Shulou(Shulou.com)06/01 Report--

How to use Let's Encrypt to generate free SSL certificates, for this problem, this article introduces the corresponding analysis and answers in detail, hoping to help more partners who want to solve this problem to find a more simple and easy way.

SSL (secure socket layer, Secure Sockets Layer) and its successor TLS (Transport layer Security, Transport Layer Security) are security protocols that provide security and data integrity for network communications. TLS and SSL encrypt the network connection at the transport layer.

The use of SSL

Through SSL encryption, the data interaction between the website and users will be more secure, and most of the network eavesdropping problems can be avoided. Usually in the case of high security requirements such as login and transactions, mandatory SSL encryption should be required.

In fact, only providing SSL on the login page can not really solve the security problem. In public environments such as public Wi-Fi, attackers can still obtain the user's login cookie to fake user identity, so it is necessary to encrypt the site as a whole.

In 2015, Douban, Baidu and many other websites finally launched the site-wide HTTPS after they could not stand the problems of hijacking and embedded advertising by operators, which is a major milestone in the domestic HTTPS application.

What is Let's Encrypt?

Let's Encrypt, a digital certificate certification body launched by the Internet Security Research Group (ISRG, a public welfare organization) in late 2015, will provide free SSL/TLS certificates to secure websites through an automated process designed to eliminate the current complex process of manually creating and installing certificates.

Let's Encrypt is relatively simple to use, and completely free, is the first of many small and medium-sized websites.

What is certbot?

According to the official introduction, Certbot is an easy-to-use SSL certificate deployment tool developed by EFF, formerly known as the Let's Encrypt official (Python) client. Certbot also supports other CA that support ACME protocol.

Simply put, cerbot is a tool that simplifies Let's Encrypt deployment and manages Let's Encrypt certificates.

Installation and use

Installation

Cerbot/Let's Encrypt supports many Linux distributions as well as the BSD platform, which can be installed directly using the appropriate package management tools:

Ubuntu 16.04sudo apt-get install letsencrypt-t jessie-backports # Debian 8sudo apt-get install letsencrypt # Debian testing/unstablesudo dnf install letsencrypt # Fedorasudo pacman-S letsencrypt # Arch

Ubuntu 14.04, CentOS, BSD and Mac can be installed by script:

Wget https://dl.eff.org/certbot-autochmod axix certbot-auto

Obtain a certificate

Certbot-auto certonly # if you install letsencrypt, replace certbot-auto with letsencrypt

Automatic renewal

Certbot-auto renew-quiet # CentOS/RHEL

Deploy Nginx

# point all HTTP requests to HTTPSserver {server_name example.com;listen 80: return 301 https://$server_name$request_uri;}# listening on HTTPS requests server {server_name example.com;listen 443 ssl;# TLS basic settings ssl_certificate / path/to/your/fullchain.pem;ssl_certificate_key / path/to/your/privkey.pem;ssl_protocols TLSv1 TLSv1.1 TLSv1.2 # other settings of the website remain the same # [.]} this is the answer to the question on how to use Let's Encrypt to generate a free SSL certificate. I hope the above content can be of some help to you. If you still have a lot of doubts to be solved, you can follow the industry information channel for more related knowledge.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.