitorganization that develops Certbot? We'd like to send you email about EFF andour work to encrypt the web Protect its users and defend digital rights. (y) es/ (N) o: y-> Select Y or N (only for first use) Please enter in your domain name (s) (comma and/or space separated) (Enter 'c'to cancel): you.domain.com-> here enter the domain name Obtaining a new certificatePerforming the following challenges:tls-sni-01 challenge for you.domain for which you want to make a certificate ComWaiting for verification...Cleaning up challengesIMPORTANT NOTES:-Congratulations! Your certificate and chain have been saved at: / etc/letsencrypt/live/you.domain.com/fullchain.pem Your key file has been saved at: / etc/letsencrypt/live/you.domain.com/privkey.pem Your cert will expire on 2018-01-26. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew * all* of your certificates, run "certbot renew"-If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-lemy-server$ ls / etc/letsencrypt/live/you.domain.com/-> Certificate file directory cert.pem chain.pem fullchain.pem privkey.pem README

Seeing the Congratulations below the IMPORTANT NOTES indicates that the certificate has been successfully issued

You can go to the / etc/letsencrypt/live/you.domain.com/ directory to view the relevant generated files

Advanced operation uses port 80

The default standalone is to use port 443, which means to stop the process on which the server now occupies port 443

We can also change it to use port 80, by the same token, we need to stop the occupation of port 80.

My-server$ certbot certonly-standalone-n-agree-tos-email you@gmail.com-preferred-challenges http-d you.domain.com

-n non-interactive

-- email designated account

-- agree-tos agrees to service agreement

Use nginx mode

Install nginx and plug-ins

My-server$ apt-get install nginxmy-server$ apt-get install python-certbot-nginxmy-server$ certbot--nginx-d you.domain.com uses manual mode

Manual mode is actually similar to webroot, the main difference is that certbot automatically adds files to webroot, so that you do it manually.

My-server$ certbot certonly-manual-d you.domain.comSaving debug log to / var/log/letsencrypt/letsencrypt.logObtaining a new certificatePerforming the following challenges:http-01 challenge for you.domain.comNOTE: The IP of this machine will be publicly logged as having requested thiscertificate. If you're running certbot in manual mode on a machine that is notyour server Please ensure you're okay with that.Are you OK with your IP being logged? (y) es/ (N) o: y-> choose YCreate a file containing just this data:_Pamo3hOMx37O-KHIioWO1P0hbTLZusEZ2a2iCf7PDQ.8CyQk-SfDMR10nk7DuGBFA4IEpVhm1OySU-nSItD1BEAnd make it available on your web server at this URL: http://you.domain.com/.well-known/acme-challenge/_Pamo3hOMx37O-KHIioWO1P0hbTLZusEZ2a2iCf7PDQPress Enter to Continue-> you need to make sure http://you.domain.com The result returned by / .well-known/acme-challenge/_Pamo3hOMx37O-KHIioWO1P0hbTLZusEZ2a2iCf7PDQ this url is _ Pamo3hOMx37O-KHIioWO1P0hbTLZusEZ2a2iCf7PDQ.8CyQk-SfDMR10nk7DuGBFA4IEpVhm1OySU-nSItD1BE (this data is random Each time is different) when you do, press enter to continue Waiting for verification...Cleaning up challengesIMPORTANT NOTES:-Congratulations! Your certificate and chain have been saved at: / etc/letsencrypt/live/you.domain.com/fullchain.pem Your key file has been saved at: / etc/letsencrypt/live/you.domain.com/privkey.pem Your cert will expire on 2018-01-27. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew * all* of your certificates, run "certbot renew"-If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le View and manage all certificates on the current server my-server$ certbot certificates uses https certificates

Take nginx as an example

Server {listen 80; listen 443ssl; server_name you.domain.com; ssl_certificate / etc/letsencrypt/live/you.domain.com/fullchain.pem; ssl_certificate_key / etc/letsencrypt/live/you.domain.com/privkey.pem; #...} what are the restrictions on letsencrypt?

For second-level domain names under the same top-level domain, apply for 20 more a week.

A domain name can be applied for up to 5 times a week.

A maximum of 5 failures are allowed per hour

The request frequency needs to be less than 20 / s.

Create a maximum of 10 accounts in 3 hours per ip

A maximum of 300 pending audits exist in an account.

Test mode limit

Add the parameter-- staging after the certbot command to make the restriction looser, but not a formal certificate

For second-level domain names under the same top-level domain, apply for more than 30000 domain names a week.

A domain name can be applied for up to 30000 times a week.

A maximum of 60 failures are allowed in an hour

Create a maximum of 50 accounts in 3 hours per ip

Convert to aspnetcore available certificate openssl pkcs12-export-out cert.pfx-passout pass: your password-inkey privkey.pem-in cert.pem-certfile fullchain.pem is used in aspnetcore, modify the Program.cs file to load the certificate. ConfigureWebHostDefaults (webBuilder = > {webBuilder.UseStartup () .UseKestrel (options = > {options.AddServerHeader = false) # if! DEBUG options.ConfigureHttpsDefaults (co = > {var cert = new X509Certificate2 (File.ReadAllBytes (@ ". / cert.pfx"), "your password"); co.ServerCertificate = cert;}); # endif}) }) these are all the contents of the article "how aspnetcore uses Let's Encrypt to support https". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.