Let’s Encrypt 的數位憑證認證機構(CA)推出免費SSL/TLS 憑證服務,但是期限僅限三個月
1.先安裝 git 及 EPEL repo:
# yum install git epel-release
2.安裝 Let’s encrypt 所需套件:
# yum install gcc libffi-devel python-devel openssl-devel
3.然後下載 Let’s encrypt:
# cd /root
# git clone https://github.com/letsencrypt/letsencrypt
這時系統會將 Let’s encrypt 的最新檔案下載到 /root/letsencrypt, 執行以下 script SSL certificate:
# cd /root/letsencrypt
# ./letsencrypt-auto certonly -a standalone -d yourdomain.com -d www.yourdomain.com
Let’s encrypt 會將憑證檔案放到 /etc/letsencrypt/live/.
#vi /etc/httpd/conf.d/ssl.conf
#systemctl restart httpd
憑證檢查
https://www.ssllabs.com/ssltest/analyze.html?d=qaz.com&latest
憑證更新
#./letsencrypt-auto renew
Let’s Encrypt Client更新
#cd /opt/letsencrypt
#git pull