Muchikamu chino, tichaongorora maitiro ekuisa uye kugadzirisa certbot pane Linux server. Tichatsanangura zvakadzama nzira yekuwana Let's Encrypt SSL/TLS chitupa kune yako domain. Isu tichatsanangurawo maitiro ekuimisa pawebhu server (yakadai seNginx kana Apache) uye kumisikidza otomatiki chitupa kuvandudzwa kuti ive nechokwadi chekubatana kwakachengeteka newebhu sosi yako.
certbot ndeyemahara, yakavhurika-sosi chishandiso chakagadzirirwa kutora otomatiki uye kuvandudzwa kwe SSL/TLS zvitupa. Inoita basa rakakosha mukuchengetedza hukama pakati pesevha nemutengi, kuchengetedza data kubva kune isina mvumo. Certbot inorerutsa kuisirwa uye kuvandudza maitiro eSSL chitupa. Haisi chete setifiketi inosimudzira chengetedzo, asi zvakare inowedzera kuvimba kwemushandisi mune yako webhu sosi, nekudaro inovandudza mbiri yesaiti uye injini yekutsvaga masanji.
Kuisa Certbot
Certbot inosanganisirwa mukugovera kwakawanda nekukasira, saka kuiisa pairi Debian / Ubuntu masisitimu, iwe unongoda kugadzirisa iyo pasuru runyorwa:
apt updateZvadaro, tanga kuisa maitiro:
apt install certbotCertbot inotsigira plugins inofambisa kuseta uye kumisikidzwa kwechitupa chewebhu server. Kuisa plugins idzi, shandisa murairo unoenderana:
apt install certbot python3-certbot-nginx # for Nginx
apt install certbot python3-certbot-apache # for ApacheThe installation process for Red Hat masisitimu (akadai se RHEL, CentOS, Fedora) yakasiyana zvishoma. Pakutanga, iwe unofanirwa kuwedzera iyo EPEL repository:
yum install epel-releaseWobva waisa chishandiso:
yum install certbotSaizvozvo, pane sarudzo yekusarudza plugin kune chaiyo webhu server:
yum install python3-certbot-nginx # for Nginx
yum install python3-certbot-apache # for ApacheMushure mekuisa, unogona kuenderera mberi nekutora chitupa.
Kuwana SSL Chitupa
Muchikamu chino, tichakurukura maitiro ekutora chitupa zvakazvimiririra kune chaiyo webhu server, zvichiteverwa nekutsanangura maitiro ekuisa chitupa cheNginx neApache. Nekudaro, zvakakosha kutanga kuti unzwisise syntax uye kushanda kwechirongwa. Zvinoratidzika sezvizvi:
certbot command option -d domainMirairo mikuru inosanganisira:
certbot certonly - Inotora chitupa asi hachiisi.certbot certificates -Murairo uyu unoratidza runyorwa rwezvitupa zvese zvakaiswa.certbot renew - Inowedzera chitupa chiripo.certbot revoke - Inobvisa chitupa chiripo.certbot delete - Inodzima chitupa chiripo.
Sarudzo dzinonyanya kushandiswa ndeidzi:
--nginx -Inoshandisa Nginx kumisikidzwa zvinyorwa zvedomendi verification.--apache -Inoshandisa maApache kumisikidzwa zvinyorwa zvedomendi verification.-d - Rondedzero yemadomasi inokumbirwa chitupa.--standalone - Inoshandisa standalone modhi yekusimbisa domain.--manual -Inoita manual domain verification.
Uyu ungori muenzaniso wemirairo inowanzoitika uye sarudzo. Iwe unogona kuzvijaira iwe neiyo yakazara runyorwa rwezvirongwa zvechirongwa muchikamu chekubatsira:
certbot –help
Isu tinoenderera mberi nekutora chitupa. Semuenzaniso, tichawana chitupa che a virtual server yemahara yechitatu-chikamu domain sezita rako rekushandisa.pserver.space
Kutanga, iwe unofanirwa kuisa murairo:
certbot certonlyMukupindura, chishandiso chinokukumbira kuti usarudze nzira yekusimbisa muridzi wedomasi:
Sarudzo yekutanga yakanakira kana iwe usina yakagadziriswa webhu server kana iwe usingade kuita shanduko kune iripo. Iyi nzira inogadzira yenguva pfupi sevha yewebhu kusimbisa kodzero yako kune iyo domain. Iyo yakanaka kune nyore uye nekukurumidza setup. Pakusarudza nzira iyi, zvakakosha kuchengetedza port 80 pasina.
Yechipiri sarudzo inodiwa kana uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchi , uye iwe uchida kuishandisa kuratidza iyo kodzero kune iyo domain . Certbot inoisa akakosha mafaera mufolda pane yako sevha, ayo anozotariswa nenzvimbo yekusimbisa.
Isu tinosarudza sarudzo yekutanga uye tinya inotevera. Panguva ino, unofanira:
- Isa email address;
- Bvumiranai nemitemo yebasa;
- Bvumirana kana kuramba kugamuchira maemail pachinzvimbo chekambani nevabatsiri vayo;
- Taura zita renzvimbo inopihwa chitupa.
Mushure mekupedza chirongwa chekuburitsa chitupa neCertbot chishandiso, chinoratidza nzira inoenda kudhairekitori kunochengeterwa chitupa chakapihwa uye data reakaundi yako:
Chasara ndechekuti iwe ubatanidze chitupa chakawanikwa kune sevhisi inodiwa.
Kuisa Chitupa cheNginx kana Apache
Ichi chikamu chinofungidzira kuti mamwe mamiriro akakosha akazadzikiswa:
- Iwe wakatoisa uye nekugadzirisa webhu server, ingave Nginx kana Apache. Inofanirwa kuwanikwa kubva pawebhusaiti kuburikidza nezita rezita rauri kuda kutora chitupa;
- Panguva yekuiswa kwechishandiso, wakaisawo plugin yeNginx kana Apache uchishandisa murairo wakakodzera;
- Mafirewall anobvumira kubatanidza pazviteshi 80 uye 443. Kana zviteshi izvi zvakavharwa kune zvinongedzo, sevhisi inenge isipo pazvikochekedzo zvinopinda. Kuti uwane rumwe ruzivo nezve firewall operation, takakurukura izvi muchinyorwa pamusoro kumisikidza firewall paLinux.
Kana mamiriro ese agutsikana, unogona kuenderera wakananga kupihwa setifiketi. Isu tichafunga nezve maitiro ekutora SSL chitupa pane server uchishandisa Nginx semuenzaniso. Nekudaro, kana uri kushandisa Apache web server, maitiro acho akafanana zvachose.
Kuti uwane chitupa, unofanirwa kuisa murairo:
certbot --nginx # for Nginx
certbot --apache # for ApacheMukupindura, chishandiso chinokumbira: kero yeemail, mvumo kumitemo yekushandiswa kweRega Encrypt sevhisi, uye mvumo yekutumira maemail pachinzvimbo chesevhisi nevamwe vayo.
Kutevera izvozvo, iwe unozofanirwa kudoma zita rezita rinopihwa chitupa. Certbot inogona kuona otomatiki iyo domain kana yakatsanangurwa mu server_name munda we Nginx configuration kana ServerName uye ServerAliases nokuti Apache. Kana iyo isina kutaurwa, chirongwa chinokuzivisa iwe uye nekukumbira iwe kuti uise iyo domain zita nemaoko. Zvadaro, chishandiso chinobvunza kana kugonesa kudzoreredzwa kwezvikumbiro kubva kuHTTP kuenda kuHTTPS protocol. Kuti umise otomatiki redirection, iwe unofanirwa kusarudza yechipiri sarudzo:
Mushure menguva yakati, Certbot inokuzivisa iwe nezve yakabudirira kutora kwechitupa cheiyo dura rakataurwa. Kubva panguva ino zvichienda mberi, zvese zvinongedzo zvinongedzo zvinodzoserwa kubva pachiteshi 80 kusvika 443. Chishandiso chicharatidza madhairekitori maunogona kuwana ese echitupa data uye Let's Encrypt account account:
Iyo meseji ichatsanangurawo nguva yechokwadi yechitupa chakawanikwa uye yakakosha sarudzo dzekutonga ese anoshanda zvitupa:
- certonly. Iyi sarudzo inoshandiswa kutora kana kugadzirisa chitupa pasina otomatiki web server kumisikidza. Certbot inongokumbira kana kugadzirisa chitupa asi haizoite chero otomatiki shanduko kune server kumisikidzwa. Kare, takashandisa sarudzo iyi kuwana chitupa pasina kusungirirwa kune web server.
- kuvandudza inoshandiswa pakuvandudza otomatiki kwese zvitupa zvakawanikwa kuburikidza neCertbot uye zviri mukati menguva yavo yechokwadi. Chirongwa chinotarisa zvitupa zvese, uye kana chimwe chazvo chikapera mukati memazuva makumi matatu kana pasi, chinozoitwa kuvandudzwa.
Tevere mumirayiridzo, tichakurukura maitiro ekumisikidza otomatiki kuvandudzwa kwezvitupa pasina kupindira kwemushandisi mwedzi mitatu yega yega.
Otomatiki Chitupa Kuvandudza muCertbot
YeDebian/Ubuntu
Paunenge uchishandisa aya masisitimu anoshanda, Certbot inongowedzera script kune yebasa runyorwa rwekuvandudza otomatiki kwezvitupa zvakaiswa. Unogona kutarisa kushanda kwescript nemurairo unotevera:
systemctl status certbot.timer
Mhinduro icharatidza chimiro chebasa, pamwe nedhairekitori rine faira rekugadzirisa. Unogona kuvhura izvi uchishandisa chero mavara edhita. Kana iwe usina ruzivo nezve mameseji edhita muLinux, isu tinokurudzira kujairana nazvo maonero edu yemhinduro dzakakurumbira. Muchiitiko ichi, tichashandisa nano:
nano /lib/systemd/system/certbot.timer
Ese akakosha ma parameter anoratidzwa:
- Purogiramu inoratidza kuti sevhisi ichaitwa kaviri pazuva na 00:00 na12:00;
- Chechipiri kukosha kunoratidza kunonoka kusingaite mumasekonzi ayo anozowedzerwa kune iyo nguva yekutanga. Muchiitiko ichi, ndeye 43,200 seconds (12 maawa), izvo zvinoita kuti kutanga kuwedzere uye kuparadzira mutoro;
- Iyi parameter inovimbisa kuti kana timer yaifanirwa kuitwa panguva yekuvharwa kwehurongwa, inozoitwa nekukasira pakatanga.
Iwe unogona zvakare kumhanyisa cheki yekumanikidzwa yekuvandudzwa kwechitupa nemurairo:
certbot renew --dry-runUchishandisa uyu murairo, zvitupa hazvizogadziriswe. Pane kudaro, chishandiso chichaita zviito zvakafanana nekuwana chitupa pakupera kwayo. Nenzira iyi, unogona kuve nechokwadi chekushanda kwesevhisi maererano nekuvandudza otomatiki.
YeCentOS, Fedora, nevamwe
Maitiro ekugonesa otomatiki zvigadziriso paRed Hat mhuri masisitimu anosiyana zvishoma. Kusiyana neDebian/Ubuntu, yeCentOS uye mamwe masisitimu, unofanirwa kuwedzera basa kune anoronga. Kune izvi, isu tinoshandisa iyo cron they chida:
crontab -eZvadaro, mufaira rinovhura, wedzera mutsara unotevera:
0 12 * * * /usr/bin/certbot renew --quietNgatiburitsei nharo huru dzemurairo:
- Nguva yekuuraya. Muchiitiko ichi, murairo unozotanga kushanda na12: 00 zuva rega rega;
- Murairo wekuvandudza SSL/TLS zvitupa uchishandisa Certbot;
- The --nyarara mureza unodzvanya zvinobuda, zvichiita kuti maitiro acho awedzere kuvanzika uye asanyanya kupindira muhurongwa matanda kana kuratidza.
Mushure mekuwedzera murairo, unoda kuchengetedza shanduko mufaira.
Sezvakangoita neDebian/Ubuntu, unogona zvakare kutanga cheki yekumanikidzwa yekuvandudzwa kwechitupa:
certbot renew --dry-runMhedzisiro yekubudirira kwekuita kwemirairo inotaridzika seizvi:
mhedziso
Isu takaongorora iyo yakazara maitiro ekuisa uye kugadzirisa Certbot pane Linux server. Nekutevera mirairo yakapihwa, unogona kubudirira kuwana chitupa cheSSL/TLS kubva kuLet Encrypt, chiise pawebhu server yako, uye gadzirisa otomatiki kuvandudzwa kuti uve nechokwadi chekuchengetedzwa kunoenderera uye kuwedzera kuvimba mune yako webhu sosi. NeCertbot, unogona nyore kugadzira yakavimbika uye yakachengeteka nharaunda yevashandisi.
