网站申请HTTPS证书详细教程

最近想给网站做HTTPS,由于新的浏览器标识报红,为了得到浏览器地址栏的绿标,今天为网站做https经过及教程记录,下次记得留用。

1、登录服务器,我是用的Xshell

Last login: Fri Aug  5 15:16:36 2022 from 125.85.169.170
[root@VM-0-5-centos ~]# lnmp

当然,你也可以使用其它工具登入,只是我电脑只安装Xshell。

2、在lnmp集成环境中,先看看自带的命令。

[root@VM-0-5-centos ~]# lnmp
Usage: lnmp {start|stop|reload|restart|kill|status}
Usage: lnmp {nginx|mysql|mariadb|php-fpm|pureftpd} {start|stop|reload|restart|kill|status}
Usage: lnmp vhost {add|list|del}
Usage: lnmp database {add|list|edit|del}
Usage: lnmp ftp {add|list|edit|del|show}
Usage: lnmp ssl add
Usage: lnmp {dnsssl|dns} {cx|ali|cf|dp|he|gd|aws}
Usage: lnmp onlyssl {cx|ali|cf|dp|he|gd|aws}

能看出有数据库,FTP,ssl,网站配置等相关新增、修改、删除等操作。

3、今天申请SSL,使用命令

lnmp onlyssl

执行命令之后会提示你输入要申请SSL的域名,如下代码

The dns manual mode can not renew automatically, you must renew it manually.
/usr/local/acme.sh/acme.sh [found]
Please enter domain(example: lnmp.org): 

例如

The dns manual mode can not renew automatically, you must renew it manually.
/usr/local/acme.sh/acme.sh [found]
Please enter domain(example: lnmp.org): www.qcjianli.com
 Your domain: www.qcjianli.com
Enter more domain name(example: *.lnmp.org):

在这句话的后面:Enter more domain name(example: *.lnmp.org): ______(如果你要申请该域名的其它二级域名的SSL证书,可输入域名,不需要的话,直接回车就可以)。例如:

The dns manual mode can not renew automatically, you must renew it manually.
/usr/local/acme.sh/acme.sh [found]
Please enter domain(example: lnmp.org): mip.english28.com
 Your domain: mip.english28.com
Enter more domain name(example: *.lnmp.org): 

4、进入解析

Starting create SSL Certificate use Let's Encrypt...
[Sat Aug  6 13:44:48 CST 2022] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Sat Aug  6 13:44:48 CST 2022] Creating domain key
[Sat Aug  6 13:44:48 CST 2022] The domain key is here: /***********************sl/mip.english28.com/ mip.english28.com .key
[Sat Aug  6 13:44:48 CST 2022] Single domain='mip.english28.com'
[Sat Aug  6 13:44:48 CST 2022] Getting domain auth token for each domain
[Sat Aug  6 13:44:51 CST 2022] Getting webroot for domain='mip.english28.com'
[Sat Aug  6 13:44:51 CST 2022] Add the following TXT record:
[Sat Aug  6 13:44:51 CST 2022] Domain: '_acme-challenge. mip.english28.com '
[Sat Aug  6 13:44:51 CST 2022] TXT value: 'zVi0psDk6***********************riDTOFs4TilD5rY'
[Sat Aug  6 13:44:51 CST 2022] Please be aware that you prepend _acme-challenge. before your domain
[Sat Aug  6 13:44:51 CST 2022] so the resulting subdomain will be: _acme-challenge. mip.english28.com
[Sat Aug  6 13:44:51 CST 2022] Please add the TXT records to the domains, and re-run with --renew.
[Sat Aug  6 13:44:51 CST 2022] Please check log file for more details: /usr/local/acme.sh/acme.sh.log
Please add the above TXT record to the domain in 120 seconds!!!

告诉我们,在120秒内在域名控制台添加一条解析记录,其中:

Domain: 后面的是要求添加一条解析的主机记录;

TXT value:后面的值,是我们要添加到域名解析的记录值里面;

左下角是倒计时时间,要求我们在120秒内完成添加。以下是添加好解析记录的截图。

在代码之中,观察这两行就可以:

[Sat Aug 6 13:44:51 CST 2022] Domain: '_acme-challenge. www.jinni8.net '
[Sat Aug 6 13:44:51 CST 2022] TXT value: 'zVi0psDdkuo******************iDTOFs4TilD626'

记录类型:TXT;主机记录、记录值复制系统给出的值,解析线路默认即可。填写完成并保存解析,等待系统验证。

5、申请成功HTTPS证书。如下所示,就表示申请成功:

[Sat Aug  6 13:46:52 CST 2022] Renew: 'mip.english28.com'
[Sat Aug  6 13:46:52 CST 2022] Renew to Le_API=https://acme-v02.api.letsencrypt.org/directory
[Sat Aug  6 13:46:53 CST 2022] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Sat Aug  6 13:46:53 CST 2022] Single domain='mip.english28.com'
[Sat Aug  6 13:46:53 CST 2022] Getting domain auth token for each domain
[Sat Aug  6 13:46:53 CST 2022] Verifying: mip.english28.com
[Sat Aug  6 13:46:55 CST 2022] Pending, The CA is processing your order, please just wait. (1/30)
[Sat Aug  6 13:46:59 CST 2022] Success
[Sat Aug  6 13:46:59 CST 2022] Verify finished, start to sign.
[Sat Aug  6 13:46:59 CST 2022] Lets finalize the order.
[Sat Aug  6 13:46:59 CST 2022] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/169945100/113578814726'
[Sat Aug  6 13:47:02 CST 2022] Downloading cert.
[Sat Aug  6 13:47:02 CST 2022] Le_LinkCert='https://acme-v02.api.letsencrypt.org/acme/cert/04fba91f4069c7b9b67778439dbea932e070'
[Sat Aug  6 13:47:03 CST 2022] Cert success.
[Sat Aug  6 13:47:03 CST 2022] Your cert is in: /******************sl/mip.english28.com/ mip.english28.com .cer
[Sat Aug  6 13:47:03 CST 2022] Your cert key is in: /******************sl/mip.english28.com/ mip.english28.com .key
[Sat Aug  6 13:47:03 CST 2022] The intermediate CA cert is in: /******************sl/mip.english28.com/ca.cer
[Sat Aug  6 13:47:03 CST 2022] And the full chain certs is there: /******************sl/mip.english28.com/fullchain.cer
------------------ SSL Certificate information as follows ------------------
| Domain: mip.english28.com 
| SSL Certificate: /******************sl/mip.english28.com/fullchain.cer
| SSL Certificate Key: /******************sl/mip.english28.com/ mip.english28.com .key

我今天申请的Let’sEncrypt证书,其期限为3个月时间,记得在证书到期之前重新申请。

posted @   未来可期85  阅读(728)  评论(0编辑  收藏  举报
相关博文:
阅读排行:
· 一个费力不讨好的项目,让我损失了近一半的绩效!
· 清华大学推出第四讲使用 DeepSeek + DeepResearch 让科研像聊天一样简单!
· 实操Deepseek接入个人知识库
· CSnakes vs Python.NET:高效嵌入与灵活互通的跨语言方案对比
· Plotly.NET 一个为 .NET 打造的强大开源交互式图表库
点击右上角即可分享
微信分享提示