環境配置
安裝了nginx,並且nginx安裝https模塊
記得安裝之前備份nginx的配置文件(nginx.conf),不然一會給你覆蓋了
CentOS Linux release 7.7.1908 (Core)
Linux version 3.10.0-1062.1.1.el7.x86_64 ([email protected]) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-39) (GCC) ) #1 SMP Fri Sep 13 22:55:44 UTC 2019
1.安裝依賴
yum -y install yum-utils
yum-config-manager --enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optional
sudo yum install certbot python2-certbot-nginx
出錯看抱錯
2.安裝
certbot --nginx
1.輸入郵箱
2.同意
輸入a
輸入y
3.配置用戶
先輸入c退出,然後這裏我們需要去nginx配置我們的用戶名字
vim /etc/nginx/nginx.conf (根據自己的實際情況)
將local換成你要解析的域名保存退出
執行certbot --nginx 重新執行1,2步驟
選擇你要配置的域名
4.重定向
1是保留80
2是將80指向安裝的https
根據個人需要選擇(我選擇了1)
5.成功
可以去那個地址查看證書
3.查看
4.定期更新
echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew -q" | sudo tee -a /etc/crontab > /dev/null
5.增加安全證書
https://golightlyplus.com/add-subdomain-existing-certificate-using-certbot/
記得把之前的也添加上
記得加 --expand
certbot -d www.sixmillions.cn,sixmillions.cn,blog.sixmillions.cn,www.blog.sixmillions.cn,www.order.sixmillions.cn,order.sixmillions.cn,www.qa.sixmillions.cn,qa.sixmillions.cn --expand
抱錯
Could not automatically find a matching server block for blog.sixmillions.cn. Set the `server_name` directive to use the Nginx installer.
還是像上面需要先配置nginx的服務名
抱錯
注意pip一定要用python2的
ImportError: cannot import name UnrewindableBodyError
解決辦法,重裝 urllib3 庫:
pip uninstall urllib3
pip install urllib3
ImportError: ‘pyOpenSSL’ module missing required functionality. Try upgrading to v0.14 or newer.
# 先移除剛纔安裝的
yum remove certbot
pip uninstall pyOpenSSL
# 更新pip
pip install --upgrade pip
# 重新安裝
yum install -y python-devel
yum install -y openssl-devel
pkg_resources.DistributionNotFound: The ‘PyOpenSSL>=0.13’ distribution was not found and is required by josepy
pip uninstall PyOpenSSL
# 更新pip
pip install --upgrade pip
# 安裝
pip install PyOpenSSL