Shulou(Shulou.com)06/03 Report--

This article introduces the relevant knowledge of "how to install and apply for a Let's Encrypt certificate". Many people will encounter such a dilemma in the operation of actual cases, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

Problem description

This note will record how to install the Certbot tool in Linux and use it to apply for a certificate, as well as the handling of related issues.

Solution consideration

This section is a brief description. For more information, please refer to the official certbot instructions page and follow the prompts. The following is the general flow of the operation:

1) Select the site server software and the operating system distribution

2) check whether the conditions are met

3) install the software package according to the prompts

4) execute the command to generate the certificate

5) visit the site to check whether the certificate is valid

6) add a scheduled task to achieve automatic certificate renewal

On Debian GNU/Linux 10 (buster) # environment sets up apt updateapt install python3 python3-venv libaugeas0# installation certbot command python3- m venv / srv/certbot//srv/certbot/bin/pip install-- upgrade pip/srv/certbot/bin/pip install certbotln-s / srv/certbot/bin/certbot / usr/bin/certbot# certificate application operation. # scheduled task to complete automatic certificate renewal echo "0 root 12 * root / srv/certbot/bin/python-c 'import random; import time Time.sleep (random.random () * 3600)'& & certbot renew-Q-- post-hook 'systemctl reload nginx' "\ | sudo tee-a / etc/crontab > / dev/nullon CentOS 7.4with PIP3.6

Experience: this kind of thing should be done in a virtual environment, and all Python applications that are related to applications and have nothing to do with system management should be done in virtual environments. If you do it in the system environment, yum install,pip2.7 install directly, wait and see, sooner or later there will be an uncomfortable time.

We are not in a virtual environment, because the system does not use a Python 3.6environment, so we can directly use:

Pip3.6 install certbot certbot-nginx certbot-dns-aliyunCertbot 1.0.0 on CentOS 7.4 installation of Certbot tools # install the related software package yum install-y epel-releaseyum-y install yum-utilsyum-config-manager-- enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optional# Security Install and obtain certificate yum install certbot python2-certbot-nginx#### request certificate and configure # # apply for Nginx certificate And automatically modify the Nginx configuration certbot-- nginx# only generates the certificate, but does not modify the configuration # certbot certonly-- nginx# configure the certificate to be automatically renewed echo "0 root python 12 * root python-c 'import random Import time Time.sleep (random.random () * 3600)'& & certbot renew "\ | tee-a / etc/crontab > / dev/null#### verification The certificate is configured correctly # visit the site to confirm whether the HTTPS is valid Certbot on Debian 8 (jessie) # # the first step, Install Certbot tools # apt-get remove certbotwget https://dl.eff.org/certbot-automv certbot-auto / usr/local/bin/certbot-autochown root / usr/ Step 2 of local/bin/certbot-autochmod 0755 / usr/local/bin/certbot-auto####, Apply for certificate and configure # apply for certificate / usr/local/bin/certbot-auto-- nginx# / usr/local/bin/certbot-auto certonly- -nginx # or just generate a certificate Do not modify the configuration # configure automatic certificate renewal echo "0 root python 12 * certificate-c 'import random Import time Time.sleep (random.random () * 3600)'& & / usr/local/bin/certbot-auto renew "\ | tee-a / etc/crontab > / dev/null#### # step 3, Verify that the configuration is correct # visit the site To confirm whether the HTTPS is effective or not with additional instructions to automatically restart the service

After automatic certificate renewal, you may need to restart the service to load the certificate:

Certbot-Q renew--renew-hook "/ etc/init.d/nginx reload" about scheduled tasks

Scheduled tasks are used to complete certificate renewal. Where sleep () is in seconds and random () is between 0 and 1, so it executes at 12:00 and 00:00 every day, and hibernates for up to one hour during execution.

FAQ summary card in the installing python packages step

No response "Installing Python packages" # 2516

Problem description: in Debian, after the / usr/local/bin/certbot-auto-- nginx command is executed, it invokes the pip command to install the relevant Python package, which is time to get stuck.

The cause of the problem: when executing the pip command, it accesses the official warehouse and cannot download normally and quickly due to network reasons.

Solution: modify the $HOME/.pip/pip.conf file and configure the following (using Ali Cloud image):

This is the end of [global] index-url = http://mirrors.aliyun.com/pypi/simple/[install]trusted-host=mirrors.aliyun.com" how to install and apply for a Let's Encrypt certificate. Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.