文档章节

CentOS5.11配置Let's Encrypt免费证书

m_lm
 m_lm
发布于 01/21 13:41
字数 1159
阅读 6
收藏 0

安装环境:

[root@WQ02 opt]# lsb_release -a
LSB Version:	:core-4.0-amd64:core-4.0-ia32:core-4.0-noarch:graphics-4.0-amd64:graphics-4.0-ia32:graphics-4.0-noarch:printing-4.0-amd64:pri
nting-4.0-ia32:printing-4.0-noarchDistributor ID:	CentOS
Description:	CentOS release 5.11 (Final)
Release:	5.11
Codename:	Final

1、下载certbot-auto:

wget https://dl.eff.org/certbot-auto
chmod   a+x   ./certbot-auto

2、升级Python到2.7版本。Centos5系统Python为2.4版本。certbot-auto需要依赖Python2.7+版本。

wget https://www.python.org/ftp/python/2.7.2/Python-2.7.2.tgz
tar xfz Python-2.7.2.tgz
./configure
make
make install

安装后系统自动默认Python为新版本。

[root@WQ02 opt]# python -V
Python 2.7.2

如果升级python后yum无法使用时可按照如下方法处理。

vim /usr/bin/yum
将第一个行#!/usr/bin/python调整为原来python版本。如#!/usr/bin/python2.4

我本服务器的python升级到2.7.2后yum可正常使用。

3、安装pip

wget https://files.pythonhosted.org/packages/52/85/b160ebdaa84378df6bb0176d4eed9f57edca662446174eead7a9e2e566d6/pip-6.0.7.tar.gz
tar xfz pip-6.0.7.tar.gz
./configure
make
make install

4、开始安装证书

[root@WQ02 opt]# ./certbot-auto certonly --webroot -w /www1/abc/ -d www.abc.org.cn
Bootstrapping dependencies for RedHat-based OSes... (you can skip this with --no-bootstrap)
yum is /usr/bin/yum
yum is hashed (/usr/bin/yum)
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
 * epel: pubmirror2.math.uh.edu
Setting up Install Process
Package gcc-4.1.2-55.el5.x86_64 already installed and latest version
Package augeas-libs-1.2.0-1.el5.x86_64 already installed and latest version
Package augeas-libs-1.2.0-1.el5.i386 already installed and latest version
Package openssl-0.9.8e-40.el5_11.x86_64 already installed and latest version
Package openssl-0.9.8e-40.el5_11.i686 already installed and latest version
Package openssl-devel-0.9.8e-40.el5_11.x86_64 already installed and latest version
Package openssl-devel-0.9.8e-40.el5_11.i386 already installed and latest version
Package libffi-devel-3.0.5-1.el5.x86_64 already installed and latest version
Package libffi-devel-3.0.5-1.el5.i386 already installed and latest version
Package redhat-rpm-config-8.0.45-32.el5.centos.noarch already installed and latest version
No package ca-certificates available.
Package python-devel-2.4.3-56.el5.x86_64 already installed and latest version
Package python-devel-2.4.3-56.el5.i386 already installed and latest version
Package 1:python-virtualenv-1.7.2-2.el5.noarch already installed and latest version
Package python-tools-2.4.3-56.el5.x86_64 already installed and latest version
No package python-pip available.
Package 1:mod_ssl-2.2.22-jason.1.x86_64 already installed and latest version
Nothing to do
WARNING: unable to check for updates.
Creating virtual environment...
Traceback (most recent call last):
  File "/usr/lib/python2.4/site-packages/virtualenv.py", line 2441, in <module>
    main()
  File "/usr/lib/python2.4/site-packages/virtualenv.py", line 954, in main
    never_download=options.never_download)
  File "/usr/lib/python2.4/site-packages/virtualenv.py", line 1064, in create_environment
    search_dirs=search_dirs, never_download=never_download)
  File "/usr/lib/python2.4/site-packages/virtualenv.py", line 598, in install_setuptools
    search_dirs=search_dirs, never_download=never_download)
  File "/usr/lib/python2.4/site-packages/virtualenv.py", line 570, in _install_req
    cwd=cwd)
  File "/usr/lib/python2.4/site-packages/virtualenv.py", line 1032, in call_subprocess
    % (cmd_desc, proc.returncode))
OSError: Command /opt/eff.org/certbot/venv/bin/python2.7 -c "#!python
\"\"\"Bootstra...sys.argv[1:])
" --always-copy -U setuptools failed with error code 1

问题排查:问题是出现在Creating virtual environment...。即创建python虚拟环境时出错的。问题找到了那么手动提前安装好虚拟环境是不是就能解决问题呢?

执行手动安装

[root@WQ02 opt]#  pip install virtualenv
Collecting virtualenv
  Could not find any downloads that satisfy the requirement virtualenv
  No distributions at all found for virtualenv

还是失败,问题原因是没有找到对应的下载包。

尝试更改为国内的镜像站https://mirrors.tuna.tsinghua.edu.cn/help/pypi/。果然成功了。

[root@WQ02 opt]# pip install -i https://pypi.tuna.tsinghua.edu.cn/simple virtualenv
Collecting virtualenv
  Downloading https://pypi.tuna.tsinghua.edu.cn/packages/6a/d1/e0d142ce7b8a5c76adbfad01d853bca84c7c0240e35577498e20bc2ade7d/virtualenv-16.2.0
-py2.py3-none-any.whl (1.9MB)    100% |################################| 1.9MB 147kB/s 
Collecting setuptools>=18.0.0 (from virtualenv)
  Downloading https://pypi.tuna.tsinghua.edu.cn/packages/37/06/754589caf971b0d2d48f151c2586f62902d93dc908e2fd9b9b9f6aa3c9dd/setuptools-40.6.3
-py2.py3-none-any.whl (573kB)    100% |################################| 573kB 252kB/s 
Installing collected packages: setuptools, virtualenv
  Found existing installation: setuptools 12.0.3
    Uninstalling setuptools-12.0.3:
      Successfully uninstalled setuptools-12.0.3

将国内的镜像站设为默认。先升级pip到最新版本,然后配置config设置。

[root@WQ02 opt]# pip install -i https://pypi.tuna.tsinghua.edu.cn/simple virtualenv pip -U
[root@WQ02 opt]# pip config set global.index-url https://pypi.tuna.tsinghua.edu.cn/simple
Writing to /root/.config/pip/pip.conf

5、一切OK,继续安装证书。

[root@WQ02 opt]# ./certbot-auto certonly --webroot -w /www1/abc/ -d www.abc.org.cn
WARNING: unable to check for updates.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): abc@163.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.dxaldqrmyy.org.cn
Using the webroot path /www1/abc for all unmatched domains.
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/www.abc.org.cn/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/www.abc.org.cn/privkey.pem
   Your cert will expire on 2019-04-21. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot-auto
   again. To non-interactively renew *all* of your certificates, run
   "certbot-auto renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

后续配置方法参考:

1、CentOS系统Nginx配置免费https证书

2、CentOS配置Https

3、Nginx+Tomcat实现免费https访问

© 著作权归作者所有

共有 人打赏支持
m_lm
粉丝 0
博文 19
码字总数 6117
作品 0
哈尔滨
私信 提问
https的第三步之配置nginx

背景 由于前两步需要去阿里云或者又拍云上购买证书才可以 但是对于需要在对应可行性进行分析&配置更新上 决定先使用Let’s Encrypt进行证书的签名和部署【免费蛋糕不用白不用~】 Let's Encr...

Mr_Qi
2018/02/15
0
0
开启全站HTTPS时代-Nginx SSL+tomcat集群

目录: 1、凭证申请 Let’s Encrypt 2、Nginx支持多域名ssl证书 3、Nginx强制使用https访问(http跳转到https) 4、配置 Tomcat SSL For Free 免费 SSL 凭证申请 Let’s Encrypt 什么是Let’s...

Javen205
2017/11/18
0
0
用Certbot自动生成免费的Let's Encrypt Https证书

一、怎样遇到Let's Encrypt 青橘子(qjuzi.com)需要搭建一个健壮的后端,希望采用安全的HTTPS协议,多方寻找,申请过免费证书,就在要准备购买阿里代理的证书时,发现了Let's Encrypt。 二、什...

花有信
2017/11/03
0
0
Let's Encrypt 使用教程,免费的SSL证书,让你的网站拥抱 HTTPS

这篇文章主要讲的就是如何让自己的网站免费从HTTP升级为HTTPS,使用的是 Let's Encrypt的证书。实际上也就是一个Let's Encrypt 免费证书获取教程 。 为什么要上HTTPS,说一个小故事。 从前有...

yzy121403725
2017/11/14
0
0
Let’s Encrypt 推动了 HTTPS 的普及

如今的互联网暗潮涌动,陷阱无数,HTTPS 可以帮助你抵御部分陷阱。然而 HTTPS 的生态系统严重依赖于CA,而 CA 有着多个令人诟病的问题:证书昂贵;不透明;安全问题严重,比如被入侵签发假证...

达尔文
2016/11/05
2K
11

没有更多内容

加载失败,请刷新页面

加载更多

RabbitMQ入门

RabbitMQ是一个由erlang开发的基于AMQP(Advanced Message Queue)协议的开源实现。用于在分布式系统中存储转发消息,在易用性、扩展性、高可用性等方面都非常的优秀。是当前最主流的消息中间...

watermelon11
今天
14
0
今天的学习

自动加载:方法一 function __autoload( $className ){在这里,完成加载B这个类文件的工作。}class A{} //这是一个类$a1 = new A(); //这里没有自动加载的发生,因为A这个类...

墨冥
今天
2
0
印刷工艺步骤

印刷厂从收到订单到交付整个流程,一般涉及到以下步骤 1.设计(经过软件如cdr,psd,ai等等设计需要印刷的名片,宣传单,画册等物料); 2.排版拼版(在电脑软件这区域完成); 3.出版、出硫...

focusone
昨天
2
0
virtualbox中安装ubuntu

virtualbox+ubuntu 安装virtualbox,当前版本是6.0.4 下载ubuntu安装盘,建议lubuntu,链接是http://mirrors.ustc.edu.cn/ubuntu-cdimage/lubuntu/releases/18.04.2/release/lubuntu-18.04.......

chuqq
昨天
5
0
exists 谓词的子查询

https://blog.csdn.net/qq_19782019/article/details/78730882

仟昭
昨天
4
0

没有更多内容

加载失败,请刷新页面

加载更多

返回顶部
顶部