让网站(http://www.example.com
)支持 https 协议,能正常访问( https://www.example.com
)这个链接。
https 其实就是通过 ca 证书,对服务器和域名进行实名认证。这里使用公益组织 Let's Encrypt
提供的工具 certbot
免费生成 ca 证书。
www.example.com
:经过备案且能正常解析到服务器;certbot
是 公益组织 Let's Encrypt
提供的 ca证书
生成工具。
sudo apt-get update;
sudo apt-get install software-properties-common;
sudo add-apt-repository ppa:certbot/certbot;
sudo apt-get update;
Ubuntu14用这个命令:sudo apt-get install python-certbot-nginx;
Ubuntu20用这个命令:sudo apt-get install python3-certbot-nginx
# 1、执行生成命令
sudo certbot --nginx
# 2、出现如下信息
Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: www.example.com
# 3、输入 1 ,回车
# 4、出现如下信息
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
# 5、输入 2 ,回车
# 6、出现下面语句,表示生成成功
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/www.example.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/www.example.com/privkey.pem
Your cert will expire on 2019-02-25. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
现在即可使用 https://www.example.com
来访问网站了。
ca证书的使用期限是90天,可以通过下面命令自动续签更新,永不过期。
sudo certbot renew --dry-run
原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。
如有侵权,请联系 cloudcommunity@tencent.com 删除。
原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。
如有侵权,请联系 cloudcommunity@tencent.com 删除。