是时候支持HTTPS了:免费SSL证书letsencrypt配置教程

今天抽空将 blog 增加了 HTTPS 支持,并停止了原来的 HTTP 服务。

由于证书仅网站域名需要,因此使用了免费的 Let’s Encrypt 证书服务。

根据维基百科的说明,Let’s Encrypt 是一个于2015年三季度推出的数字证书认证机构,将通过旨在消除当前手动创建和安装证书的复杂过程的自动化流程,为安全网站提供免费的SSL/TLS证书。Let’s Encrypt 是由互联网安全研究小组(ISRG,一个公益组织)提供的服务。主要赞助商包括电子前哨基金会,Mozilla 基金会,Akamai 以及思科。

2015年12月3日,该服务进入公测阶段,正式面向公众。

2016年4月12日,该项目正式离开Beta阶段。

到2016年9月9日,Let’s Encrypt 已经发放 1000 万张证书。因此对于大部分中小型网站来说,是一个值得考虑的选择。

letsencrypt

HTTPS 启用及配置的主要步骤如下,假设你已经有一个正常运行的 HTTP 网站。

1. 打开 https://certbot.eff.org/ 选择对应操作系统与 Web 服务器,选完后出现响应的平台说明。由于我的系统运行在 nginx 及 Ubuntu,选完之后出现的说明地址是 https://certbot.eff.org/#ubuntuxenial-nginx

2. 执行命令,并根据需要修改相应域名参数。

$ sudo apt-get install letsencrypt
$ letsencrypt certonly --webroot -w /var/www/timyang.net -d timyang.net -d www.timyang.net

3. 修改 nginx
将 80 端口相关配置改成 443 端口,并增加相关配置

# listen       80;
listen 443 ssl;
server_name timyang.net www.timyang.net;

ssl_certificate /etc/letsencrypt/live/timyang.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/timyang.net/privkey.pem;

再增加 80 端口自动跳转

server {
    listen 80;
    server_name timyang.net www.timyang.net;
    return 301 https://$host$request_uri;
}

4. 重启 nginx,并用 chrome 访问,如果 URL 地址之前出现锁标记,则说明设置成功。
如果页面中还包含有嵌入的 HTTP 元素,chrome 会仍然显示 i 标记,通过点击 i 之后的元素说明逐个修复即可。

timyang-https

另外注意 Let’s Encrypt 每次只有 90 天有效期,但可以通过脚本进行更新

测试运行

$ sudo letsencrypt renew --dry-run --agree-tos

如果运行成功,建议将正式更新脚本加到 cron 脚本中,一劳永逸。

$ sudo letsencrypt renew

虽然 Let’s Encrypt 是一个免费的服务,但对 letsencrypt 使用感到满意的朋友,还可以去他们网站进行赞助。

如想及时阅读 Tim Yang 的文章,可通过页面右上方扫码订阅最新更新。

« | »

Comments

82 Comments

  1. This is really helpful:https://srcai.com/

  2. A reliable source of global business insights that combines valuable information with a modern, user-friendly and well-designed presentation. Printing press Grows

  3. Very interesting and informative blog:Smart Home Upgrades

  4. Fitness enthusiasts who enjoy the gym know consistent training and healthy habits help muscles grow, energy rise, and overall health thrive daily. Best move to burn fat

  5. I really like your blog it is very helpful:Home Office Designs

  6. A reliable source of global business insights that combines valuable information with a modern, user-friendly and well-designed presentation. Senior Frendly Business

  7. jessicasmith

    Sharing real value is the best kind of content. Here’s something worth knowing today! Best Snorkel Spots According to We Go Maui

  8. That’s fantastic:Painted Accent Wall Ideas

  9. Fitness enthusiasts who enjoy the gym know consistent training and healthy habits help muscles grow, energy rise, and overall health thrive daily. Best move to burn fat

  10. A reliable source of global business insights that combines valuable information with a modern, user-friendly and well-designed presentation. Senior Frendly Business

  11. A reliable source of global business insights that combines valuable information with a modern, user-friendly and well-designed presentation. Farm and food businesses/

  12. A reliable source of global business insights that combines valuable information with a modern, user-friendly and well-designed presentation. Farm and food businesses/

  13. Awesome post:Centrelink

  14. Great Post:2dogsmarine

  15. This is the really nice post thx:wilsonboltonmitsubishi

  16. I appreciate you giving this important information:Speeding Drivers

  17. This is really helpful:eaglemovers

  18. splendid post:Always Fighting

  19. Wow, that’s incredible:Granite Depot

  20. This is very informative and intersting, thanks for sharing:Sweet by Nature

  21. I really appreciate how you take the time to create thoughtful and meaningful content.

  22. Let’s Encrypt is a free, automated, and open certificate authority (CA) that provides SSL/TLS certificates to enable HTTPS on your website. These certificates are domain validated and are trusted by all major browsers.

1 2 3

Leave a Comment

Your email address will not be published. Required fields are marked *