Benutzer-Werkzeuge
let_s_encrypt_mit_certbot_nginx
Let's encrypt mit certbot (nginx)
yum install python2-certbot-nginx ... ============================================================================================================================================================================== Package Arch Version Paketquelle Größe ============================================================================================================================================================================== Installieren: python2-certbot-nginx noarch 0.27.1-1.el7 epel 67 k Als Abhängigkeiten installiert: certbot noarch 0.27.1-1.el7 epel 21 k pyOpenSSL x86_64 0.13.1-3.el7 base 133 k pyparsing noarch 1.5.6-9.el7 base 94 k python-backports x86_64 1.0-8.el7 base 5.8 k python-backports-ssl_match_hostname noarch 3.5.0.1-1.el7 base 13 k python-cffi x86_64 1.6.0-5.el7 base 218 k python-enum34 noarch 1.0.4-1.el7 base 52 k python-idna noarch 2.4-1.el7 base 94 k python-ipaddress noarch 1.0.16-2.el7 base 34 k python-ndg_httpsclient noarch 0.3.2-1.el7 epel 43 k python-ply noarch 3.4-11.el7 base 123 k python-pycparser noarch 2.14-1.el7 base 104 k python-requests noarch 2.6.0-1.el7_1 base 94 k python-requests-toolbelt noarch 0.8.0-1.el7 epel 77 k python-setuptools noarch 0.9.8-7.el7 base 397 k python-six noarch 1.9.0-2.el7 base 29 k python-urllib3 noarch 1.10.2-5.el7 base 102 k python-zope-component noarch 1:4.1.0-3.el7 epel 227 k python-zope-event noarch 4.0.3-2.el7 epel 79 k python-zope-interface x86_64 4.0.5-4.el7 base 138 k python2-acme noarch 0.27.1-1.el7 epel 141 k python2-certbot noarch 0.27.1-1.el7 epel 519 k python2-configargparse noarch 0.11.0-1.el7 epel 30 k python2-cryptography x86_64 1.7.2-2.el7 base 502 k python2-future noarch 0.16.0-6.el7 epel 799 k python2-josepy noarch 1.1.0-1.el7 epel 87 k python2-mock noarch 1.0.1-9.el7 epel 92 k python2-parsedatetime noarch 2.4-5.el7 epel 78 k python2-pyasn1 noarch 0.1.9-7.el7 base 100 k python2-pyrfc3339 noarch 1.0-2.el7 epel 13 k python2-requests noarch 2.6.0-0.el7 epel 2.9 k python2-six noarch 1.9.0-0.el7 epel 2.9 k pytz noarch 2016.10-2.el7 base 46 k Transaktionsübersicht ============================================================================================================================================================================== Installieren 1 Paket (+33 Abhängige Pakete) Gesamte Downloadgröße: 4.5 M Installationsgröße: 21 M Is this ok [y/d/N]:
Zertifikat erstmalig generieren
[root@jmpserv conf.d]# certbot --nginx Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator nginx, Installer nginx Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): jochen@klotzbuecher.biz Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v02.api.letsencrypt.org/directory - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (A)gree/(C)ancel: A - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: N No names were found in your configuration files. Please enter in your domain name(s) (comma and/or space separated) (Enter 'c' to cancel): home.klotzbuecher.biz Obtaining a new certificate Performing the following challenges: http-01 challenge for home.klotzbuecher.biz Waiting for verification... Cleaning up challenges Deploying Certificate to VirtualHost /etc/nginx/nginx.conf Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2 Redirecting all traffic on port 80 to ssl in /etc/nginx/nginx.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations! You have successfully enabled https://home.klotzbuecher.biz You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=home.klotzbuecher.biz - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/home.klotzbuecher.biz/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/home.klotzbuecher.biz/privkey.pem Your cert will expire on 2019-01-22. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew" - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
oder
$ sudo certbot --nginx certonly
Automatische Aktualisierung des Zertifikats
$ sudo certbot renew --dry-run
bzw.
$ sudo certbot renew
Zusätzliches Zertifikat für Subdomain
[root@jmpserv nginx]# certbot --domains office.home.klotzbuecher.biz --nginx Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator nginx, Installer nginx Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org Obtaining a new certificate Performing the following challenges: http-01 challenge for office.home.klotzbuecher.biz Waiting for verification... Cleaning up challenges Deploying Certificate to VirtualHost /etc/nginx/nginx.conf Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2 Redirecting all traffic on port 80 to ssl in /etc/nginx/nginx.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations! You have successfully enabled https://office.home.klotzbuecher.biz You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=office.home.klotzbuecher.biz - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/office.home.klotzbuecher.biz/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/office.home.klotzbuecher.biz/privkey.pem Your cert will expire on 2019-02-14. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
let_s_encrypt_mit_certbot_nginx.txt · Zuletzt geändert: 2022/04/25 20:28 (Externe Bearbeitung)
Seiten-Werkzeuge
Falls nicht anders bezeichnet, ist der Inhalt dieses Wikis unter der folgenden Lizenz veröffentlicht: CC Attribution-Share Alike 4.0 International
