支持 HTTPS

来自姬鸿昌的知识库
Jihongchang讨论 | 贡献2025年9月10日 (三) 08:41的版本
(差异) ←上一版本 | 最后版本 (差异) | 下一版本→ (差异)
跳到导航 跳到搜索

安装 certbot

 yum list installed|grep certbot

生成证书

[root@iZ8vbcjkeqbrdmmbt23vboZ www.jihongchang.top]# sudo certbot certonly --register-unsafely-without-email --standalone -d www.jihongchang.top
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Cert is due for renewal, auto-renewing...
Renewing an existing certificate for www.jihongchang.top
Performing the following challenges:
http-01 challenge for www.jihongchang.top
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/www.jihongchang.top-0001/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/www.jihongchang.top-0001/privkey.pem
   Your certificate will expire on 2025-12-09. To obtain a new or
   tweaked version of this certificate in the future, simply run
   certbot again. To non-interactively renew *all* of your
   certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

注意:最后会输出生成的证书文件(fullchain.pem)和私钥文件(privkey.pem)的存储路径,但其实这里输出的两个文件只是软链接,我们还需要直到指向文件的真实存储路径readlink -f 直接把带有相对路径的软链接对应的文件路径换成绝对路径输出出来:

[root@iZ8vbcjkeqbrdmmbt23vboZ www.jihongchang.top-0001]# readlink -f /etc/letsencrypt/live/www.jihongchang.top-0001/fullchain.pem
/etc/letsencrypt/archive/www.jihongchang.top-0001/fullchain2.pem
[root@iZ8vbcjkeqbrdmmbt23vboZ www.jihongchang.top-0001]# readlink -f /etc/letsencrypt/live/www.jihongchang.top-0001/privkey.pem
/etc/letsencrypt/archive/www.jihongchang.top-0001/privkey2.pem

暂停容器

[root@iZ8vbcjkeqbrdmmbt23vboZ www.jihongchang.top]# docker stop aade5ae73079
aade5ae73079

复制且重命名证书(fullchain.pem)和私钥文件(privkey.pem)到容器里

[root@iZ8vbcjkeqbrdmmbt23vboZ www.jihongchang.top-0001]# docker cp /etc/letsencrypt/archive/www.jihongchang.top-0001/fullchain2.pem aade5ae73079:/etc/letsencrypt/live/www.jihongchang.top/fullchain.pem
[root@iZ8vbcjkeqbrdmmbt23vboZ www.jihongchang.top-0001]# docker cp /etc/letsencrypt/archive/www.jihongchang.top-0001/privkey2.pem aade5ae73079:/etc/letsencrypt/live/www.jihongchang.top/privkey.pem

重启容器

[root@iZ8vbcjkeqbrdmmbt23vboZ www.jihongchang.top-0001]# docker start aade5ae73079
aade5ae73079
取自“https://www.jihongchang.top/index.php?title=支持_HTTPS&oldid=8342