2 月 22 2016
之前都在用 StartSSL 的免費 certificate,雖知道有 Let’s Encrypt,但因手邊幾乎都轉用 nginx,遲遲沒下手。
約莫一週前 zeroplex 丟了這個網頁:「Why I stopped using StartSSL (Hint: it involves a Chinese company)」,三、四天前 DK 大神也撰文提及,就決定趁週末沒什麼事來動工…
用 DK 大神在一個月前撰文提過的 dehydrated 這個 GitHub 專案可以輕鬆搞定,步驟大致如下…
mkdir dehydrated/.acme-challenges
dehydrated/dehydrated -c -d {網站hostname}
server { listen 443 ssl http2; listen [::]:443 ssl http2; ssl on; ssl_certificate /SOMEWHERE/dehydrated/certs/{網站hostname}/fullchain.pem; ssl_certificate_key /SOMEWHERE/dehydrated/certs/{網站hostname}/privkey.pem; ssl_trusted_certificate /SOMEWHERE/dehydrated/certs/{網站hostname}/fullchain.pem; .... }
我記得 Let’s Encrypt 的 certificate 要在 90 天內 renew,所以 cron job 這樣放:
0 0 1 */2 * /SOMEWHERE/dehydrated/letsencrypt.sh -c -d {網站hostname} > /dev/null 2>&1
Updated : letsencrypt.sh 改為 dehydrated 。
By Joe Horn • WWW • • Tags: certificate, dehydrated, HTTPS, Let's Encrypt, letsencrypt.sh, nginx, SSL, StartSSL
2 月 22 2016
改用 Let’s Encrypt 的 certificates
之前都在用 StartSSL 的免費 certificate,雖知道有 Let’s Encrypt,但因手邊幾乎都轉用 nginx,遲遲沒下手。
約莫一週前 zeroplex 丟了這個網頁:「Why I stopped using StartSSL (Hint: it involves a Chinese company)」,三、四天前 DK 大神也撰文提及,就決定趁週末沒什麼事來動工…
用 DK 大神在一個月前撰文提過的 dehydrated 這個 GitHub 專案可以輕鬆搞定,步驟大致如下…
dehydrated/dehydrated -c -d {網站hostname}server { listen 443 ssl http2; listen [::]:443 ssl http2; ssl on; ssl_certificate /SOMEWHERE/dehydrated/certs/{網站hostname}/fullchain.pem; ssl_certificate_key /SOMEWHERE/dehydrated/certs/{網站hostname}/privkey.pem; ssl_trusted_certificate /SOMEWHERE/dehydrated/certs/{網站hostname}/fullchain.pem; .... }我記得 Let’s Encrypt 的 certificate 要在 90 天內 renew,所以 cron job 這樣放:
0 0 1 */2 * /SOMEWHERE/dehydrated/letsencrypt.sh -c -d {網站hostname} > /dev/null 2>&1Updated : letsencrypt.sh 改為 dehydrated 。
By Joe Horn • WWW • • Tags: certificate, dehydrated, HTTPS, Let's Encrypt, letsencrypt.sh, nginx, SSL, StartSSL