首页 > 其他分享 >测试环境下使用HTTPS证书申请

测试环境下使用HTTPS证书申请

时间:2024-09-04 09:50:25浏览次数:11  
标签:certificate 证书 -- syhwyq pem 测试环境 HTTPS root icu

一、准备

linux的机子

真实的域名

二、安装Snapd

安装地址:Certbot (eff.org)

下滑查找

选择安装的操作系统

1.安装snapd
yum -y install epel-release
yum -y install snapd
2.创建软链接
systemctl enable --now snapd
ln -s /var/lib/snapd/snap /snap
snap --help

三、配置解析记录

1.安装Certbot软件包,并使用了--classic标志(经典模式)
snap install --classic certbot
ln -s /snap/bin/certbot /usr/bin/certbot

2.生成解析记录
格式:
certbot certonly --manual --preferred-challenges dns -d [真实域名]

certbot certonly --manual --preferred-challenges dns -d *.syhwyq.icu      # 此处是我的解析记录

If you really want to skip this, you can run the client with
--register-unsafely-without-email but you will then be unable to receive notice
about impending expiration or revocation of your certificates or problems with
your Certbot installation that will lead to failure to renew.

Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel): [email protected]   //此处输入你的邮箱

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf. You must agree in
order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y    //继续进行使用Y

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y     //继续进行使用Y
Account registered.
Requesting a certificate for *.syhwyq.icu

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name:

_acme-challenge.syhwyq.icu.                              //此处要配置域名解析

with the following value:

8cDiagJOjCKax3vZPJKmDvPZrBY7RIqhEmxdn6AB3I4             //此处要配置域名解析

Before continuing, verify the TXT record has been deployed. Depending on the DNS
provider, this may take some time, from a few seconds to multiple minutes. You can
check if it has finished deploying with aid of online tools, such as the Google
Admin Toolbox: https://toolbox.googleapps.com/apps/dig/#TXT/_acme-challenge.syhwyq.icu.
Look for one or more bolded line(s) below the line ';ANSWER'. It should show the
value(s) you've just added.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue                               //配置上面两步骤之后再进行回车

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/syhwyq.icu/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/syhwyq.icu/privkey.pem
This certificate expires on 2024-12-02.
These files will be updated when the certificate renews.

NEXT STEPS:
- This certificate will not be renewed automatically. Autorenewal of --manual certificates requires the use of an authentication hook script (--manual-auth-hook) but one was not provided. To renew this certificate, repeat this same certbot command before the certificate's expiry date.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

输入邮箱

输入Y

输入Y

在此先不点击回车记录上面两条记录跳到下一步

进行解析配置

点击回车

成功

ll /etc/letsencrypt/live/syhwyq.icu/
总用量 4
lrwxrwxrwx 1 root root  34 9月   3 11:20 cert.pem -> ../../archive/syhwyq.icu/cert1.pem
lrwxrwxrwx 1 root root  35 9月   3 11:20 chain.pem -> ../../archive/syhwyq.icu/chain1.pem
lrwxrwxrwx 1 root root  39 9月   3 11:20 fullchain.pem -> ../../archive/syhwyq.icu/fullchain1.pem
lrwxrwxrwx 1 root root  37 9月   3 11:20 privkey.pem -> ../../archive/syhwyq.icu/privkey1.pem
-rw-r--r-- 1 root root 692 9月   3 11:20 README

四、编写Nginx配置文件

1.编辑配置文件
vim  /etc/nginx//conf.d/nginx_myssl.conf

server {
    listen       80;
    server_name  www.syhwyq.icu;
    location / {
      rewrite ^(.*)$  https://www.syhwyq.icu$1 permanent;
    }
}

server {
    listen     443 ssl;
    server_name www.syhwyq.icu;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_certificate     /etc/letsencrypt/live/syhwyq.icu/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/syhwyq.icu/privkey.pem;
    ssl_ciphers         HIGH:!aNULL:!MD5;

    location / {
        root   /jump/html;
        index  index.html index.htm;
    }
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}

2.创建发布目录部署跳一跳项目
mkdir -p /jump/html
在这个目录上传跳一跳项目

3.重启nginx
nginx -t
systemctl  reload  nginx

4.访问页面
https://www.syhwyq.icu

标签:certificate,证书,--,syhwyq,pem,测试环境,HTTPS,root,icu
From: https://blog.csdn.net/qq_59671942/article/details/141859573

相关文章

  • 帝国CMS后台登录空白怎么办?如何修改成https
    今天总结一下帝国CMS后台登录空白常见问题已经解决方案!1、帝国cms修改成https后后台登陆空白的解决办法以下方法适用帝国cms7.5版本:7.5版本已经有了http和https自动识别,但是因为一些疑难杂症的原因,自动识别判断的不准,后台登录也是空白,我们可以打开e/config.php查找'httptype'......
  • SSL和HTTPS是一样的吗?
    在当今数字化的时代,网络安全成为了人们日益关注的焦点。当我们浏览网页时,经常会看到以“https”开头的网址,而与之密切相关的还有“SSL”这个术语。那么,SSL和HTTPS是一样的吗?答案是否定的,它们虽然紧密相关,但却有着不同的概念和作用。一、什么是SSL和HTTPS?首先,让我们来了解一下SS......
  • https 服务示例 go-gin框架 支持ssl/tls,
    本文为演示采用自签名证书一.生成证书通过openssl工具生成证书1.1安装opensslmacos通过brew安装brewinstallopenssl1.2生成跟证书私钥opensslgenrsa-outca.key40961.3准备配置文件vimca.conf内容如下   [req]   default_bits      =4096   distin......
  • 【Certimate - 免费SSL证书自动申请、续期工具】开源 SSL 证书自动管理工具推荐
    CertimateCertimate是一个开源的SSL证书管理工具,具有以下特点:支持私有部署:部署方法简单,只需下载二进制文件并执行即可完成安装。数据安全:由于是私有部署,所有数据均存储在本地,不会保存在服务商的服务器上,确保数据的安全性。操作方便:通过简单的配置即可轻松申请SSL证......
  • 网络安全、信息安全大学生值得考的5个证书!
    大学生生活时间比较自由,但是也面临着就业压力,那么自律及提前规划就很重要了!今天给大家分享5个网络安全、信息安全行业值得考的5个证书,这几个证书没有专业的限制,只要有意从事网安、信安行业的同学都可以冲!一、国家信息安全水平考试nisp一级报名条件:年满16周岁报名时间:每个月......
  • TLS证书生成-openssl基本命令
    文章目录CA证书一、服务器证书二、客户端证书三、哈希散列证书存储四、证书命令CA证书  CA证书是证书颁发机构(CertificateAuthority)颁发的证书,用于在互联网通信中建立信任关系,是SSL/TLS协议实施中不可或缺的一部分,使得传输的数据加密并保证通信安全。CA证书的......
  • https://github.com/john-doe54548
    软件工程课程第一次作业这个作业属于哪个课程https://edu.cnblogs.com/campus/fzu/SE2024这个作业要求在哪里https://edu.cnblogs.com/campus/fzu/SE2024/homework/13243这个作业的目标为以后软件工程的学习做准备工作学号102202156后台博文编辑页面的截图......
  • git-repo https证书认证问题
    目录问题描述解决步骤1.下载证书2.测试证书是否正常3.设置环境变量总结问题描述在使用gitrepo同步仓库时,发现不能同步,出现如下提示错误:%Total%Received%XferdAverageSpeedTimeTimeTimeCurrentDloadUploadTotalSpentLeftS......
  • 泛域名SSL证书申请,哪个品牌提供更优服务?
    SSL证书作为保护数据传输安全的重要工具,其重要性不言而喻。泛域名SSL证书,也称为通配符SSL证书,能够为一个主域名及其所有子域名提供安全保护,是许多企业和个人的理想选择。面对市场上众多的SSL证书品牌,选择一个合适的品牌显得尤为重要。本文将介绍几个备受推崇的泛域名SSL证书品牌,并......
  • https://www.bilibili.com/video/BV1Bg41167W5/ 突破英语听力口语瓶颈20|掌握5种弱读,不
    functionwordsArticles(the,a/an)Auxiliaries(can,must,might,will)Demonstratives(this,these,that,those)Quantifiers(many,few,little,some)Prepositions(on,with,to,from)Pronouns(he,she,they,we)Conjunctions(and,but,or,but) 1.ReducingConjunction弱读连词......