选用 Let’s Encrypt. 获取 HTTPS 证书文件,一旦服务器获取证书文件就可以保留下来,可以重复进行使用,当然证书文件也可以配置 Cerbot ACME 客户端进行新的证书文件定期获取。
具体的安装步骤如下,在 Debian 操作系统下。
1 sudo apt update
2 sudo apt install snapd
3 sudo snap install core
core 16-2.45.2 from Canonical✓ installed
4 sudo snap refresh core
# Remove certbot-auto and any Certbot OS packages
5 sudo apt-get remove certbot, or sudo dnf remove certbot, or sudo yum remove certbot.
# Prepare the Certbot command
6 sudo ln -s /snap/bin/certbot /usr/bin/certbot
7 sudo snap install --classic certbot
8 sudo certbot certonly --standalone (获取SSL 证书文件并且保留在固定位置,需要暂停在网 80 端口的服务)(★更简易 standalone 模式获取证书)
9 sudo certbot certonly --webroot (不用暂停在网的服务器)
9 Install your certificate You’ll need to install your new certificate in the configuration file for your webserver.
10 Test automatic renewal
sudo certbot renew --dry-run
### The command to renew certbot is installed in one of the following locations:(命令或者 地址能找到开启的 Timer)
- /etc/crontab/
- /etc/cron./
- systemctl list-timers
We did it!