ACME Client Certbot Install Let's Encrypt CA in Debian Nginx

出自ChevyneWiki
跳至導覽 跳至搜尋

安裝 snap 套件

apt update
apt install --yes snapd
reboot

snap install core
snap refresh core

安裝 Certbot 套件

apt remove certbot

snap install --classic certbot
ln -s /snap/bin/certbot /usr/bin/certbot

申請及安裝 CA 憑證

獲取並安裝憑證,並讓Certbot自動編輯Nginx配置 

certbot --nginx

只獲得憑證,並且希望手動更改Nginx配置 

certbot certonly --nginx

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel): km@donnet.email

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
Account registered.
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): chevyne.at.tw
Requesting a certificate for chevyne.at.tw

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/chevyne.at.tw/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/chevyne.at.tw/privkey.pem
This certificate expires on 2022-05-09.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate
Successfully deployed certificate for chevyne.at.tw to /etc/nginx/sites-enabled/default
Congratulations! You have successfully enabled HTTPS on https://chevyne.at.tw

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

自動更新 CA 憑證

安裝套件己包含自動更新設定,可以通過以下命令來測試自動續訂: 

certbot renew --dry-run

certbot delete --cert-name
取自「https://chevyne.at.tw/w/index.php?title=ACME_Client_Certbot_Install_Let%27s_Encrypt_CA_in_Debian_Nginx&oldid=1601