Shulou(Shulou.com)06/01 Report--

Researchers from Mozilla, Cisco, Akamai, IdenTrust, EFF and the University of Michigan jointly announced the Let's Encrypt CA project, which plans to provide free basic SSL certificates to websites to accelerate the transition of the Internet from HTTP to HTTPS. Let's Encrypt CA will be operated by the non-profit organization Internet Security Research Group (ISRG). The project officially entered the public trial phase in the early morning of December 4, so we hurriedly applied for a trial.

I used to apply for certificates in BS, but this time in CS, I feel very fresh.

My server environment centos6.6

If you want to install python2.7,2.6, you will report an error when you apply.

Download address https://www.python.org/downloads/release/python-2710/

Wget tar zxf Python-2.7.10.tgzcd Python-2.7.10./configuremake & & make install# points the system python command to the new version which python/usr/local/bin/pythonrm / usr/local/bin/pythonln-s / usr/local/bin/python2.7 / usr/local/bin/python

two。 Download the letsencrypt client

Yum install-y gitgit clone https://github.com/letsencrypt/letsencrypt.gitcd letsencrypt./letsencrypt-auto-- helpUpdating letsencrypt and virtual environment dependencies.Running with virtualenv: / root/.local/share/letsencrypt/bin/letsencrypt-- help letsencrypt [SUBCOMMAND] [options] [- d domain] [- d domain]... The Let's Encrypt agent can obtain and install HTTPS/TLS/SSL certificates. Bydefault, it will attempt to use a webserver both for obtaining and installingthe cert. Major SUBCOMMANDS are: (default) run Obtain & install a cert in your current webserver certonly Obtain cert But do not install it (aka auth) install Install a previously obtained cert in a server revoke Revoke a previously obtained certificate rollback Rollback server configuration changes made during install config_changes Show changes made to server config during installation plugins Display information about installed pluginsChoice of server plugins for obtaining and installing cert:-- apache Use the Apache plugin for authentication & installation-- standalone Run a standalone webserver for authentication (nginx support is experimental, buggy And not installed by default)-- webroot Place files in a server's webroot folder for authenticationOR use different plugins to obtain (authenticate) the cert and then install it:-- authenticator standalone-- installer apacheMore detailed help:-- h,-- help [topic] print this message, or detailed help on a topic The available topics are: all, automation, paths, security, testing, or any of the subcommands or plugins (certonly, install, nginx, apache, standalone, webroot, etc)

3. The client can provide you with one-stop services such as application + automatic installation of apache/nginx. Here I choose DIY, only apply, do not bother the client, execute the following command

. / letsencrypt-auto certonly-- manual

Enter your domain name

Prompt whether to agree with them to record the ip address of your request. Agree.

This step is to verify the ownership of the domain name, which is critical.

What this means is that the client will access http://www.example.com/.well-known/acme-challenge/xiDWA8FkdWeTua7MIXBpQ3PeLt8jVu5Eimi4-jPsTHs to see if the output is xiDWA8FkdWeTua7MIXBpQ3PeLt8jVu5Eimi4-jPsTHs.MOcybE5RrQ_NsGgFybrHkVcTSohWn2z0JDfTtQkHKQE.

I installed the nginx server in advance, so all I need to do is to create a directory and corresponding content files in the root directory of my website, which can be accessed on the public network.

Cd / wwwroot/mkdir-p. / .well-known/acme-challenge/echo xiDWA8FkdWeTua7MIXBpQ3PeLt8jVu5Eimi4-jPsTHs.MOcybE5RrQ_NsGgFybrHkVcTSohWn2z0JDfTtQkHKQE >. / .well-known/acme-challenge/xiDWA8FkdWeTua7MIXBpQ3PeLt8jVu5Eimi4-jPsTHs try to get the output is normal. If curl is normal, press enter. (if you don't have a web server installed, you can follow the prompts to execute the command below # run only once per server)

4. Certificate obtained successfully

IMPORTANT NOTES:-Congratulations! Your certificate and chain have been saved at / etc/letsencrypt/live/example.com/fullchain.pem. Your cert will expire on 2016-03-03. To obtain a new version of the certificate in the future, simply run Let's Encrypt again. -If like Let's Encrypt, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le

A blog post will be posted later on how to use this certificate.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.