Let’s Encrypt证书颁发机构https
1111MicrosoftInternetExplorer402DocumentNotSpecified7.8 磅Normal0
为了在您的网站上启用HTTPS,您需要从证书颁发机构(CA)获取证书(一种文件)。Let’s Encrypt是一个证书颁发机构(CA)。
https://certbot.eff.org/lets-encrypt/centosrhel7-nginx
1.SSH into the server
SSH into the server running your HTTP website as a user with sudo privileges.
2.Enable EPEL repo
You'll need to enable the EPEL (Extra Packages for Enterprise Linux) repository.
Follow these instructions at the Fedora wiki to enable EPEL.
enable EPEL
3.Enable the optional channel
If you're using RHEL or Oracle Linux, you'll also need to enable the optional channel. On EC2, RHEL users can enable the optional channel by running the following command, substituting your EC2 region for REGION in the command:
yum -y install yum-utils
yum-config-manager --enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optional
4.Install Certbot
Run this command on the command line on the machine to install Certbot.
sudo yum install certbot python2-certbot-nginx
5.Choose how you'd like to run Certbot
Either get and install your certificates...
Run this command to get a certificate and have Certbot edit your Nginx configuration automatically to serve it, turning on HTTPS access in a single step.
sudo certbot --nginx
Or, just get a certificate
If you're feeling more conservative and would like to make the changes to your Nginx configuration by hand, run this command.
sudo certbot certonly --nginx
6.Set up automatic renewal
We recommend running the following line, which will add a cron job to the default crontab.
echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew" | sudo tee -a /etc/crontab > /dev/null
7.Confirm that Certbot worked
To confirm that your site is set up properly, visit https://yourwebsite.com/ in your browser and look for the lock icon in the URL bar. If you want to check that you have the top-of-the-line installation, you can head to https://www.ssllabs.com/ssltest/.
