Centos 7安裝Let’s Encrypt憑證

Posted on by peter
Print Friendly, PDF & Email

Let’s Encrypt 的數位憑證認證機構(CA)推出免費SSL/TLS 憑證服務,但是期限僅限三個月

1.先安裝 git 及 EPEL repo:

# yum install git epel-release

2.安裝 Let’s encrypt 所需套件:

# yum install gcc libffi-devel python-devel openssl-devel

3.然後下載 Let’s encrypt:

# cd /root
# git clone https://github.com/letsencrypt/letsencrypt

這時系統會將 Let’s encrypt 的最新檔案下載到 /root/letsencrypt, 執行以下 script SSL certificate:

# cd /root/letsencrypt
# ./letsencrypt-auto certonly -a standalone -d yourdomain.com -d www.yourdomain.com
Let’s encrypt 會將憑證檔案放到 /etc/letsencrypt/live/.

#vi /etc/httpd/conf.d/ssl.conf

#systemctl restart httpd

憑證檢查

https://www.ssllabs.com/ssltest/analyze.html?d=qaz.com&latest
憑證更新

#./letsencrypt-auto renew

Let’s Encrypt Client更新

#cd /opt/letsencrypt
#git pull