{"id":2704,"date":"2015-12-07T23:24:00","date_gmt":"2015-12-07T15:24:00","guid":{"rendered":"http:\/\/blog.pighead.cc\/whsyu\/?p=2704"},"modified":"2016-02-16T18:26:23","modified_gmt":"2016-02-16T10:26:23","slug":"lets-encrypt-freebsd","status":"publish","type":"post","link":"https:\/\/blog.pighead.cc\/whsyu\/2015\/12\/07\/lets-encrypt-freebsd\/","title":{"rendered":"Let&#8217;s Encrypt + FreeBSD"},"content":{"rendered":"<p class=\"bb-post-separator\"><strong>[\u83ef\u8a9e, cmn-Hant-TW]  <\/strong><\/p><p>\u514d\u8cbb\u7684 SSL &#8211; <a href=\"https:\/\/letsencrypt.org\/\">Let&#8217;s Encrypt<\/a> \u7d42\u65bc\u5230\u4e86\u516c\u6e2c\u968e\u6bb5\uff0c\u5176\u5be6\u4e4b\u524d\u5c01\u6e2c\u7684\u6642\u5019\u5c31\u6709\u5148\u8a66\u73a9\u770b\u770b\uff0c\u662f\u53ef\u4ee5\u7528\u5566\u4e0d\u904e\u554f\u984c\u6bd4\u8f03\u591a\uff0c\u8981\u4e00\u4e9b\u5c0f\u6280\u5de7\u9084\u6709\u8a2d\u5b9a\u624d\u80fd\u8dd1\uff0c\u800c\u4e14 FreeBSD \u7684 ports \u4e5f\u9084\u6c92\u51fa\u4f86\uff0c\u73fe\u5728\u7684\u8a71\u6709\u9032 ports \u7528\u8d77\u4f86\u5c31\u65b9\u4fbf\u5f88\u591a\uff0c\u76f4\u63a5\u88dd security\/py-letsencrypt \u5c31\u53ef\u4ee5\u7528\u4e86<\/p>\n<p>\u88dd\u597d\u4e4b\u5f8c\u57f7\u884c <code>letsencrypt certonly<\/code>\uff0c\u8f38\u5165 e-mail \u8ddf\u8981\u7533\u8acb\u7684\u7db2\u57df\u5c31\u53ef\u4ee5\u4e86\uff0c\u7533\u8acb\u7684\u904e\u7a0b\u9700\u8981\u7528 80 port \u4f86\u9a57\u8b49\uff0c\u6240\u4ee5\u8981\u5148\u628a\u7db2\u9801\u4f3a\u670d\u5668\u66ab\u6642\u95dc\u6389\uff0c\u7136\u5f8c\u7576\u7136\u8981\u7533\u8acb\u7684\u7db2\u5740\u4e5f\u8981\u78ba\u5be6\u6709\u6307\u5230\u9019\u53f0\u6a5f\u5668\u4e0a\uff0c\u9019\u6a23\u624d\u80fd\u9a57\u8b49\u6210\u529f\uff0c\u5982\u679c\u9806\u5229\u7684\u8a71\u61c9\u8a72\u5e7e\u79d2\u9418\u5c31\u7533\u8acb\u5b8c\u6210\u4e86<\/p>\n<p>\u5728 FreeBSD \u4e0b\u66ab\u6642\u9084\u6c92\u6709\u652f\u63f4 apache \u8ddf nginx \u7684\u6574\u5408\uff0c\u6240\u4ee5\u9019\u908a\u8981\u81ea\u5df1\u5f04\uff0c\u6240\u6709 letsencrypt \u7684\u6a94\u6848\u90fd\u6703\u653e\u5728 \/usr\/local\/etc\/letsencrypt \u7684\u76ee\u9304\u4e0b\uff0c\u4ee5 pighead.cc \u7db2\u57df\u4f86\u7576\u4f8b\u5b50\u7684\u8a71\uff0c\u5c31\u6703\u653e\u5728\u00a0\/usr\/local\/etc\/letsencrypt\/live\/pighead.cc\/\uff0c\u88e1\u9762\u6703\u6709 symbolic link \u5efa\u597d\u7684\u00a0cert.pem chain.pem fullchain.pem privkey.pem\uff0c\u6a94\u6848\uff0c\u770b\u540d\u5b57\u5927\u6982\u5c31\u6703\u77e5\u9053\u5e79\u561b\u7528\u7684\u4e86\uff0c\u4ee5 apache \u7684\u8a2d\u5b9a\u4f86\u8b1b\uff0cSSL \u7684\u90e8\u4efd\u5c31\u8981\u8a2d\u6210<\/p>\n<pre lang=\"bash\">SSLEngine on\r\nSSLCertificateFile      \/usr\/local\/etc\/letsencrypt\/live\/pighead.cc\/cert.pem\r\nSSLCertificateKeyFile   \/usr\/local\/etc\/letsencrypt\/live\/pighead.cc\/privkey.pem\r\nSSLCertificateChainFile \/usr\/local\/etc\/letsencrypt\/live\/pighead.cc\/chain.pem\r\n<\/pre>\n<p>\u9019\u6a23\u61c9\u8a72\u5c31\u53ef\u4ee5\u52d5\u4e86\uff0c\u8981\u6ce8\u610f\u7684\u662f\u9019\u500b cert \u53ea\u6709 90 \u5929\u7684\u6709\u6548\u671f\u9650\uff0c\u6240\u4ee5\u6642\u9593\u5230\u4e4b\u524d\u8981\u8a18\u5f97 renew\uff0c\u4e0d\u904e\u9084\u597d let&#8217;s encrypt \u6703\u9019\u6a23\u8a2d\u8a08\u5c31\u662f\u56e0\u70ba renew \u8d85\u65b9\u4fbf\uff0c\u5176\u672c\u4e0a\u4e00\u500b\u6307\u4ee4\u5c31\u53ef\u4ee5\u5b8c\u6210\uff0c\u6240\u4ee5\u4e1f crontab \u6216\u662f\u66f4\u65b0\u7684\u6642\u5019\u9806\u624b\u5f04\u4e00\u4e0b\u5c31\u53ef\u4ee5\u4e86<\/p>\n<p>\u6574\u9ad4\u800c\u8a00\u4f7f\u7528\u8d77\u4f86\u9084\u883b\u8b93\u4eba\u6eff\u610f\u7684\uff0c\u8001\u5be6\u8aaa\u514d\u8cbb\u9084\u662f\u5176\u6b21\uff0c\u4e0d\u7528\u586b\u90a3\u5806\u6709\u7684\u6c92\u7684\u5c31\u80fd\u5feb\u901f\u4f7f\u7528 SSL \u624d\u662f\u771f\u6b63\u5438\u5f15\u4eba\u7684\u5730\u65b9<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[\u83ef\u8a9e, cmn-Hant-TW] \u514d\u8cbb\u7684 SSL &#8211; Let&#8217;s Encrypt \u7d42\u65bc\u5230\u4e86\u516c\u6e2c\u968e\u6bb5\uff0c\u5176\u5be6\u4e4b\u524d\u5c01\u6e2c\u7684\u6642\u5019\u5c31\u6709\u5148\u8a66\u73a9\u770b\u770b\uff0c\u662f\u53ef\u4ee5\u7528\u5566\u4e0d\u904e\u554f\u984c\u6bd4\u8f03\u591a\uff0c\u8981\u4e00\u4e9b\u5c0f\u6280\u5de7\u9084\u6709\u8a2d\u5b9a\u624d\u80fd\u8dd1\uff0c\u800c\u4e14 FreeBSD \u7684 ports \u4e5f\u9084\u6c92\u51fa\u4f86\uff0c\u73fe\u5728\u7684\u8a71\u6709\u9032 ports \u7528\u8d77\u4f86\u5c31\u65b9\u4fbf\u5f88\u591a\uff0c\u76f4\u63a5\u88dd security\/py-letsencrypt \u5c31\u53ef\u4ee5\u7528\u4e86 \u88dd\u597d\u4e4b\u5f8c\u57f7\u884c letsencrypt certonly\uff0c\u8f38\u5165 e-mail \u8ddf\u8981\u7533\u8acb\u7684\u7db2\u57df\u5c31\u53ef\u4ee5\u4e86\uff0c\u7533\u8acb\u7684\u904e\u7a0b\u9700\u8981\u7528 80 port \u4f86\u9a57\u8b49\uff0c\u6240\u4ee5\u8981\u5148\u628a\u7db2\u9801\u4f3a\u670d\u5668\u66ab\u6642\u95dc\u6389\uff0c\u7136\u5f8c\u7576\u7136\u8981\u7533\u8acb\u7684\u7db2\u5740\u4e5f\u8981\u78ba\u5be6\u6709\u6307\u5230\u9019\u53f0\u6a5f\u5668\u4e0a\uff0c\u9019\u6a23\u624d\u80fd\u9a57\u8b49\u6210\u529f\uff0c\u5982\u679c\u9806\u5229\u7684\u8a71\u61c9\u8a72\u5e7e\u79d2\u9418\u5c31\u7533\u8acb\u5b8c\u6210\u4e86 \u5728 FreeBSD \u4e0b\u66ab\u6642\u9084\u6c92\u6709\u652f\u63f4 apache \u8ddf nginx \u7684\u6574\u5408\uff0c\u6240\u4ee5\u9019\u908a\u8981\u81ea\u5df1\u5f04\uff0c\u6240\u6709 letsencrypt \u7684\u6a94\u6848\u90fd\u6703\u653e\u5728 \/usr\/local\/etc\/letsencrypt \u7684\u76ee\u9304\u4e0b\uff0c\u4ee5 pighead.cc \u7db2\u57df\u4f86\u7576\u4f8b\u5b50\u7684\u8a71\uff0c\u5c31\u6703\u653e\u5728\u00a0\/usr\/local\/etc\/letsencrypt\/live\/pighead.cc\/\uff0c\u88e1\u9762\u6703\u6709 symbolic link \u5efa\u597d\u7684\u00a0cert.pem&hellip; <\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[13,4591,4287],"class_list":["post-2704","post","type-post","status-publish","format-standard","hentry","category-freebsd","tag-apache","tag-freebsd","tag-ssl"],"_links":{"self":[{"href":"https:\/\/blog.pighead.cc\/whsyu\/wp-json\/wp\/v2\/posts\/2704","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.pighead.cc\/whsyu\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.pighead.cc\/whsyu\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.pighead.cc\/whsyu\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.pighead.cc\/whsyu\/wp-json\/wp\/v2\/comments?post=2704"}],"version-history":[{"count":6,"href":"https:\/\/blog.pighead.cc\/whsyu\/wp-json\/wp\/v2\/posts\/2704\/revisions"}],"predecessor-version":[{"id":2722,"href":"https:\/\/blog.pighead.cc\/whsyu\/wp-json\/wp\/v2\/posts\/2704\/revisions\/2722"}],"wp:attachment":[{"href":"https:\/\/blog.pighead.cc\/whsyu\/wp-json\/wp\/v2\/media?parent=2704"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.pighead.cc\/whsyu\/wp-json\/wp\/v2\/categories?post=2704"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.pighead.cc\/whsyu\/wp-json\/wp\/v2\/tags?post=2704"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}