网站申请HTTPS证书详细教程
最近想给网站做HTTPS,由于新的浏览器标识报红,为了得到浏览器地址栏的绿标,今天为网站做https经过及教程记录,下次记得留用。
1、登录服务器,我是用的Xshell
Last login: Fri Aug 5 15:16:36 2022 from 125.85.169.170
[root@VM-0-5-centos ~]# lnmp
当然,你也可以使用其它工具登入,只是我电脑只安装Xshell。
2、在lnmp集成环境中,先看看自带的命令。
[root@VM-0-5-centos ~]# lnmp
Usage: lnmp {start|stop|reload|restart|kill|status}
Usage: lnmp {nginx|mysql|mariadb|php-fpm|pureftpd} {start|stop|reload|restart|kill|status}
Usage: lnmp vhost {add|list|del}
Usage: lnmp database {add|list|edit|del}
Usage: lnmp ftp {add|list|edit|del|show}
Usage: lnmp ssl add
Usage: lnmp {dnsssl|dns} {cx|ali|cf|dp|he|gd|aws}
Usage: lnmp onlyssl {cx|ali|cf|dp|he|gd|aws}
能看出有数据库,FTP,ssl,网站配置等相关新增、修改、删除等操作。
3、今天申请SSL,使用命令
lnmp onlyssl
执行命令之后会提示你输入要申请SSL的域名,如下代码
The dns manual mode can not renew automatically, you must renew it manually.
/usr/local/acme.sh/acme.sh [found]
Please enter domain(example: lnmp.org):
例如
The dns manual mode can not renew automatically, you must renew it manually.
/usr/local/acme.sh/acme.sh [found]
Please enter domain(example: lnmp.org): www.qcjianli.com
Your domain: www.qcjianli.com
Enter more domain name(example: *.lnmp.org):
在这句话的后面:Enter more domain name(example: *.lnmp.org): ______(如果你要申请该域名的其它二级域名的SSL证书,可输入域名,不需要的话,直接回车就可以)。例如:
The dns manual mode can not renew automatically, you must renew it manually.
/usr/local/acme.sh/acme.sh [found]
Please enter domain(example: lnmp.org): mip.english28.com
Your domain: mip.english28.com
Enter more domain name(example: *.lnmp.org):
4、进入解析
Starting create SSL Certificate use Let's Encrypt...
[Sat Aug 6 13:44:48 CST 2022] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Sat Aug 6 13:44:48 CST 2022] Creating domain key
[Sat Aug 6 13:44:48 CST 2022] The domain key is here: /***********************sl/mip.english28.com/ mip.english28.com .key
[Sat Aug 6 13:44:48 CST 2022] Single domain='mip.english28.com'
[Sat Aug 6 13:44:48 CST 2022] Getting domain auth token for each domain
[Sat Aug 6 13:44:51 CST 2022] Getting webroot for domain='mip.english28.com'
[Sat Aug 6 13:44:51 CST 2022] Add the following TXT record:
[Sat Aug 6 13:44:51 CST 2022] Domain: '_acme-challenge. mip.english28.com '
[Sat Aug 6 13:44:51 CST 2022] TXT value: 'zVi0psDk6***********************riDTOFs4TilD5rY'
[Sat Aug 6 13:44:51 CST 2022] Please be aware that you prepend _acme-challenge. before your domain
[Sat Aug 6 13:44:51 CST 2022] so the resulting subdomain will be: _acme-challenge. mip.english28.com
[Sat Aug 6 13:44:51 CST 2022] Please add the TXT records to the domains, and re-run with --renew.
[Sat Aug 6 13:44:51 CST 2022] Please check log file for more details: /usr/local/acme.sh/acme.sh.log
Please add the above TXT record to the domain in 120 seconds!!!
告诉我们,在120秒内在域名控制台添加一条解析记录,其中:
Domain: 后面的是要求添加一条解析的主机记录;
TXT value:后面的值,是我们要添加到域名解析的记录值里面;
左下角是倒计时时间,要求我们在120秒内完成添加。以下是添加好解析记录的截图。
在代码之中,观察这两行就可以:
[Sat Aug 6 13:44:51 CST 2022] Domain: '_acme-challenge. www.jinni8.net '
[Sat Aug 6 13:44:51 CST 2022] TXT value: 'zVi0psDdkuo******************iDTOFs4TilD626'
记录类型:TXT;主机记录、记录值复制系统给出的值,解析线路默认即可。填写完成并保存解析,等待系统验证。
5、申请成功HTTPS证书。如下所示,就表示申请成功:
[Sat Aug 6 13:46:52 CST 2022] Renew: 'mip.english28.com'
[Sat Aug 6 13:46:52 CST 2022] Renew to Le_API=https://acme-v02.api.letsencrypt.org/directory
[Sat Aug 6 13:46:53 CST 2022] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Sat Aug 6 13:46:53 CST 2022] Single domain='mip.english28.com'
[Sat Aug 6 13:46:53 CST 2022] Getting domain auth token for each domain
[Sat Aug 6 13:46:53 CST 2022] Verifying: mip.english28.com
[Sat Aug 6 13:46:55 CST 2022] Pending, The CA is processing your order, please just wait. (1/30)
[Sat Aug 6 13:46:59 CST 2022] Success
[Sat Aug 6 13:46:59 CST 2022] Verify finished, start to sign.
[Sat Aug 6 13:46:59 CST 2022] Lets finalize the order.
[Sat Aug 6 13:46:59 CST 2022] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/169945100/113578814726'
[Sat Aug 6 13:47:02 CST 2022] Downloading cert.
[Sat Aug 6 13:47:02 CST 2022] Le_LinkCert='https://acme-v02.api.letsencrypt.org/acme/cert/04fba91f4069c7b9b67778439dbea932e070'
[Sat Aug 6 13:47:03 CST 2022] Cert success.
[Sat Aug 6 13:47:03 CST 2022] Your cert is in: /******************sl/mip.english28.com/ mip.english28.com .cer
[Sat Aug 6 13:47:03 CST 2022] Your cert key is in: /******************sl/mip.english28.com/ mip.english28.com .key
[Sat Aug 6 13:47:03 CST 2022] The intermediate CA cert is in: /******************sl/mip.english28.com/ca.cer
[Sat Aug 6 13:47:03 CST 2022] And the full chain certs is there: /******************sl/mip.english28.com/fullchain.cer
------------------ SSL Certificate information as follows ------------------
| Domain: mip.english28.com
| SSL Certificate: /******************sl/mip.english28.com/fullchain.cer
| SSL Certificate Key: /******************sl/mip.english28.com/ mip.english28.com .key
我今天申请的Let’sEncrypt证书,其期限为3个月时间,记得在证书到期之前重新申请。
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】凌霞软件回馈社区,博客园 & 1Panel & Halo 联合会员上线
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】博客园社区专享云产品让利特惠,阿里云新客6.5折上折
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 一个费力不讨好的项目,让我损失了近一半的绩效!
· 清华大学推出第四讲使用 DeepSeek + DeepResearch 让科研像聊天一样简单!
· 实操Deepseek接入个人知识库
· CSnakes vs Python.NET:高效嵌入与灵活互通的跨语言方案对比
· Plotly.NET 一个为 .NET 打造的强大开源交互式图表库