´£¨Ñ«È»s¤Æ¨t²ÎÂd¡B¨t²Î®a¨ã ±M·~®v³Å¥i¨ì©²¬°±z¤V¶q¡A²{³õ¥ç¦³ºë¬ü¨t²Î®a¨ã¥ô±z¬D¿ï | ´£¨Ñ±M·~¨³³t½T¹êªº³q¤ôºÞ¡B³q°¨±í§Þ³N ¥ß¨è¬°±z¸Ñ¨M©Ò¦³ªý¶ë°ÝÃD¡A°¨±í²¨³q¤@¦¸·d©w |
ssl |
©ÐªF¡Gtest µoªí®É¶¡¡G2019-12-19 |
https://blog.toright.com/posts/4837/%E4%BD%9B%E5%BF%83%E4%BE%86%E4%BA%86%EF%BC%8C%E5%BF%AB%E7%94%A8-lets-encrypt-%E5%85%8D%E8%B2%BB-ssl-%E6%86%91%E8%AD%89%E5%B9%AB%E7%B6%B2%E7%AB%99%E5%8A%A0%E5%AF%86%E5%90%A7%EF%BC%81.html |
|
1 ¼Ó¦í¤á¡G333 µoªí®É¶¡¡G2019-12-22 |
https://devil3688.pixnet.net/blog/post/43370377-%E5%85%8D%E8%B2%BB-ssl-%E6%86%91%E8%AD%89%EF%BC%8Clet%26rsquo%3Bs-encrypt-%E5%AE%89%E8%A3%9D%E8%A8%AD%E5%AE%9A |
2 ¼Ó¦í¤á¡G333 µoªí®É¶¡¡G2019-12-24 |
centos ¥æ¾Ç https://www.digit-seed.com/centos7-certbot-lets_encrypt_ssl/ |
3 ¼Ó¦í¤á¡G333 µoªí®É¶¡¡G2019-12-24 |
https://www.niceinfos.com/linux/ssl-lets-encrypt-%E7%94%B3%E8%AB%8B%E8%88%87%E8%87%AA%E5%8B%95%E6%9B%B4%E6%96%B0/ |
4 ¼Ó¦í¤á¡G333 µoªí®É¶¡¡G2019-12-24 |
²³æ¥æ¾Ç https://wayne265265.pixnet.net/blog/post/215065329-%E3%80%90%E6%95%99%E5%AD%B8%E3%80%91%E6%95%99%E4%BD%A0%E4%BD%BF%E7%94%A8ssl%E6%86%91%E8%AD%89%E5%8A%A0%E5%AF%86%E7%B6%B2%E7%AB%99%2C-%E5%BE%9Ehttp%E5%88%B0htt https://www.brilliantcode.net/941/how-to-renew-ssl-certificates-automatically-by-certbot/ https://zoneless.blog/2018/03/04/install-letsencrypt-on-centos/ |
5 ¼Ó¦í¤á¡G3444 µoªí®É¶¡¡G2019-12-24 |
CentOS5/6 ¤É级 Python2.4/2.6 ¨ì 2.7 ª©¥»±Ðµ{ https://www.vpsss.net/1388.html https://zhuanlan.zhihu.com/p/26309980 yum -y install gcc ½T»{php ª©¥» rpm -qa |grep php rpm -qa |grep Python yum install certbot §R°£¤£nªº¾ÌÃÒ ¦pªG§A¹³§Ú¤@¼Ë¡A¤§«e¤w¸g¥Ó½Ð¤F¦n´XÓ¤lºô°ìªº¾ÌÃÒ¡A²{¦b³o¨Ç³£¤£»Ýn¤F¡A¥i¥H±N¥¦Ì§R°£¡C¥ý¨Ó¬Ý¬Ý¤§«e¥Ó½Ð¤Fþ¨Ç¾ÌÃÒ¡G ls /etc/letsencrypt/live ¦C¥Xªº¥Ø¿ý¦WºÙ§Y¬Oµ¥¤Un¥Î¨ìªº --cert-name °Ñ¼ÆªºÈ¡G certbot delete --cert-name ¤lºô°ì.ºô°ì.com °õ¦æ«á´N·|§R°£¸Ó¤lºô°ìªº©Ò¦³¸ê®Æ¡F§R°£«ü¥O°õ¦æªº¹ê»Ú°Ê§@¡A¨ä¹ê¥u¬O¥h§R°£ 3 ӥؿý¤Uªººô°ì¥Ø¿ý¡A©Ò¥H§A¤]¥i¥H¤â°Ê§R°£¡G rm -rf /etc/letsencrypt/archive/ºô°ì¦WºÙ/ rm -rf /etc/letsencrypt/live/ºô°ì¦WºÙ/ rm -rf /etc/letsencrypt/renewal/ºô°ì¦WºÙ.conf |
6 ¼Ó¦í¤á¡Grrr µoªí®É¶¡¡G2019-12-24 |
# lsb_release -a # yum install package vi /etc/yum.repos.d/CentOS-Base.repo http://n.sfs.tw/mymedia/index/10327 yum clean all yum makecache yum install package §Y¥i¸Ñú¨问题¡C 1.²×ºÝ¾÷¤å¦r¤¶±¤U¥´su (±Ò°Êsuper user¶W¯Å¨Ï¥ÎªÌ¼Ò¦¡) ¦A¿é¤Jroot ±K½X 2.²×ºÝ¾÷¤å¦r¤¶±¿é¤J nano /etc/pam.d/gdm (¥Înano½s¿è¾¹½s¿ègdmÀÉ) 3.§ä¨ì³o¦æauth required pam_succeed_if.so user != root quiet 4.«e±¥[¤W#¦r©l¸Ó¦æµL®Ä¡G#auth required pam_succeed_if.so user != root quiet 5.«ö CTRL+X ¶}±ÒÀx¦s¥\¯à ¦A«ö Y ½T©w ¦A«ö ENTERÁä ¦^²×ºÝ¾÷ 1.קï²Ä¤GÓÀÉ®× 2.²×ºÝ¾÷¤å¦r¤¶±¿é¤J nano /etc/pam.d/gdm-password (¥Înano½s¿è¾¹½s¿ègdmÀÉ) 3.§ä¨ì³o¦æauth required pam_succed_if .so user !root quiet 4.«e±¥[¤W#¦r©l¸Ó¦æµL®Ä¡G#auth required pam_succed_if .so user !root quiet 5.«ö CTRL+X ¶}±ÒÀx¦s¥\¯à ¦A«ö Y ½T©w ¦A«ö ENTERÁä ¦^²×ºÝ¾÷ ½Æ»s¡B°Å¤U©M¶K¤W ¡@¡@½Æ»s¤@¾ã¦æ¡GAlt+6 ¡@¡@°Å¤U¤@¾ã¦æ¡GCtrl+K ¡@¡@¶K¤W¡GCtrl+U |
7 ¼Ó¦í¤á¡Guuu µoªí®É¶¡¡G2019-12-25 |
sudo yum install epel sudo yum install certbot |
8 ¼Ó¦í¤á¡G2342 µoªí®É¶¡¡G2019-12-26 |
centos 5.11 https://my.oschina.net/u/209161/blog/3003996 centos7 https://www.rusnake.com/2017/04/28/centos-7-nginx-%E5%AE%89%E8%A3%9D-letsencrypt-%E6%86%91%E8%AD%89/ https://bojack.pixnet.net/blog/post/45198111-%E3%80%90freebsd%E3%80%91%E7%94%A8-let%27s-encrypt-%E7%82%BA-apache-%E7%B6%B2%E7%AB%99%E5%95%9F%E7%94%A8%E5%8A%A0%E5%AF%86 https://qizhanming.com/blog/2019/04/23/how-to-install-let-s-encrypt-wildcards-certificate-on-centos-7 ³z¹L certbot.eff.org §Ö³t¦w¸Ë https://caloskao.org/ubuntu-use-certbot-to-automatically-update-lets-encrypt-certificate-authority/ phpª©¥»Àq»{¬°5.1.6 CentOS 6X¹w³]ªºPHPª©¥»PHP5.3 ¦w¸Ë let's encrypt»Ýn¤°»ò±ø¥ó https://www.morrisctech.com/2018/08/22/let_encrypt_https/ |
9 ¼Ó¦í¤á¡Gre2423 µoªí®É¶¡¡G2019-12-28 |
https://www.minwt.com/website/server/20753.html https://seed0111.blogspot.com/2017/04/apache-sslssl.html https://seed0111.blogspot.com/2017/04/apache-sslssl.html |
10 ¼Ó¦í¤á¡Ge4rtet µoªí®É¶¡¡G2019-12-28 |
netstat -lnp ¦w¸Ë Apache mod_ssl yum install mod_ssl systemctl restart httpd http://tprc.tanet.edu.tw/tpnet2018/2018meeting1_4.pdf ³]©w /etc/httpd/conf.d/ssl.conf SSLCertificateFile /etc/pki/tls/certs/localhost.crt APACHE SSL + SNI ¤@ÓIP¡A¦hÓSSLÃÒ®Ñ https://34e.cc/731 https://blog.4ze.tw/apache-ssl-installation-centos-6/ Apache ºô¯¸³]©w SSL ³s½u http://www.osslab.tw/User:Alang/IT_%E5%B0%88%E6%A1%88%E5%B7%A5%E4%BD%9C/%E5%BB%BA%E7%AB%8B%E6%86%91%E8%AD%89%E6%8E%88%E6%AC%8A%E4%BC%BA%E6%9C%8D%E5%99%A8(CA)-%E8%87%AA%E6%88%91%E7%B0%BD%E7%BD%B2%E6%86%91%E8%AD%89(self-signed)/Apache_%E7%B6%B2%E7%AB%99%E8%A8%AD%E5%AE%9A_SSL_%E9%80%A3%E7%B7%9A /.well-known/acme-challenge/ Vim /etc/httpd/conf/httpd.conf ¬õ¦â¬°·s¼W¸mApache Serverªº³]©w¡A§¹¦¨«á½Ð«±ÒªA°È¡C NameVirtualHost *:443 DocumentRoot /var/www/html/XXX/ ServerName hrm.tibtrade.net ErrorLog logs/dummy-XXX.net-error_log CustomLog logs/dummy-XXX.net-access_log common RewriteEngine on RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R] DocumentRoot "/var/www/html/XXX" ServerName hrm.tibtrade.net SSLEngine on SSLCertificateFile /etc/httpd/ssl/xxx.crt SSLCertificateKeyFile /etc/httpd/ssl/xxx.key SSLCACertificateFile /etc/httpd/ssl/ca-xxx.crt 1. ¦w¸ËOpenSSL®M¥ó yum install openssl 2. ¦w¸ËSSL¼Ò²Õ¨ìApache yum install mod_ssl ²£¥ÍPrivate Key openssl genrsa -des3 -out wwwserver.key 2048 // ±KÆ_±j´ç ²£¥ÍCSR openssl req -new -key wwwserver.key -out wwwserver.csr //CSRÀɮצWºÙ ®³CSR¥Ó½Ð¾ÌÃÒ ¦w¸Ë¾ÌÃÒ 1. ±N¤U¸ü«áªº¾ÌÃÒÀx¦s¨ì /etc/pki/tls/certs ¥Ø¿ý¡BPrivate KeyÀx¦s¨ì /etc/pki/tls/private ¥Ø¿ý 2. ½s¿è /etc/httpd/conf.d/ssl.conf ¿é¤J¤U¦C¸ê°T«áÀx¦s SSLEngine on SSLCertificateFile /etc/pki/tls/certs/wwwserver.crt //¾ÌÃÒ¸ô®| SSLCertificateKeyFile /etc/pki/tls/private/wwwserver.key «±Òapache service httpd restart |
©m¦W¡G | |||
§G§i¤º®e¡G | |||
¨ä¥L¿ï¶µ: | |||
|