Centos Apache configures Https For Websites Via Let’s Encrypt

I used https for my blog and tried Alibaba Cloud’s free certificate for a period of one year. I need to manually renew it after the expiration. Although Let’s Encrypt’s certificate period is only three months, considering that it can be automatically renewed, [iemblog] (https://www.iemblog.com) is still a free certificate of Let’s Encrypt.

Reference: certbot official tutorial

Centos Apache configures Https For Websites Via Let’s Encrypt

install certbot

sudo yum install certbot python2-certbot-apache

Get Started

Certbot has an Apache plugin, which is supported on many platforms, and automates certificate installation.

sudo certbot --apache

Run this command to get the certificate and let Certbot automatically edit the Apache configuration based on your input settings to avoid the cumbersome operation of human configuration. If you want to manually change the Certbot and Apache configuration, you can use the certonly subcommand:

sudo certbot --apache certonly

Bob Master C uses the first automatic configuration, the details are as follows:
Let's Encrypt Https Centos ApacheLet's Encrypt Https Centos Apache

As you can see from the actual use, the Certbot Apache plugin has a comprehensive set of https auto-configuration programs for Apache servers (including redirection and other features), which greatly simplifies the configuration process.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let’s Encrypt certificates last for 90 days, it’s highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

sudo certbot renew --dry-run

If that appears to be working correctly, you can arrange for automatic renewal runs the following:

certbot renew

Note:
if you’re setting up a cron or systemd job, we recommend running it twice per day (it won’t do anything until your certificates are due for renewal or revoked, but running it regularly would give your site a chance of staying online in case a Let’s Encrypt-initiated revocation happened for some reason). Please select a random minute within the hour for your renewal tasks.

According to the official advice of Let’s Encrypt, we can run the following command to perform an automatic renewal task.

echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew" | sudo tee -a /etc/crontab > /dev/null

Let's Encrypt Https Centos Apache

Special Note:
As long as all the intra-site links in the current webpage are accessed through the https form, there will be a lock icon in the browser website information, indicating that the connection is completely encrypted, otherwise the content will be unsafe.
赞(1) 打赏
未经允许不得转载:iemblog » Centos Apache configures Https For Websites Via Let’s Encrypt

Comment Time!

avatar
:arrow: :-D :-? 8) :cry: 8-O :evil: :!: :idea: :lol: :-x :mrgreen: :-| :?: :-P :oops: :roll: :( :) :-o :twisted: :wink: :hold-fist-salute: :love-you: :no: :ok: :poor: :seduce: :shake-hands: :strong: :victory:
  Subscribe  
Notify of
免责声明:本站大部分下载资源收集于网络,只做学习和交流使用,版权归原作者所有,请在下载后24小时之内自觉删除,若作商业用途,请购买正版,由于未及时购买和付费发生的侵权行为,与本站无关。本站发布的内容若侵犯到您的权益,请联系站长删除,我们将及时处理!

联系我们

觉得文章有用就打赏一下文章作者

支付宝扫一扫打赏

微信扫一扫打赏