试用Let's encrypt

时间:2024-10-23 23:06:20

终于等到 https://letsencrypt.org beta了,马上下载试用,发现过程超简单。

1、首先需要下载letsencrypt的客户端,官方给的介绍是

The Let’s Encrypt Client is a fully-featured, extensible client for the Let’s Encrypt CA (or any other CA that speaks the ACME protocol) that can automate the tasks of obtaining certificates and configuring webservers to use them.

重要的是说客户端能自动的获取证书,和配置webserver。

下载的方法就是从 https://github.com/letsencrypt/letsencrypt 上clone整个repo。

git clone https://github.com/letsencrypt/letsencrypt.git

cd letsencrypt

./letsencrypt-auto --help

最后一条命令会安装一些依赖包,安装完成后就会打帮助信息来。

2、获取证书的命令很简单,

./letsencrypt-auto certonly --standalone --email admin@thing.com -d thing.com -d www.thing.com -d otherthing.net

文档上说email是用来在证书之后找回证书的(没有试过)。-d后面就是要获取证书的域名。

需要注意的是,这个域名需要指向运行这条命令的机器,这样子letsencrypt才能验证通过。

成功后,会打印出下面的信息:

IMPORTANT NOTES:

 - If you lose your account credentials, you can recover through

   e-mails sent to xxxx@xxx.xxx.

- Congratulations! Your certificate and chain have been saved at

/etc/letsencrypt/live/xxxxx.com/fullchain.pem. Your cert will

expire on 2016-03-03. To obtain a new version of the certificate in

the future, simply run Let's Encrypt again.

- Your account credentials have been saved in your Let's Encrypt

configuration directory at /etc/letsencrypt. You should make a

secure backup of this folder now. This configuration directory will

also contain certificates and private keys obtained by Let's

Encrypt so making regular backups of this folder is ideal.

- If like Let's Encrypt, please consider supporting our work by:

Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate

Donating to EFF:                    https://eff.org/donate-le