Wosign 被封
以下是最近的三则新闻:
沃通作的死,自己得慢慢还。苹果、Chrome、Firefox都封杀之后,那些用了沃通证书的人(比如我),就得考虑更换了。Let’s Encrypt项目刚出来的时候我就有关注,但是当时这个项目还不稳定。
这次乘着这次机会,使用了一下。
Let's Encrypt官网还是很大气的,看着非常舒服。首页就直接有Get Started,利用Certbot工具很快就申请到了新的证书,再去Nginx更新配置就可以正常使用。
DigitalOcean上对于配置还有一篇很详细的介绍,可以点击这里。
使用 Let’s Encrypt
我有Shell权限,整个过程就三步:
- 执行
apt install letsencrypt安装Certbot。 - 执行
letsencrypt certonly --webroot -w /var/www/path/to/your/website -d yourdomian.com。执行完成之后会有以下输出:1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16IMPORTANT NOTES:
- If you lose your account credentials, you can recover through
e-mails sent to youremail@domian.com.
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/domian.com/fullchain.pem. Your cert will
expire on 2017-01-30. To obtain a new version of the certificate in
the future, simply run Let's Encrypt again.
- Your account credentials have been saved in your Let's Encrypt
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Let's
Encrypt so making regular backups of this folder is ideal.
- If you like Let's Encrypt, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le - 去 Nginx 配置文件更新证书。
ssl_certificate是fullchain.pem,ssl_certificate_key是privkey.pem。更新好配置重启/重载生效。
自动更新
Let's Encrypt的证书有效期是三个月,可以在服务器上配置自动更新证书。这个我现在还没用,下次折腾了再记。
另外,Let's Encrypt正在众筹资金,有意向的可以支持一下。** 捐赠 Let’s Encrypt,共建安全的互联网 **
