oneinstack 安装 https-certbot

 

免费https？   官方安装教程：https://certbot.eff.org/#centos6-nginx （以下是说明安装时遇到的）；

1. 下载并修改文件权限
   

   wget https://dl.eff.org/certbot-auto && chmod a+x certbot-auto
   

   　　

2. 执行：
   
   1.  ./certbot-auto --nginx certonly   或是 ./certbot-auto --nginx
      报错：xx包........出错；请 yum update 更新一下；
      报错：一般情况oneinstack 把nginx 没有安装在 /etc 目录：

      WARNING: unable to check for updates.
      Saving debug log to /var/log/letsencrypt/letsencrypt.log
      Error while running nginx -c /etc/nginx/nginx.conf -t.
      
      nginx: [emerg] open() "/etc/nginx/mime.types" failed (2: No such file or directory) in /etc/nginx/nginx.conf:15
      nginx: configuration file /etc/nginx/nginx.conf test failed
      
      Could not choose appropriate plugin: The nginx plugin is not working; there may be problems with your existing configuration.
      The error was: MisconfigurationError('Error while running nginx -c /etc/nginx/nginx.conf -t.\n\nnginx: [emerg] open() "/etc/nginx/mime.types" failed (2: No such file or directory) in /etc/nginx/nginx.conf:15\nnginx: configuration file /etc/nginx/nginx.conf test failed\n',)
      The nginx plugin is not working; there may be problems with your existing configuration.
      The error was: MisconfigurationError('Error while running nginx -c /etc/nginx/nginx.conf -t.\n\nnginx: [emerg] open() "/etc/nginx/mime.types" failed (2: No such file or directory) in /etc/nginx/nginx.conf:15\nnginx: configuration file /etc/nginx/nginx.conf test failed\n',)
      

      　　解决方案：执行：

      /certbot-auto --nginx --nginx-server-root=/usr/local/nginx/conf
      

       

   2. 
      选择 7； 需要添加HTTPS的域名

   3. 
      选择2；全部使用HTTPS

   4. 

      
      
      

3. 完成；此时访问域名，便是https请求方式了。
4. 默认免费证书时间是有限的。需要更新达到续签； （/root/certbot-auto 为本人 certbot 安装目录）
   1. 手动续签
      

      /root/certbot-auto renew
      

      　　

   2. 自动续签
      执行：

      crontab -e
      

      　　写入：每天零点到十二点更新一次；

      0 0,12 * * * python -c 'import random; import time; time.sleep(random.random() * 3600)' && /root/certbot-auto renew
      

      　　也可以：30 2 * */2 * certbot renew –pre-hook “service nginx stop” –post-hook “service nginx start”     ——  每隔两个月凌晨2:30更新：

   3. 续签完成：并显示过期时间  crontab -l 可查看任务详情；
      

       

5. -结束