-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path37d1b4ef.07fccd20.js
More file actions
1 lines (1 loc) · 25.9 KB
/
37d1b4ef.07fccd20.js
File metadata and controls
1 lines (1 loc) · 25.9 KB
1
(window.webpackJsonp=window.webpackJsonp||[]).push([[17],{83:function(e,t,a){"use strict";a.r(t),a.d(t,"frontMatter",(function(){return o})),a.d(t,"metadata",(function(){return b})),a.d(t,"rightToc",(function(){return s})),a.d(t,"default",(function(){return p}));var n=a(2),c=a(6),l=(a(0),a(130)),r=a(149),i=a(150),o={layout:"wiki",title:"\u8bc1\u4e66\u914d\u7f6e\u8bf4\u660e"},b={unversionedId:"prepare/cert",id:"prepare/cert",isDocsHomePage:!1,title:"\u8bc1\u4e66\u914d\u7f6e\u8bf4\u660e",description:"\u7531\u4e8e\u97f3\u89c6\u9891\u4f7f\u7528webrtc,\u800cchrome\u4ec5\u4ec5\u9700\u8981\u652f\u6301https\u7684\u7f51\u7ad9\u4f7f\u7528webRTC.\u56e0\u4e3aweb\u7aef\u9700\u8981\u652f\u6301https.\u672c\u6587\u4e3b\u8981\u8bf4\u660e\u5982\u4f55\u5229\u7528\u8bc1\u4e66\u6587\u4ef6\u751f\u6210jks.",source:"@site/docs/prepare/cert.md",slug:"/prepare/cert",permalink:"/docs/prepare/cert",version:"current",sidebar:"docs",previous:{title:"Minio\u57fa\u672c\u5b89\u88c5\u8bf4\u660e",permalink:"/docs/prepare/minio"},next:{title:"Nginx\u5b89\u88c5\u914d\u7f6e\u8bf4\u660e",permalink:"/docs/prepare/nginx"}},s=[{value:"\u514d\u8d39\u6cdb\u57df\u540d\u57df\u540d\u8bc1\u4e66\u7533\u8bf7",id:"\u514d\u8d39\u6cdb\u57df\u540d\u57df\u540d\u8bc1\u4e66\u7533\u8bf7",children:[{value:"\u5b89\u88c5Certbot",id:"\u5b89\u88c5certbot",children:[]},{value:"\u7b7e\u53d1\u6cdb\u57df\u540d\u8bc1\u4e66",id:"\u7b7e\u53d1\u6cdb\u57df\u540d\u8bc1\u4e66",children:[]}]},{value:"\u7533\u8bf7\u8bc1\u4e66",id:"\u7533\u8bf7\u8bc1\u4e66",children:[]},{value:"\u57df\u540d\u7eed\u671f",id:"\u57df\u540d\u7eed\u671f",children:[{value:"\u6821\u9a8c\u7eed\u671f",id:"\u6821\u9a8c\u7eed\u671f",children:[]},{value:"\u811a\u672c\u7eed\u671f",id:"\u811a\u672c\u7eed\u671f",children:[]},{value:"Dry-Run",id:"dry-run",children:[]},{value:"\u6b63\u5f0f\u7eed\u671f",id:"\u6b63\u5f0f\u7eed\u671f",children:[]}]},{value:"\u751f\u6210JKS",id:"\u751f\u6210jks",children:[{value:"KeyManager\u901a\u8fc7Cert\u751f\u6210jks",id:"keymanager\u901a\u8fc7cert\u751f\u6210jks",children:[]}]},{value:"\u53c2\u8003\u6587\u6863",id:"\u53c2\u8003\u6587\u6863",children:[]}],d={rightToc:s};function p(e){var t=e.components,a=Object(c.a)(e,["components"]);return Object(l.b)("wrapper",Object(n.a)({},d,a,{components:t,mdxType:"MDXLayout"}),Object(l.b)("p",null,"\u7531\u4e8e\u97f3\u89c6\u9891\u4f7f\u7528webrtc,\u800cchrome\u4ec5\u4ec5\u9700\u8981\u652f\u6301https\u7684\u7f51\u7ad9\u4f7f\u7528webRTC.\u56e0\u4e3aweb\u7aef\u9700\u8981\u652f\u6301https.\u672c\u6587\u4e3b\u8981\u8bf4\u660e\u5982\u4f55\u5229\u7528\u8bc1\u4e66\u6587\u4ef6\u751f\u6210",Object(l.b)("inlineCode",{parentName:"p"},"jks"),"."),Object(l.b)("h2",{id:"\u514d\u8d39\u6cdb\u57df\u540d\u57df\u540d\u8bc1\u4e66\u7533\u8bf7"},"\u514d\u8d39\u6cdb\u57df\u540d\u57df\u540d\u8bc1\u4e66\u7533\u8bf7"),Object(l.b)("div",{className:"admonition admonition-note alert alert--secondary"},Object(l.b)("div",Object(n.a)({parentName:"div"},{className:"admonition-heading"}),Object(l.b)("h5",{parentName:"div"},Object(l.b)("span",Object(n.a)({parentName:"h5"},{className:"admonition-icon"}),Object(l.b)("svg",Object(n.a)({parentName:"span"},{xmlns:"http://www.w3.org/2000/svg",width:"14",height:"16",viewBox:"0 0 14 16"}),Object(l.b)("path",Object(n.a)({parentName:"svg"},{fillRule:"evenodd",d:"M6.3 5.69a.942.942 0 0 1-.28-.7c0-.28.09-.52.28-.7.19-.18.42-.28.7-.28.28 0 .52.09.7.28.18.19.28.42.28.7 0 .28-.09.52-.28.7a1 1 0 0 1-.7.3c-.28 0-.52-.11-.7-.3zM8 7.99c-.02-.25-.11-.48-.31-.69-.2-.19-.42-.3-.69-.31H6c-.27.02-.48.13-.69.31-.2.2-.3.44-.31.69h1v3c.02.27.11.5.31.69.2.2.42.31.69.31h1c.27 0 .48-.11.69-.31.2-.19.3-.42.31-.69H8V7.98v.01zM7 2.3c-3.14 0-5.7 2.54-5.7 5.68 0 3.14 2.56 5.7 5.7 5.7s5.7-2.55 5.7-5.7c0-3.15-2.56-5.69-5.7-5.69v.01zM7 .98c3.86 0 7 3.14 7 7s-3.14 7-7 7-7-3.12-7-7 3.14-7 7-7z"})))),"note")),Object(l.b)("div",Object(n.a)({parentName:"div"},{className:"admonition-content"}),Object(l.b)("p",{parentName:"div"},"\u4ee5\u4e0b\u4f7f\u7528unbutu18.04\u8fdb\u884c\u7533\u8bf7"))),Object(l.b)("h3",{id:"\u5b89\u88c5certbot"},"\u5b89\u88c5Certbot"),Object(l.b)("ul",null,Object(l.b)("li",{parentName:"ul"},"\u6dfb\u52a0\u8f6f\u4ef6\u6e90")),Object(l.b)("pre",null,Object(l.b)("code",Object(n.a)({parentName:"pre"},{className:"language-shell"}),"apt install software-properties-common -y && add-apt-repository ppa:certbot/certbot -y\n")),Object(l.b)("ul",null,Object(l.b)("li",{parentName:"ul"},"\u5b89\u88c5 Certbot")),Object(l.b)("pre",null,Object(l.b)("code",Object(n.a)({parentName:"pre"},{className:"language-shell"}),"apt update && apt install python-certbot-nginx -y\n")),Object(l.b)("h3",{id:"\u7b7e\u53d1\u6cdb\u57df\u540d\u8bc1\u4e66"},"\u7b7e\u53d1\u6cdb\u57df\u540d\u8bc1\u4e66"),Object(l.b)("pre",null,Object(l.b)("code",Object(n.a)({parentName:"pre"},{className:"language-shell"}),"certbot certonly \\\n--email i@timelate.com \\\n--agree-tos \\\n--preferred-challenges dns \\\n--server https://acme-v02.api.letsencrypt.org/directory \\\n--manual \\\n-d lattecloud.cc \\\n-d *.lattecloud.cc\n")),Object(l.b)("div",{className:"admonition admonition-note alert alert--secondary"},Object(l.b)("div",Object(n.a)({parentName:"div"},{className:"admonition-heading"}),Object(l.b)("h5",{parentName:"div"},Object(l.b)("span",Object(n.a)({parentName:"h5"},{className:"admonition-icon"}),Object(l.b)("svg",Object(n.a)({parentName:"span"},{xmlns:"http://www.w3.org/2000/svg",width:"14",height:"16",viewBox:"0 0 14 16"}),Object(l.b)("path",Object(n.a)({parentName:"svg"},{fillRule:"evenodd",d:"M6.3 5.69a.942.942 0 0 1-.28-.7c0-.28.09-.52.28-.7.19-.18.42-.28.7-.28.28 0 .52.09.7.28.18.19.28.42.28.7 0 .28-.09.52-.28.7a1 1 0 0 1-.7.3c-.28 0-.52-.11-.7-.3zM8 7.99c-.02-.25-.11-.48-.31-.69-.2-.19-.42-.3-.69-.31H6c-.27.02-.48.13-.69.31-.2.2-.3.44-.31.69h1v3c.02.27.11.5.31.69.2.2.42.31.69.31h1c.27 0 .48-.11.69-.31.2-.19.3-.42.31-.69H8V7.98v.01zM7 2.3c-3.14 0-5.7 2.54-5.7 5.68 0 3.14 2.56 5.7 5.7 5.7s5.7-2.55 5.7-5.7c0-3.15-2.56-5.69-5.7-5.69v.01zM7 .98c3.86 0 7 3.14 7 7s-3.14 7-7 7-7-3.12-7-7 3.14-7 7-7z"})))),"note")),Object(l.b)("div",Object(n.a)({parentName:"div"},{className:"admonition-content"}),Object(l.b)("p",{parentName:"div"},"\u6ce8\u610f\uff0c\u4ee5\u4e0a\u547d\u4ee4\u9700\u8981\u5168\u90e8\u590d\u5236\uff0c\u5728\u7ec8\u7aef\u4e2d\u4e00\u8d77\u6267\u884c"))),Object(l.b)("ul",null,Object(l.b)("li",{parentName:"ul"},Object(l.b)("inlineCode",{parentName:"li"},"certonly")," \uff0c\u83b7\u53d6\u6216\u66f4\u65b0\u8bc1\u4e66\uff0c\u4f46\u662f\u4e0d\u5b89\u88c5\u5230\u672c\u673a"),Object(l.b)("li",{parentName:"ul"},Object(l.b)("inlineCode",{parentName:"li"},"--email")," \uff0c\u63a5\u6536\u6709\u5173\u8d26\u6237\u7684\u91cd\u8981\u901a\u77e5\u7684\u90ae\u7bb1\u5730\u5740\uff0c\u975e\u5fc5\u8981\uff0c\u5efa\u8bae\u6700\u597d\u5e26\u4e0a"),Object(l.b)("li",{parentName:"ul"},Object(l.b)("inlineCode",{parentName:"li"},"--agree-tos")," \uff0c\u540c\u610f ACME \u670d\u52a1\u5668\u7684\u8ba2\u9605\u534f\u8bae"),Object(l.b)("li",{parentName:"ul"},Object(l.b)("inlineCode",{parentName:"li"},"--preferred-challenges dns")," \uff0c\u4ee5 DNS Plugins \u7684\u65b9\u5f0f\u8fdb\u884c\u9a8c\u8bc1"),Object(l.b)("li",{parentName:"ul"},Object(l.b)("inlineCode",{parentName:"li"},"--server https://acme-v02.api.letsencrypt.org/directory")," \uff0c\u6307\u5b9a\u9a8c\u8bc1\u670d\u52a1\u5668\u5730\u5740\u4e3a acme-v02 \u7684\uff0c\u56e0\u4e3a\u9ed8\u8ba4\u7684\u670d\u52a1\u5668\u5730\u5740\u662f acme-v01 \u7684\uff0c\u4e0d\u652f\u6301\u901a\u914d\u7b26\u9a8c\u8bc1"),Object(l.b)("li",{parentName:"ul"},Object(l.b)("inlineCode",{parentName:"li"},"--manual")," \uff0c\u91c7\u7528\u624b\u52a8\u4ea4\u4e92\u5f0f\u7684\u65b9\u5f0f\u9a8c\u8bc1"),Object(l.b)("li",{parentName:"ul"},Object(l.b)("inlineCode",{parentName:"li"},"--d lattecloud.cc")," \uff0c\u6307\u5b9a\u8981\u9a8c\u8bc1\u7684\u57df\u540d\u3002\u6ce8\u610f\uff0c\u4e0d\u5e26 www \u7684\u4e00\u7ea7\u57df\u540d lattecloud.cc\u548c\u901a\u914d\u7b26\u4e8c\u7ea7\u57df\u540d ",Object(l.b)("em",{parentName:"li"},".lattecloud.cc \u90fd\u8981\u5199\uff0c\u5982\u679c\u53ea\u5199 "),".lattecloud.cc \uff0c\u751f\u6210\u7684\u8bc1\u4e66\u662f\u65e0\u6cd5\u8bc6\u522b lattecloud.cc \u7684")),Object(l.b)("p",null,"\u547d\u4ee4\u6267\u884c\u540e\u7ec8\u7aef\u8fd4\u56de\u4fe1\u606f\u5982\u4e0b\uff0c\u8be2\u95ee\u662f\u5426\u540c\u610f\u8bb0\u5f55\u7533\u8bf7\u8bc1\u4e66\u670d\u52a1\u5668\u7684 IP \uff0c\u8f93\u5165 ",Object(l.b)("inlineCode",{parentName:"p"},"Y")," \uff0c\u56de\u8f66"),Object(l.b)("pre",null,Object(l.b)("code",Object(n.a)({parentName:"pre"},{className:"language-shell"}),"Saving debug log to /var/log/letsencrypt/letsencrypt.log\nPlugins selected: Authenticator manual, Installer None\nObtaining a new certificate\nPerforming the following challenges:\ndns-01 challenge for lattecloud.cc\ndns-01 challenge for lattecloud.cc\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nNOTE: The IP of this machine will be publicly logged as having requested this\ncertificate. If you're running certbot in manual mode on a machine that is not\nyour server, please ensure you're okay with that.\n\nAre you OK with your IP being logged?\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n(Y)es/(N)o: Y\n")),Object(l.b)("p",null,"\u56de\u8f66\u540e\u7ec8\u7aef\u4e2d\u8fd4\u56de\u4fe1\u606f\u5982\u4e0b\uff0c\u8981\u6c42\u521b\u5efa\u4e00\u6761 TXT \u8bb0\u5f55\uff0c\u4ee5\u9a8c\u8bc1\u57df\u540d\u5f52\u5c5e\u3002\u5728\u57df\u540d\u670d\u52a1\u5546\u5904\u6dfb\u52a0\u76f8\u5e94\u7684 TXT \u8bb0\u5f55\uff0c\u5e76\u9a8c\u8bc1\u662f\u5426\u89e3\u6790\u6210\u529f\u3002\u53ef\u4ee5\u5728\u53e6\u4e00\u4e2a SSH \u7a97\u53e3\u4e2d\u6267\u884c ",Object(l.b)("inlineCode",{parentName:"p"},"dig -t txt _acme-challenge.lattecloud.cc @8.8.8.8"),' \u547d\u4ee4\u67e5\u770b\u57df\u540d\u89e3\u6790\u60c5\u51b5\uff0c\u5982\u679c ANSWER SECTION \u4e2d\u6709 _acme-challenge.lattecloud.cc. 299 IN TXT "73kvVAMvFGenzJE_spiVbDV2Ivpz3tGnDJT8UObQxdE" \uff0c\u8bf4\u660e\u89e3\u6790\u751f\u6548\u3002\u89e3\u6790\u751f\u6548\u540e\u56de\u8f66\uff0c\u8fdb\u884c\u4e0b\u4e00\u6b65\uff1a'),Object(l.b)("pre",null,Object(l.b)("code",Object(n.a)({parentName:"pre"},{className:"language-shell"}),"Please deploy a DNS TXT record under the name\n_acme-challenge.lattecloud.cc with the following value:\n\n73kvVAMvFGenzJE_spiVbDV2Ivpz3tGnDJT8UObQxdE\n\nBefore continuing, verify the record is deployed.\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nPress Enter to Continue\n")),Object(l.b)("p",null,"\u56de\u8f66\u540e\u7ec8\u7aef\u8fd4\u56de\u4fe1\u606f\u5982\u4e0b\uff0c\u8981\u6c42\u518d\u6dfb\u52a0\u4e00\u6761 TXT \u8bb0\u5f55\u3002\u56e0\u4e3a\u6211\u4eec\u5b9e\u9645\u8981\u4e3a ",Object(l.b)("inlineCode",{parentName:"p"},"lattecloud.cc")," \u548c ",Object(l.b)("inlineCode",{parentName:"p"},"*.lattecloud.cc")," \u4e24\u4e2a\u57df\u540d\u7b7e\u53d1\u8bc1\u4e66\uff0c\u56e0\u6b64\u9700\u8981\u6dfb\u52a0\u4e24\u6761 TXT \u8bb0\u5f55\u3002\u6dfb\u52a0\u5b8c\u8bb0\u5f55\u540e\u9a8c\u8bc1\u662f\u5426\u751f\u6548\uff0c\u751f\u6548\u540e\u56de\u8f66\u8fdb\u884c\u57df\u540d\u9a8c\u8bc1\u548c\u8bc1\u4e66\u7b7e\u53d1\u3002\u6ce8\u610f\uff0c\u6dfb\u52a0\u6b64\u6761 TXT \u8bb0\u5f55\u65f6\u4e0d\u8981\u4fee\u6539\u3001\u5220\u9664\u4e4b\u524d\u7684 TXT \u8bb0\u5f55\uff0c\u4e24\u6761\u8bb0\u5f55\u90fd\u8981\u4fdd\u6301\u751f\u6548\u72b6\u6001\uff1a"),Object(l.b)("pre",null,Object(l.b)("code",Object(n.a)({parentName:"pre"},{className:"language-shell"}),'Waiting for verification...\nCleaning up challenges\n\nIMPORTANT NOTES:\n - Congratulations! Your certificate and chain have been saved at:\n /etc/letsencrypt/live/lattecloud.cc/fullchain.pem\n Your key file has been saved at:\n /etc/letsencrypt/live/lattecloud.cc/privkey.pem\n Your cert will expire on 2020-05-24. To obtain a new or tweaked\n version of this certificate in the future, simply run certbot\n again. To non-interactively renew *all* of your certificates, run\n "certbot renew"\n - If you like Certbot, please consider supporting our work by:\n\n Donating to ISRG / Let\'s Encrypt: https://letsencrypt.org/donate\n Donating to EFF: https://eff.org/donate-le\n')),Object(l.b)("blockquote",null,Object(l.b)("p",{parentName:"blockquote"},"\u7b7e\u53d1\u7684\u6cdb\u57df\u540d\u8bc1\u4e66\u6709\u6548\u671f\u4e3a\u4e09\u4e2a\u6708\uff0c\u8bc1\u4e66\u5230\u671f\u524d\u9700\u8981\u7eed\u7b7e\u8bc1\u4e66\u3002\u8bc1\u4e66\u8def\u5f84\u5982\u4e0b")),Object(l.b)("pre",null,Object(l.b)("code",Object(n.a)({parentName:"pre"},{className:"language-shell"}),"certificate\uff1a /etc/letsencrypt/live/lattecloud.cc/fullchain.pem\nkey\uff1a /etc/letsencrypt/live/lattecloud.cc/privkey.pem\n")),Object(l.b)("h2",{id:"\u7533\u8bf7\u8bc1\u4e66"},"\u7533\u8bf7\u8bc1\u4e66"),Object(l.b)("div",{className:"admonition admonition-note alert alert--secondary"},Object(l.b)("div",Object(n.a)({parentName:"div"},{className:"admonition-heading"}),Object(l.b)("h5",{parentName:"div"},Object(l.b)("span",Object(n.a)({parentName:"h5"},{className:"admonition-icon"}),Object(l.b)("svg",Object(n.a)({parentName:"span"},{xmlns:"http://www.w3.org/2000/svg",width:"14",height:"16",viewBox:"0 0 14 16"}),Object(l.b)("path",Object(n.a)({parentName:"svg"},{fillRule:"evenodd",d:"M6.3 5.69a.942.942 0 0 1-.28-.7c0-.28.09-.52.28-.7.19-.18.42-.28.7-.28.28 0 .52.09.7.28.18.19.28.42.28.7 0 .28-.09.52-.28.7a1 1 0 0 1-.7.3c-.28 0-.52-.11-.7-.3zM8 7.99c-.02-.25-.11-.48-.31-.69-.2-.19-.42-.3-.69-.31H6c-.27.02-.48.13-.69.31-.2.2-.3.44-.31.69h1v3c.02.27.11.5.31.69.2.2.42.31.69.31h1c.27 0 .48-.11.69-.31.2-.19.3-.42.31-.69H8V7.98v.01zM7 2.3c-3.14 0-5.7 2.54-5.7 5.68 0 3.14 2.56 5.7 5.7 5.7s5.7-2.55 5.7-5.7c0-3.15-2.56-5.69-5.7-5.69v.01zM7 .98c3.86 0 7 3.14 7 7s-3.14 7-7 7-7-3.12-7-7 3.14-7 7-7z"})))),"note")),Object(l.b)("div",Object(n.a)({parentName:"div"},{className:"admonition-content"}),Object(l.b)("p",{parentName:"div"},"\u8fd9\u91cc\u91c7\u7528\u7684\u662f\u5f00\u6e90\u9879\u76ee\u8fdb\u884c\u7533\u8bf7,\u907f\u514d\u64cd\u4f5cdns.\u6ce8\u610f",Object(l.b)("inlineCode",{parentName:"p"},"au.sh"),"\u8981\u586b\u5199\u7edd\u5bf9\u8def\u5f84"))),Object(l.b)(r.a,{defaultValue:"cert-apply",values:[{label:"cert-apply",value:"cert-apply"},{label:"cert-apply-result",value:"cert-apply-result"}],mdxType:"Tabs"},Object(l.b)(i.a,{value:"cert-apply",mdxType:"TabItem"},Object(l.b)("pre",null,Object(l.b)("code",Object(n.a)({parentName:"pre"},{className:"language-shell"}),'certbot certonly -d *.fsharechat.cn --manual --preferred-challenges dns --manual-auth-hook "/data/certbot/certbot-letencrypt-wildcardcertificates-alydns-au/au.sh python aly add" --manual-cleanup-hook "/data/certbot/certbot-letencrypt-wildcardcertificates-alydns-au/au.sh python aly clean"\n'))),Object(l.b)(i.a,{value:"cert-apply-result",mdxType:"TabItem"},Object(l.b)("pre",null,Object(l.b)("code",Object(n.a)({parentName:"pre"},{className:"language-shell"}),"Saving debug log to /var/log/letsencrypt/letsencrypt.log\nPlugins selected: Authenticator manual, Installer None\nObtaining a new certificate\nPerforming the following challenges:\ndns-01 challenge for fsharechat.cn\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nNOTE: The IP of this machine will be publicly logged as having requested this\ncertificate. If you're running certbot in manual mode on a machine that is not\nyour server, please ensure you're okay with that.\n\nAre you OK with your IP being logged?\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n(Y)es/(N)o: y\nWaiting for verification...\nCleaning up challenges\n\nIMPORTANT NOTES:\n - Congratulations! Your certificate and chain have been saved at:\n /etc/letsencrypt/live/fsharechat.cn/fullchain.pem\n Your key file has been saved at:\n /etc/letsencrypt/live/fsharechat.cn/privkey.pem\n Your cert will expire on 2021-01-21. To obtain a new or tweaked\n version of this certificate in the future, simply run certbot\n again. To non-interactively renew *all* of your certificates, run\n \"certbot renew\"\n - If you like Certbot, please consider supporting our work by:\n\n Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate\n Donating to EFF: https://eff.org/donate-le\n")))),Object(l.b)("h2",{id:"\u57df\u540d\u7eed\u671f"},"\u57df\u540d\u7eed\u671f"),Object(l.b)("h3",{id:"\u6821\u9a8c\u7eed\u671f"},"\u6821\u9a8c\u7eed\u671f"),Object(l.b)("pre",null,Object(l.b)("code",Object(n.a)({parentName:"pre"},{className:"language-shell"}),"certbot-auto renew\n")),Object(l.b)("h3",{id:"\u811a\u672c\u7eed\u671f"},"\u811a\u672c\u7eed\u671f"),Object(l.b)("div",{className:"admonition admonition-note alert alert--secondary"},Object(l.b)("div",Object(n.a)({parentName:"div"},{className:"admonition-heading"}),Object(l.b)("h5",{parentName:"div"},Object(l.b)("span",Object(n.a)({parentName:"h5"},{className:"admonition-icon"}),Object(l.b)("svg",Object(n.a)({parentName:"span"},{xmlns:"http://www.w3.org/2000/svg",width:"14",height:"16",viewBox:"0 0 14 16"}),Object(l.b)("path",Object(n.a)({parentName:"svg"},{fillRule:"evenodd",d:"M6.3 5.69a.942.942 0 0 1-.28-.7c0-.28.09-.52.28-.7.19-.18.42-.28.7-.28.28 0 .52.09.7.28.18.19.28.42.28.7 0 .28-.09.52-.28.7a1 1 0 0 1-.7.3c-.28 0-.52-.11-.7-.3zM8 7.99c-.02-.25-.11-.48-.31-.69-.2-.19-.42-.3-.69-.31H6c-.27.02-.48.13-.69.31-.2.2-.3.44-.31.69h1v3c.02.27.11.5.31.69.2.2.42.31.69.31h1c.27 0 .48-.11.69-.31.2-.19.3-.42.31-.69H8V7.98v.01zM7 2.3c-3.14 0-5.7 2.54-5.7 5.68 0 3.14 2.56 5.7 5.7 5.7s5.7-2.55 5.7-5.7c0-3.15-2.56-5.69-5.7-5.69v.01zM7 .98c3.86 0 7 3.14 7 7s-3.14 7-7 7-7-3.12-7-7 3.14-7 7-7z"})))),"note")),Object(l.b)("div",Object(n.a)({parentName:"div"},{className:"admonition-content"}),Object(l.b)("p",{parentName:"div"},"\u8fd9\u91cc\u91c7\u7528\u4e00\u4e2a\u5f00\u6e90\u9879\u76ee\u63d0\u4f9b\u7684\u811a\u672c\u7eed\u671f,\u907f\u514d\u624b\u52a8\u6dfb\u52a0dns\u89e3\u6790,\u5177\u4f53\u914d\u7f6e\u53c2\u89c1",Object(l.b)("a",Object(n.a)({parentName:"p"},{href:"https://github.com/ywdblog/certbot-letencrypt-wildcardcertificates-alydns-au"}),"certbot-letencrypt-wildcardcertificates-alydns-au")))),Object(l.b)("h3",{id:"dry-run"},"Dry-Run"),Object(l.b)(r.a,{defaultValue:"dry-run",values:[{label:"dry-run",value:"dry-run"},{label:"dry-run-result",value:"dry-run-result"}],mdxType:"Tabs"},Object(l.b)(i.a,{value:"dry-run",mdxType:"TabItem"},Object(l.b)("pre",null,Object(l.b)("code",Object(n.a)({parentName:"pre"},{className:"language-shell"}),'certbot certonly -d *.comsince.cn --manual --preferred-challenges dns --dry-run --manual-auth-hook "/data/certbot/certbot-letencrypt-wildcardcertificates-alydns-au/au.sh python aly add" --manual-cleanup-hook "/data/certbot/certbot-letencrypt-wildcardcertificates-alydns-au/au.sh python aly clean"\n\n### \u901a\u914d\u7b26\u8bc1\u4e66\u4e3a *.example.com\uff0c\u5bf9example.com\u65e0\u6548\uff0c\u4f60\u9700\u8981\u901a\u8fc7Certbot\u7684Certbot\u7684-d\u6807\u5fd7\u6765\u540c\u65f6\u6dfb\u52a0\u5b83\u4eec \uff0c\u4f8b\u5982\uff1a\n\ncertbot certonly -d *.fsharechat.cn -d fsharechat.cn --manual --preferred-challenges dns --manual-auth-hook "/data/certbot/certbot-letencrypt-wildcardcertificates-alydns-au/au.sh python aly add" --manual-cleanup-hook "/data/certbot/certbot-letencrypt-wildcardcertificates-alydns-au/au.sh python aly clean"\n'))),Object(l.b)(i.a,{value:"dry-run-result",mdxType:"TabItem"},Object(l.b)("pre",null,Object(l.b)("code",Object(n.a)({parentName:"pre"},{className:"language-shell"}),"Saving debug log to /var/log/letsencrypt/letsencrypt.log\nPlugins selected: Authenticator manual, Installer None\nObtaining a new certificate\nPerforming the following challenges:\ndns-01 challenge for comsince.cn\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nNOTE: The IP of this machine will be publicly logged as having requested this\ncertificate. If you're running certbot in manual mode on a machine that is not\nyour server, please ensure you're okay with that.\n\nAre you OK with your IP being logged?\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n(Y)es/(N)o: y\nWaiting for verification...\nCleaning up challenges\n\nIMPORTANT NOTES:\n - The dry run was successful.\n")))),Object(l.b)("h3",{id:"\u6b63\u5f0f\u7eed\u671f"},"\u6b63\u5f0f\u7eed\u671f"),Object(l.b)(r.a,{defaultValue:"renew",values:[{label:"renew",value:"renew"},{label:"renew-result",value:"renew-result"}],mdxType:"Tabs"},Object(l.b)(i.a,{value:"renew",mdxType:"TabItem"},Object(l.b)("pre",null,Object(l.b)("code",Object(n.a)({parentName:"pre"},{className:"language-shell"}),'certbot renew --cert-name comsince.cn --manual-auth-hook "/data/certbot/certbot-letencrypt-wildcardcertificates-alydns-au/au.sh python aly add" --manual-cleanup-hook "/data/certbot/certbot-letencrypt-wildcardcertificates-alydns-au/au.sh python aly clean"\n'))),Object(l.b)(i.a,{value:"renew-result",mdxType:"TabItem"},Object(l.b)("pre",null,Object(l.b)("code",Object(n.a)({parentName:"pre"},{className:"language-shell"}),"Saving debug log to /var/log/letsencrypt/letsencrypt.log\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nProcessing /etc/letsencrypt/renewal/comsince.cn.conf\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nCert is due for renewal, auto-renewing...\nPlugins selected: Authenticator manual, Installer None\nRenewing an existing certificate\nPerforming the following challenges:\ndns-01 challenge for comsince.cn\nWaiting for verification...\nCleaning up challenges\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nnew certificate deployed without reload, fullchain is\n/etc/letsencrypt/live/comsince.cn/fullchain.pem\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nCongratulations, all renewals succeeded. The following certs have been renewed:\n /etc/letsencrypt/live/comsince.cn/fullchain.pem (success)\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n")))),Object(l.b)("h2",{id:"\u751f\u6210jks"},"\u751f\u6210JKS"),Object(l.b)("div",{className:"admonition admonition-warning alert alert--danger"},Object(l.b)("div",Object(n.a)({parentName:"div"},{className:"admonition-heading"}),Object(l.b)("h5",{parentName:"div"},Object(l.b)("span",Object(n.a)({parentName:"h5"},{className:"admonition-icon"}),Object(l.b)("svg",Object(n.a)({parentName:"span"},{xmlns:"http://www.w3.org/2000/svg",width:"12",height:"16",viewBox:"0 0 12 16"}),Object(l.b)("path",Object(n.a)({parentName:"svg"},{fillRule:"evenodd",d:"M5.05.31c.81 2.17.41 3.38-.52 4.31C3.55 5.67 1.98 6.45.9 7.98c-1.45 2.05-1.7 6.53 3.53 7.7-2.2-1.16-2.67-4.52-.3-6.61-.61 2.03.53 3.33 1.94 2.86 1.39-.47 2.3.53 2.27 1.67-.02.78-.31 1.44-1.13 1.81 3.42-.59 4.78-3.42 4.78-5.56 0-2.84-2.53-3.22-1.25-5.61-1.52.13-2.03 1.13-1.89 2.75.09 1.08-1.02 1.8-1.86 1.33-.67-.41-.66-1.19-.06-1.78C8.18 5.31 8.68 2.45 5.05.32L5.03.3l.02.01z"})))),"warning")),Object(l.b)("div",Object(n.a)({parentName:"div"},{className:"admonition-content"}),Object(l.b)("p",{parentName:"div"},"\u670d\u52a1\u7aef\u8bc1\u4e66\u66f4\u65b0 \u5f53\u5237\u65b0\u4e86\u8bc1\u4e66,\u670d\u52a1\u7aefJks\u4e5f\u9700\u8981\u66f4\u65b0,\u4f7f\u7528",Object(l.b)("inlineCode",{parentName:"p"},"KeyManager"),",\u4f7f\u7528\u683c\u5f0f\u8f6c\u6362\u5de5\u5177,\u5bfc\u5165fullchain.pem,private.key\u5373\u53ef"))),Object(l.b)("h3",{id:"keymanager\u901a\u8fc7cert\u751f\u6210jks"},"KeyManager\u901a\u8fc7Cert\u751f\u6210jks"),Object(l.b)("p",null,Object(l.b)("img",Object(n.a)({parentName:"p"},{src:"https://media.comsince.cn/minio-bucket-image-name/keymanager-pem-setting.png",alt:"image"}))),Object(l.b)("ul",null,Object(l.b)("li",{parentName:"ul"},"keytool \u663e\u793ajks\u8be6\u7ec6\u4fe1\u606f")),Object(l.b)("pre",null,Object(l.b)("code",Object(n.a)({parentName:"pre"},{className:"language-shell"}),"keytool -list -keystore comsince.cn.jks \n\u8f93\u5165\u5bc6\u94a5\u5e93\u53e3\u4ee4: \n\n\u5bc6\u94a5\u5e93\u7c7b\u578b: JKS\n\u5bc6\u94a5\u5e93\u63d0\u4f9b\u65b9: SUN\n\n\u60a8\u7684\u5bc6\u94a5\u5e93\u5305\u542b 1 \u4e2a\u6761\u76ee\n\n1, 2020-7-31, PrivateKeyEntry, \n\u8bc1\u4e66\u6307\u7eb9 (SHA1): 02:72:5F:EB:86:D7:42:2B:58:5B:D9:F3:05:F3:E5:17:45:15:D6:A5\n\n")),Object(l.b)("ul",null,Object(l.b)("li",{parentName:"ul"},"\u751f\u6210truststore.jks")),Object(l.b)("pre",null,Object(l.b)("code",Object(n.a)({parentName:"pre"},{className:"language-shell"}),"keytool -import -alias certificatekey -file {\u516c\u94a5\u8bc1\u4e66} -keystore comsince.cn.trustkeystore.jks\n")),Object(l.b)("div",{className:"admonition admonition-note alert alert--secondary"},Object(l.b)("div",Object(n.a)({parentName:"div"},{className:"admonition-heading"}),Object(l.b)("h5",{parentName:"div"},Object(l.b)("span",Object(n.a)({parentName:"h5"},{className:"admonition-icon"}),Object(l.b)("svg",Object(n.a)({parentName:"span"},{xmlns:"http://www.w3.org/2000/svg",width:"14",height:"16",viewBox:"0 0 14 16"}),Object(l.b)("path",Object(n.a)({parentName:"svg"},{fillRule:"evenodd",d:"M6.3 5.69a.942.942 0 0 1-.28-.7c0-.28.09-.52.28-.7.19-.18.42-.28.7-.28.28 0 .52.09.7.28.18.19.28.42.28.7 0 .28-.09.52-.28.7a1 1 0 0 1-.7.3c-.28 0-.52-.11-.7-.3zM8 7.99c-.02-.25-.11-.48-.31-.69-.2-.19-.42-.3-.69-.31H6c-.27.02-.48.13-.69.31-.2.2-.3.44-.31.69h1v3c.02.27.11.5.31.69.2.2.42.31.69.31h1c.27 0 .48-.11.69-.31.2-.19.3-.42.31-.69H8V7.98v.01zM7 2.3c-3.14 0-5.7 2.54-5.7 5.68 0 3.14 2.56 5.7 5.7 5.7s5.7-2.55 5.7-5.7c0-3.15-2.56-5.69-5.7-5.69v.01zM7 .98c3.86 0 7 3.14 7 7s-3.14 7-7 7-7-3.12-7-7 3.14-7 7-7z"})))),"note")),Object(l.b)("div",Object(n.a)({parentName:"div"},{className:"admonition-content"}),Object(l.b)("p",{parentName:"div"},"\u516c\u94a5\u8bc1\u4e66\u5373\u4e3acertbot\u751f\u6210\u7684\u8def\u5f84\u5982\u4e0b: /etc/letsencrypt/live/comsince.cn/cert.pem"))),Object(l.b)("h2",{id:"\u53c2\u8003\u6587\u6863"},"\u53c2\u8003\u6587\u6863"),Object(l.b)("ul",null,Object(l.b)("li",{parentName:"ul"},Object(l.b)("a",Object(n.a)({parentName:"li"},{href:"https://www.timelate.com/archives/use-certbot-to-apply-and-install-letsencrypt-pan-domain-certificate.html"}),"Ubuntu 18.04 \u4f7f\u7528 Certbot \u7533\u8bf7\u5e76\u5b89\u88c5 Let's Encrypt \u6cdb\u57df\u540d\u8bc1\u4e66"))))}p.isMDXComponent=!0}}]);