Let's encrypt免费证书

安装Python3.8.0

  1. 安装前的准备

     yum install gcc-c++ make -y
    
  2. 安装Python-3.8.0

     wget https://www.python.org/ftp/python/3.8.0/Python-3.8.0.tgz
     tar -zxvf Python-3.8.0.tgz
     cd Python-3.8.0
     ./configure --prefix=/usr/local/python
     make
     make install
    
  3. 为新安装的python设置软连接到环境变量可及的目录

     ln -s /usr/local/python/bin/python3 /usr/bin/python3
    
  4. 修改目录权限

     useradd www
     chown -R www:www /usr/local/python
    
  5. 测试升级是否成功

     python3 -V
     python3 --version
    

安装pip

  1. 安装前的准备

     yum install yum-utils -y
     yum-config-manager --enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optional
    
  2. 下载更新pip

     # 下载pip
     wget https://bootstrap.pypa.io/get-pip.py
     python3 get-pip.py
    
     # 删除pip源配置文件
     mv ~/.pip/pip.conf ~/.pip/pip.conf.backup
    
     # 更新pip
     pip install pip -U
    
     # 修改pip源为阿里源
     pip config set global.index-url http://mirrors.aliyun.com/pypi/simple
    

安装certbot

  1. 安装certbot

     cd /root
     yum install certbot -y
     certbot --help
    
  2. 生成证书(*.xxxxxx.com为通配符域名)

     certbot certonly --manual --force-renewal --server https://acme-v02.api.letsencrypt.org/directory --preferred-challenges dns-01 -d "*.so1234.top,so1234.top"
     certbot certonly --manual --force-renewal --server https://acme-v02.api.letsencrypt.org/directory --preferred-challenges dns-01 -d "*.xxxxxx.com,xxxxxx.com"
     # 1.执行过程中输入邮箱
     # 2.执行过程中输入A同意
     # 3.执行过程中输入Y确认
     # 4.执行过程中输入Y确认
     # 5.执行过程中添加DNS的TXT解析记录,以阿里云DNS为例
         # 1.记录类型TXT
         # 1.主机记录_xxx-xxx.xxx.com
         # 1.解析线路默认
         # 1.记录值xxxxxx
         # 1.TTL 10分钟
     # 6.按下回车,提示成功!
     # 7.执行过程中添加DNS的TXT解析记录,以阿里云DNS为例
         # 1.记录类型TXT
         # 1.主机记录_xxx-xxx.xxx.com
         # 1.解析线路默认
         # 1.记录值xxxxxx
         # 1.TTL 10分钟
     # 8.按下回车,提示成功!
     # 9.执行过程中添加DNS的TXT解析记录,以阿里云DNS为例
         # 1.记录类型TXT
         # 1.主机记录_xxx-xxx.xxx.com
         # 1.解析线路默认
         # 1.记录值xxxxxx
         # 1.TTL 10分钟
     # 10.按下回车,提示成功!
     # 11.执行过程中添加DNS的TXT解析记录,以阿里云DNS为例
         # 1.记录类型TXT
         # 1.主机记录_xxx-xxx.xxx.com
         # 1.解析线路默认
         # 1.记录值xxxxxx
         # 1.TTL 10分钟
     # 12.按下回车,提示成功!
    
  3. 按照成功后的提示,记下证书文件的路径,提示信息类似如下

     IMPORTANT NOTES:
      - Congratulations! Your certificate and chain have been saved at:
        /etc/letsencrypt/live/xxx.com/fullchain.pem
        Your key file has been saved at:
        /etc/letsencrypt/live/xxx.com/privkey.pem
        Your cert will expire on 2xxx-xx-xx. To obtain a new or tweaked
        version of this certificate in the future, simply run certbot
        again. To non-interactively renew *all* of your certificates, run
        "certbot renew"
      - If you like Certbot, please consider supporting our work by:
        Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
        Donating to EFF:                    https://eff.org/donate-le
    
     # 生成的文件放在:
     /etc/letsencrypt/live/xxx.com/fullchain.pem
     /etc/letsencrypt/live/xxx.com/privkey.pem
     # 该证书到期的时间是
     2xxx-xx-xx
    
  4. 配置nginx并重载配置

results matching ""

    No results matching ""