标签:
推荐使用这个脚本,具体说明里面都有
https://github.com/xdtianyu/scripts/tree/master/le-dns
6. 得到签名后,生成网站证书
wget -O - https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem > intermediate.pem
cat signed.crt intermediate.pem > chained.pem
7. 部署篇请见之前写的
8. 由于证书90天有效,需要自动刷新证书脚本
vi autorefresh.sh
#!/bin/bash
cd /usr/local/openssl/
python ./acme_tiny.py --account-key ./account.key --csr ./zhiyi.csr --acme-dir ./www/acme-challenge/ > ./signed.crt
wget -O - https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem > intermediate.pem
cat signed.crt intermediate.pem > chained.pem
service httpd restart
vi /etc/crontab
在最后加上一行
0 0 4 * * root /usr/local/openssl/autorefresh.sh >/dev/null 2>&1
9. 设置重定向https
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteCond %{REQUEST_URI} !^/.well-known
RewriteRule (.*) https://%{SERVER_NAME}/$1 [L,R]
标签:
原文地址:http://www.cnblogs.com/xxoome/p/5861423.html