如何在CentOS 7云服务器上安装Let's Encrypt的SSL证书?

  • 发布时间:2021-12-03 10:09:44
  • 阅读次数:1964

这篇帮助讲解了如何在CentOS 7云服务器上安装SSL证书的方法,Web服务器使用Apache。安装成功后,在服务端和客户端之间的流量将会加密。SSL证书广泛应用在电商网站和在线金融行业。Let's Encrypt是免费SSL证书的先驱,也是最常见的SSL证书之一。

安装Certbot

首先安装两个依赖包:

sudo yum install -y epel-release mod_ssl

安装Certbot客户端。Certbot是一种轻松管理SSL证书的工具。

sudo yum install python-certbot-apache

安装SSL证书

安装并配置SSL证书。example.com换成实际域名。

sudo certbot --apache -d example.com

如果需要为多个域名生产证书,可使用以下命令。注意第一个域名必须是根域名。

sudo certbot --apache -d example.com -d www.example.com

安装过程中,系统会给出一个分步骤的配置向导。我们可以选择是否强制HTTPS还是保留HTTP作为默认协议,向导还要求我们提供证书的管理员邮箱等。安装完成后,系统会显示如下结果:

IMPORTANT NOTES:
- If you lose your account credentials, you can recover through
emails sent to user@example.com.
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/example.com/fullchain.pem. Your cert
will expire on 2019-04-21. To obtain a new version of the
certificate in the future, simply run Let's Encrypt again.
- Your account credentials have been saved in your Let's Encrypt
configuration directory at / etc / letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also have certificates and private keys obtained by Let's
Encrypt so regular backups of this folder is ideal.
- If you like Let's Encrypt, please consider supporting our work by:

设置自动续订

Let's encrypt证书的有效期为90天,因此需要及时进行续订。Certbot会协助我们完成证书的续订。这里我们需要确认Certbot的续订功能是否正常。

sudo certbot renew

如果证书是近期安装的,Certbot只会显示到期日期而不进行续订。

Processing  /etc/letsencrypt/renewal/example.com.conf
The following certs are not due for renewal yet:
    /etc/letsencrypt/live/example.com/fullchain.pem (skipped)
No renewals were attempted.

设置自动续订需要通过定时任务cronjob完成。

sudo crontab -e

添加以下定时任务,每周一凌晨执行一次。

0 0 * * 1 / usr / bin / certbot renew >> /var/log/sslrenew.log

以上就完成了CentOS 7云服务器下免费SSL证书的安装过程,至此在Apache和客户端之间的数据将会加密,确保网络传输的安全。

【全文完】

< 上一篇:如何在Ubuntu 20.04云服务器上安装Let's Encrypt的SSL证书? 下一篇:如何提高MongoDB的安全性? >