“支持 HTTPS”的版本间的差异
跳到导航
跳到搜索
Jihongchang(讨论 | 贡献) |
Jihongchang(讨论 | 贡献) |
||
| 第1行: | 第1行: | ||
| − | 安装 certbot<syntaxhighlight lang="shell-session"> | + | === 1.安装 certbot === |
| + | <syntaxhighlight lang="shell-session"> | ||
yum list installed|grep certbot | yum list installed|grep certbot | ||
| − | </syntaxhighlight> | + | </syntaxhighlight> |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | </syntaxhighlight> | + | === 2.生成证书 === |
| − | [root@iZ8vbcjkeqbrdmmbt23vboZ archive]# docker cp /etc/letsencrypt/ | + | <syntaxhighlight lang="shell-session"> |
| + | [root@iZ8vbcjkeqbrdmmbt23vboZ www.jihongchang.top]# sudo certbot certonly --register-unsafely-without-email --standalone -d www.jihongchang.top | ||
| + | Saving debug log to /var/log/letsencrypt/letsencrypt.log | ||
| + | Plugins selected: Authenticator standalone, Installer None | ||
| + | Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org | ||
| + | Cert is due for renewal, auto-renewing... | ||
| + | Renewing an existing certificate for www.jihongchang.top | ||
| + | Performing the following challenges: | ||
| + | http-01 challenge for www.jihongchang.top | ||
| + | Waiting for verification... | ||
| + | Cleaning up challenges | ||
| + | |||
| + | IMPORTANT NOTES: | ||
| + | - Congratulations! Your certificate and chain have been saved at: | ||
| + | /etc/letsencrypt/live/www.jihongchang.top-0001/fullchain.pem | ||
| + | Your key file has been saved at: | ||
| + | /etc/letsencrypt/live/www.jihongchang.top-0001/privkey.pem | ||
| + | Your certificate will expire on 2025-12-09. To obtain a new or | ||
| + | tweaked version of this certificate in the future, simply run | ||
| + | certbot again. To non-interactively renew *all* of your | ||
| + | certificates, run "certbot renew" | ||
| + | - If you like Certbot, please consider supporting our work by: | ||
| + | |||
| + | Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate | ||
| + | Donating to EFF: https://eff.org/donate-le | ||
| + | </syntaxhighlight>'''注意:最后会输出生成的证书文件(fullchain.pem)和私钥文件(privkey.pem)的存储路径,但其实这里输出的两个文件只是软链接,我们还需要直到指向文件的真实存储路径''' | ||
| + | |||
| + | 用 <code>readlink -f</code> 直接把带有相对路径的软链接对应的文件路径换成绝对路径输出出来:<syntaxhighlight lang="shell-session"> | ||
| + | [root@iZ8vbcjkeqbrdmmbt23vboZ www.jihongchang.top-0001]# readlink -f /etc/letsencrypt/live/www.jihongchang.top-0001/fullchain.pem | ||
| + | /etc/letsencrypt/archive/www.jihongchang.top-0001/fullchain2.pem | ||
| + | [root@iZ8vbcjkeqbrdmmbt23vboZ www.jihongchang.top-0001]# readlink -f /etc/letsencrypt/live/www.jihongchang.top-0001/privkey.pem | ||
| + | /etc/letsencrypt/archive/www.jihongchang.top-0001/privkey2.pem | ||
| + | </syntaxhighlight> | ||
| + | |||
| + | === 3.暂停容器 === | ||
| + | <syntaxhighlight lang="console"> | ||
| + | [root@iZ8vbcjkeqbrdmmbt23vboZ www.jihongchang.top]# docker stop aade5ae73079 | ||
| + | aade5ae73079 | ||
| + | </syntaxhighlight> | ||
| + | |||
| + | === 4.复制且重命名证书('''fullchain.pem''')和私钥文件('''privkey.pem''')到容器里 === | ||
| + | <syntaxhighlight lang="shell-session"> | ||
| + | [root@iZ8vbcjkeqbrdmmbt23vboZ www.jihongchang.top-0001]# docker cp /etc/letsencrypt/archive/www.jihongchang.top-0001/fullchain2.pem aade5ae73079:/etc/letsencrypt/live/www.jihongchang.top/fullchain.pem | ||
| + | [root@iZ8vbcjkeqbrdmmbt23vboZ www.jihongchang.top-0001]# docker cp /etc/letsencrypt/archive/www.jihongchang.top-0001/privkey2.pem aade5ae73079:/etc/letsencrypt/live/www.jihongchang.top/privkey.pem | ||
| + | </syntaxhighlight> | ||
| + | |||
| + | === 5.重启容器 === | ||
| + | <syntaxhighlight lang="shell-session"> | ||
| + | [root@iZ8vbcjkeqbrdmmbt23vboZ www.jihongchang.top-0001]# docker start aade5ae73079 | ||
| + | aade5ae73079 | ||
</syntaxhighlight> | </syntaxhighlight> | ||
2025年9月10日 (三) 08:40的版本
1.安装 certbot
yum list installed|grep certbot
2.生成证书
[root@iZ8vbcjkeqbrdmmbt23vboZ www.jihongchang.top]# sudo certbot certonly --register-unsafely-without-email --standalone -d www.jihongchang.top
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Cert is due for renewal, auto-renewing...
Renewing an existing certificate for www.jihongchang.top
Performing the following challenges:
http-01 challenge for www.jihongchang.top
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/www.jihongchang.top-0001/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/www.jihongchang.top-0001/privkey.pem
Your certificate will expire on 2025-12-09. To obtain a new or
tweaked version of this certificate in the future, simply run
certbot again. To non-interactively renew *all* of your
certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
注意:最后会输出生成的证书文件(fullchain.pem)和私钥文件(privkey.pem)的存储路径,但其实这里输出的两个文件只是软链接,我们还需要直到指向文件的真实存储路径
用 readlink -f 直接把带有相对路径的软链接对应的文件路径换成绝对路径输出出来:
[root@iZ8vbcjkeqbrdmmbt23vboZ www.jihongchang.top-0001]# readlink -f /etc/letsencrypt/live/www.jihongchang.top-0001/fullchain.pem
/etc/letsencrypt/archive/www.jihongchang.top-0001/fullchain2.pem
[root@iZ8vbcjkeqbrdmmbt23vboZ www.jihongchang.top-0001]# readlink -f /etc/letsencrypt/live/www.jihongchang.top-0001/privkey.pem
/etc/letsencrypt/archive/www.jihongchang.top-0001/privkey2.pem
3.暂停容器
[root@iZ8vbcjkeqbrdmmbt23vboZ www.jihongchang.top]# docker stop aade5ae73079
aade5ae73079
4.复制且重命名证书(fullchain.pem)和私钥文件(privkey.pem)到容器里
[root@iZ8vbcjkeqbrdmmbt23vboZ www.jihongchang.top-0001]# docker cp /etc/letsencrypt/archive/www.jihongchang.top-0001/fullchain2.pem aade5ae73079:/etc/letsencrypt/live/www.jihongchang.top/fullchain.pem
[root@iZ8vbcjkeqbrdmmbt23vboZ www.jihongchang.top-0001]# docker cp /etc/letsencrypt/archive/www.jihongchang.top-0001/privkey2.pem aade5ae73079:/etc/letsencrypt/live/www.jihongchang.top/privkey.pem
5.重启容器
[root@iZ8vbcjkeqbrdmmbt23vboZ www.jihongchang.top-0001]# docker start aade5ae73079
aade5ae73079