certbot

(base) a@test:~# certbot --help

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...

Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate. The most common SUBCOMMANDS and flags are:

obtain, install, and renew certificates:
(default) run Obtain & install a certificate in your current webserver
certonly Obtain or renew a certificate, but do not install it
renew Renew all previously obtained certificates that are near
expiry
enhance Add security enhancements to your existing configuration
-d DOMAINS Comma-separated list of domains to obtain a certificate for

(the certbot apache plugin is not installed)
--standalone Run a standalone webserver for authentication
--nginx Use the Nginx plugin for authentication & installation
--webroot Place files in a server's webroot folder for authentication
--manual Obtain certificates interactively, or using shell script
hooks

-n Run non-interactively
--test-cert Obtain a test certificate from a staging server
--dry-run Test "renew" or "certonly" without saving any certificates
to disk

manage certificates:
certificates Display information about certificates you have from Certbot
revoke Revoke a certificate (supply --cert-path or --cert-name)
delete Delete a certificate

manage your account with Let's Encrypt:
register Create a Let's Encrypt ACME account
update_account Update a Let's Encrypt ACME account
--agree-tos Agree to the ACME server's Subscriber Agreement
-m EMAIL Email address for important account notifications

More detailed help:

-h, --help [TOPIC] print this message, or detailed help on a topic;
the available TOPICS are:

all, automation, commands, paths, security, testing, or any of the
subcommands or plugins (certonly, renew, install, register, nginx,
apache, standalone, webroot, etc.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(base) a@test:~# nginx -t^C
(base) a@test:~# ^C
(base) a@test:~# ^C
(base) a@test:~# certbot run -d a.test.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for a.test.com
Using default address 80 for authentication.
Waiting for verification...
Cleaning up challenges
Could not automatically find a matching server block for a.test.com. Set the `server_name` directive to use the Nginx installer.

IMPORTANT NOTES:
- Unable to install the certificate
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/a.test.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/a.test.com/privkey.pem
Your cert will expire on 2020-10-05. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
(base) a@test:~#

Certbot - Ubuntuother Nginx https://certbot.eff.org/lets-encrypt/ubuntuother-nginx

(base) a@test:~# certbot run -d a.test.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/a.test.com.conf)

What would you like to do?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Keeping the existing certificate
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/default
nginx: [warn] conflicting server name "test.com" on 0.0.0.0:443, ignored

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
No matching insecure server blocks listening on port 80 found.
nginx: [warn] conflicting server name "test.com" on 0.0.0.0:443, ignored

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://a.test.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=a.test.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/a.test.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/a.test.com/privkey.pem
Your cert will expire on 2020-10-05. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

(base) a@test:~#

(base) root@SIT:/etc/nginx/sites-enabled/test# cat www.test.com.conf

server {

server_name www.test.com;

root /root/oo_game_official_website_pc_Tmp_domain/oo_game_official_website_pc/dist/;

}

(base) root@SIT:/etc/nginx/sites-enabled/test# certbot run -d www.test.com

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Plugins selected: Authenticator nginx, Installer nginx

Obtaining a new certificate

Performing the following challenges:

http-01 challenge for www.test.com

Waiting for verification...

Cleaning up challenges

Failed authorization procedure. www.test.com (http-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up A for www.test.com - check that a DNS record exists for this domain

IMPORTANT NOTES:

- The following errors were reported by the server:

Domain: www.test.com

Type:   None

Detail: DNS problem: NXDOMAIN looking up A for www.test.com -

check that a DNS record exists for this domain

(base) root@SIT:/etc/nginx/sites-enabled/test# certbot run -d www.test.com

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Plugins selected: Authenticator nginx, Installer nginx

Obtaining a new certificate

Performing the following challenges:

http-01 challenge for www.test.com

Waiting for verification...

Cleaning up challenges

Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/test/www.test.com.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

1: No redirect - Make no further changes to the webserver configuration.

2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for

new sites, or if you're confident your site works on HTTPS. You can undo this

change by editing your web server's configuration.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2

Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/test/www.test.com.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Congratulations! You have successfully enabled https://www.test.com

You should test your configuration at:

https://www.ssllabs.com/ssltest/analyze.html?d=www.test.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:

- Congratulations! Your certificate and chain have been saved at:

/etc/letsencrypt/live/www.test.com/fullchain.pem

Your key file has been saved at:

/etc/letsencrypt/live/www.test.com/privkey.pem

Your cert will expire on 2020-10-14. To obtain a new or tweaked

version of this certificate in the future, simply run certbot again

with the "certonly" option. To non-interactively renew *all* of

your certificates, run "certbot renew"

- If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate

Donating to EFF:                    https://eff.org/donate-le

(base) root@SIT:/etc/nginx/sites-enabled/test# cat www.test.com.conf

server {

server_name www.test.com;

root /root/oo_game_official_website_pc_Tmp_domain/oo_game_official_website_pc/dist/;

listen 443 ssl; # managed by Certbot

ssl_certificate /etc/letsencrypt/live/www.test.com/fullchain.pem; # managed by Certbot

ssl_certificate_key /etc/letsencrypt/live/www.test.com/privkey.pem; # managed by Certbot

include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot

ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {

if ($host = www.test.com) {

return 301 https://$host$request_uri;

} # managed by Certbot

server_name www.test.com;

listen 80;

return 404; # managed by Certbot

}(base) root@SIT:/etc/nginx/sites-enabled/test#

(base) root@uat-ms-server:/etc/nginx/sites-enabled/test# cat www.test.com.conf
server {    server_name www.test.com;    root /root/oo_game_official_website_pc_Tmp_domain/oo_game_official_website_pc/dist/;}(base) root@uat-ms-server:/etc/nginx/sites-enabled/test# certbot run -d www.test.comSaving debug log to /var/log/letsencrypt/letsencrypt.logPlugins selected: Authenticator nginx, Installer nginxObtaining a new certificatePerforming the following challenges:http-01 challenge for www.test.comWaiting for verification...Cleaning up challengesFailed authorization procedure. www.test.com (http-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up A for www.test.com - check that a DNS record exists for this domain
IMPORTANT NOTES: - The following errors were reported by the server:
   Domain: www.test.com   Type:   None   Detail: DNS problem: NXDOMAIN looking up A for www.test.com -   check that a DNS record exists for this domain(base) root@uat-ms-server:/etc/nginx/sites-enabled/test# certbot run -d www.test.comSaving debug log to /var/log/letsencrypt/letsencrypt.logPlugins selected: Authenticator nginx, Installer nginxObtaining a new certificatePerforming the following challenges:http-01 challenge for www.test.comWaiting for verification...Cleaning up challengesDeploying Certificate to VirtualHost /etc/nginx/sites-enabled/test/www.test.com.conf
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -1: No redirect - Make no further changes to the webserver configuration.2: Redirect - Make all requests redirect to secure HTTPS access. Choose this fornew sites, or if you're confident your site works on HTTPS. You can undo thischange by editing your web server's configuration.- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/test/www.test.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Congratulations! You have successfully enabled https://www.test.com
You should test your configuration at:https://www.ssllabs.com/ssltest/analyze.html?d=www.test.com- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at:   /etc/letsencrypt/live/www.test.com/fullchain.pem   Your key file has been saved at:   /etc/letsencrypt/live/www.test.com/privkey.pem   Your cert will expire on 2020-10-14. To obtain a new or tweaked   version of this certificate in the future, simply run certbot again   with the "certonly" option. To non-interactively renew *all* of   your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by:
   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate   Donating to EFF:                    https://eff.org/donate-le
(base) root@uat-ms-server:/etc/nginx/sites-enabled/test# cat www.test.com.conf
server {    server_name www.test.com;    root /root/oo_game_official_website_pc_Tmp_domain/oo_game_official_website_pc/dist/;

    listen 443 ssl; # managed by Certbot    ssl_certificate /etc/letsencrypt/live/www.test.com/fullchain.pem; # managed by Certbot    ssl_certificate_key /etc/letsencrypt/live/www.test.com/privkey.pem; # managed by Certbot    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {    if ($host = www.test.com) {        return 301 https://$host$request_uri;    } # managed by Certbot

    server_name www.test.com;    listen 80;    return 404; # managed by Certbot

}(base) root@uat-ms-server:/etc/nginx/sites-enabled/test#

Certbot CA 证书 https的更多相关文章

  1. iOS Burp suite CA证书 HTTPS

    设置好burp suite代理后,在浏览器地址输入http://burp/,下载CA证书: 在iOS上下载CA证书,可通过邮件或百度云等一切iOS可以访问证书文件的方法: 点击证书文件iOS提示安装, ...

  2. 给IIS添加CA证书以支持https

    一.在IIS中生成Certificate Signing Request (CSR) 个人理解:生成CSR就是生成“私钥/公钥对”之后从中提取出公钥. 1. 打开IIS Manager,在根节点中选择 ...

  3. CA证书扫盲,https讲解。

    很多关于CA证书的讲解. 1.什么是CA证书. 看过一些博客,写的比较形象具体. ◇ 普通的介绍信 想必大伙儿都听说过介绍信的例子吧?假设 A 公司的张三先生要到 B 公司去拜访,但是 B 公司的所有 ...

  4. http的CA证书安装(也就是https)

    近几年随着安全意识的提高,https流行起来,很多小伙伴不太了解https是什么,其实http和https并没有区别,简单的来说,https就是将http通信进行了加密和解密的一个过程.加上谷歌浏览器 ...

  5. 002. https通信(CA证书认证 + 密钥商定 )

    服务端与客户端建立https通信的过程: 一.认证:客户端第一次访问服务端时,要求服务端证明自己可被信任 1.证书:由服务端申请.第三方CA颁发的,存放在服务端的证书: 证书包含:服务端的公钥.服务端 ...

  6. [PHP] curl访问https与CA证书问题

    CA证书,用来在调用HTTPS资源的时候,验证对方网站是否是CA颁布的证书,而不是自己随便生成的 curl命令1.需要下载CA证书 文件地址是 http://curl.haxx.se/ca/cacer ...

  7. BurpSuit添加CA证书拦截HTTPS通信

    问题 BurpSuit 安装成功后可以直接使用代理对使用 HTTP 协议通信的会话进行拦截,但是对于使用 HTTPS 协议通信的会话进行代理使用时就会出现如下画面 例如访问百度主页: 原因 HTTPS ...

  8. Linux CA证书与https讲解

    1.什么是CA证书. ◇ 普通的介绍信 想必大伙儿都听说过介绍信的例子吧?假设 A 公司的张三先生要到 B 公司去拜访,但是 B 公司的所有人都不认识他,他咋办捏?常用的办法是带公司开的一张介绍信,在 ...

  9. HTTPS原理和CA证书申请(转)

    原文地址:http://blog.51cto.com/11883699/2160032 众所周知,WEB服务存在http和https两种通信方式,http默认采用80作为通讯端口,对于传输采用不加密的 ...

随机推荐

  1. VS批量添加多个文件

    步骤 1.设置项目,显示所有文件.2.点击项目,右键在资源管理器中打开.3.将要导入的文件复制到对应的文件中去.4.在解决方案中就可以看到刚才添加的多个文件.5.在新加的文件夹上右键,包括在项目中.

  2. springcloud-ribbon&feign

    ribbon 负载均衡和远程服务调用 相关注解 @LoadBalanced Feign 远程服务调用 相关注解 @FeignClient 实例化服务调用 @SpringQueryMap pojo参数传 ...

  3. 向Docker告别的时候到了

    在容器的远古时期(大约4年前),Docker是容器游戏中仅有的参与者.但是现在情况不一样了,Docker不再是唯一的一个了,只是另一个容器引擎而已.Docker允许我们构建,运行,拉取,上传,查看容器 ...

  4. [LeetCode]129. Sum Root to Leaf Numbers路径数字求和

    DFS的标准形式 用一个String记录路径,最后判断到叶子时加到结果上. int res = 0; public int sumNumbers(TreeNode root) { if (root== ...

  5. Android Studio连接手机调试教程已决解

    Android Studio连接手机调试教程 Windows电脑连接安卓手机需要下载安装驱动,确保电脑联上网络. 准备条件: 1.电脑上安装应用宝软件. 2.手机开发者选项里面打开USB调试,USB安 ...

  6. Java 为每个原始类型提供了哪些包装类型:

    java的包装类型: 原始类型: boolean,char,byte,short,int,long,float,double 包装类型:Boolean,Character,Byte,Short,Int ...

  7. 【Linux】使用笔记

    前言 搜狗输入法,作为我体验最好的一个输入法,一直陪我从小学走到了现在,优麒麟线上发布会时,搜狗团队代表用"聪明"来形同它,事实也确实如此,它能十分人性地记录使用者常用的热词,并且 ...

  8. 使用 SOS 对 Linux 中运行的 .NET Core 进行问题诊断

    目录 说明 准备一个方便的学习环境 2.x 配置内容 3.x 配置内容 工具介绍 lldb sos plugin 1. attach 到进程上进行调试 2. 分析core dump文件 SOS 案例分 ...

  9. 数据仓库组件:Hive环境搭建和基础用法

    本文源码:GitHub || GitEE 一.Hive基础简介 1.基础描述 Hive是基于Hadoop的一个数据仓库工具,用来进行数据提取.转化.加载,是一个可以对Hadoop中的大规模存储的数据进 ...

  10. 浅析 MVC Pattern

    一.前言 最近做CAD插件相关的工作,用到了一些模式,解决对应场景的问题. 比如插件的运行实例上使用Singleton.实例内部使用了MVC(Strategy and Observer ). 针对CA ...