{"id":2719,"date":"2016-02-16T18:25:55","date_gmt":"2016-02-16T10:25:55","guid":{"rendered":"http:\/\/blog.pighead.cc\/whsyu\/?p=2719"},"modified":"2016-09-15T07:52:46","modified_gmt":"2016-09-14T23:52:46","slug":"letsencrypt-sh","status":"publish","type":"post","link":"https:\/\/blog.pighead.cc\/whsyu\/2016\/02\/16\/letsencrypt-sh\/","title":{"rendered":"letsencrypt.sh"},"content":{"rendered":"<p class=\"bb-post-separator\"><strong>[\u83ef\u8a9e, cmn-Hant-TW]  <\/strong><\/p><p>\u4e4b\u524d\u5728<a href=\"http:\/\/blog.pighead.cc\/whsyu\/2015\/12\/07\/lets-encrypt-freebsd\/\">\u9019\u7bc7<\/a>\u63d0\u5230\u4e86 Let&#8217;s Encrypt \u7684 SSL\uff0c\u7528\u8d77\u4f86\u662f\u5f88\u958b\u5fc3\u6c92\u932f\uff0c\u4e0d\u904e\u56e0\u70ba\u5b98\u65b9\u7684 client \u662f\u7528 python \u5beb\u7684\uff0c\u5728 freebsd \u4e0b\u9762\u5f97\u88dd\u4e00\u5927\u5806 py27-* \u7684\u5957\u4ef6 (\u7576\u7136\uff0c\u5b89\u88dd security\/py-letsencrypt \u6642\u6703\u81ea\u52d5\u4e00\u8d77\u88ab\u88dd\u9032\u53bb\uff0c\u4e0d\u7528\u624b\u52d5\u4e00\u500b\u4e00\u500b\u88dd) \u624d\u80fd\u7528\uff0c\u7136\u5f8c\u7533\u8acb\u7684\u6642\u5019\u8981\u628a apache\/nginx \u95dc\u6389\u653e\u51fa 80 port\uff0c\u67d0\u7a2e\u7a0b\u5ea6\u4f86\u8b1b\u9084\u883b\u8b93\u4eba\u56f0\u64fe\u7684\uff0c\u5f8c\u4f86\u770b\u5230\u6709\u4eba\u7528 shell script \u5beb\u4e86\u4e00\u500b\u6bd4\u8f03\u6c92\u90a3\u9ebc\u80a5\u7684\u00a0<a href=\"https:\/\/github.com\/lukas2511\/letsencrypt.sh\">letsencrypt.sh<\/a>\uff0c\u4e3b\u8981\u5f97\u53e6\u5916\u5b89\u88dd curl \u800c\u5df2\uff0c\u4e5f\u4e0d\u7528\u95dc\u6389 apache\/nginx\uff0c\u770b\u8d77\u4f86\u883b\u7406\u60f3\u7684\uff0c\u800c\u4e14\u4e5f\u9032 FreeBSD \u7684 ports \u4e86 (security\/letsencrypt.sh)\uff0c\u6293\u4f86\u4e0b\u7528\u4e86\u4e00\u4e0b\u611f\u89ba\u9084\u4e0d\u932f\uff1a<\/p>\n<ol>\n<li>\u7528 ports \u5b89\u88dd\u7684\u8a71\u6a94\u6848\u9810\u8a2d\u6703\u653e\u5728 \/usr\/local\/etc\/letsencrypt.sh \u76ee\u9304\u4e0b\uff0c\u7136\u5f8c\u56e0\u70ba\u9810\u8a2d\u7684 $BASEDIR \u4e0d\u5728\u9019\u908a\uff0c\u6240\u4ee5\u5efa\u8b70\u624b\u52d5\u5efa\u4e00\u500b config.sh \u6a94\uff0c\u88e1\u9762\u52a0\u4e0a\u4e00\u884c\u00a0<span class=\"s1\">BASEDIR<\/span><span class=\"s2\">=<\/span><span class=\"s3\">&#8220;<\/span><span class=\"s4\">\/usr\/local\/etc\/letsencrypt.sh<\/span><span class=\"s3\">&#8220;\uff0c\u9019\u6a23\u7528\u8d77\u4f86\u6bd4\u8f03\u9806\u624b<\/span><\/li>\n<li>\u8981\u7533\u8acb\u7684\u7db2\u5740\u901a\u901a\u5beb\u5728 domains.txt \u88e1\u9762\uff0c\u9019\u500b\u8a2d\u8a08\u4e0d\u932f\uff0c\u9019\u53f0\u6a5f\u5668\u88e1\u9762\u7533\u8acb\u4e86\u54ea\u4e9b\u8a8d\u8b49\u4e00\u76ee\u4e86\u7136\uff0c\u4fee\u6539\u4e5f\u5f88\u65b9\u4fbf<\/li>\n<li>\u6240\u6709\u7533\u8acb\u4e0b\u4f86\u7684\u6a94\u6848\u90fd\u4e1f\u5728 certs \u4e0b\u9762\uff0c\u5c0d\u7167\u4e00\u4e0b\u540d\u5b57\u61c9\u8a72\u5f88\u5feb\u5c31\u80fd\u8a2d\u5b9a\u597d\u4e86<\/li>\n<li>\u4e0d\u7528\u95dc\u6389 apache\/nginx \u7684\u610f\u601d\u5c31\u662f\u7533\u8acb\u6642\u8981\u900f\u904e\u6b63\u5728\u807d 80 port \u7684\u7db2\u9801\u4f3a\u670d\u5668\u548c letsencrypt \u6e9d\u901a\uff0c\u9019\u908a\u5f97\u81ea\u5df1\u6539\u4f3a\u670d\u5668\u7684\u8a2d\u5b9a\uff0c\u628a \/.well-known\/acme-challenge\/ \u7db2\u5740 alias \u5230\u00a0\/usr\/local\/etc\/letsencrypt.sh\/.acme-challenges\/ \u76ee\u9304\uff0c\u6709\u7528 virtualhost \u7684\u8a71\u53ef\u4ee5\u53c3\u8003<a href=\"http:\/\/serverfault.com\/questions\/744220\/global-apache-alias-ignoring-virtual-hosts\/744252#744252\">\u9019\u7bc7<\/a>\u7684\u8a2d\u5b9a\u8b93\u6240\u6709 virtualhost \u90fd\u80fd\u7528 (\u6709\u7528\u5230 mod_dav_svn \u4e4b\u985e\u7684\u8a71\uff0c\u8981\u53e6\u5916\u7528 locationmatch \u907f\u958b)<\/li>\n<li>\u4e00\u5207\u90fd\u8a2d\u5b9a\u597d\u7684\u8a71\uff0c\u53ea\u8981\u57f7\u884c letsencrypt.sh -c \u5c31\u53ef\u4ee5\u4e86\uff0crenew \u4e5f\u662f\u540c\u4e00\u500b\u6307\u4ee4\uff0c\u9810\u8a2d\u662f\u6709\u6548\u671f\u9650 30 \u5929\u4ee5\u4e0a\u7684\u8a71\u5c31\u4e0d\u6703 renew\uff0c\u6240\u4ee5\u53ef\u4ee5\u653e\u5fc3\u76f4\u63a5\u4e1f cron \u8dd1<\/li>\n<\/ol>\n<p>&nbsp;<\/p>\n<p>\u61c9\u8a72\u6703\u7e7c\u7e8c\u7528\u4e0b\u53bb\uff0c\u4e3b\u8981\u662f domains.txt \u5be6\u5728\u662f\u6709\u65b9\u4fbf\u5230<\/p>\n<h5>update 2016-09-15<\/h5>\n<p>\u4f9d\u7167\u539f\u4f5c\u8005\u7684\u8b1b\u6cd5\uff0c\u56e0\u70ba letsencrypt \u5546\u6a19\u554f\u984c\uff0c\u6240\u4ee5\u540d\u5b57\u6539\u6210\u00a0<a href=\"https:\/\/github.com\/lukas2511\/dehydrated\">dehydrated<\/a>\u00a0\u4e86\uff0c\u76f8\u95dc\u7684\u8def\u5f91\u8ddf\u8a2d\u5b9a\u90fd\u5f97\u914d\u5408\u66f4\u52d5<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[\u83ef\u8a9e, cmn-Hant-TW] \u4e4b\u524d\u5728\u9019\u7bc7\u63d0\u5230\u4e86 Let&#8217;s Encrypt \u7684 SSL\uff0c\u7528\u8d77\u4f86\u662f\u5f88\u958b\u5fc3\u6c92\u932f\uff0c\u4e0d\u904e\u56e0\u70ba\u5b98\u65b9\u7684 client \u662f\u7528 python \u5beb\u7684\uff0c\u5728 freebsd \u4e0b\u9762\u5f97\u88dd\u4e00\u5927\u5806 py27-* \u7684\u5957\u4ef6 (\u7576\u7136\uff0c\u5b89\u88dd security\/py-letsencrypt \u6642\u6703\u81ea\u52d5\u4e00\u8d77\u88ab\u88dd\u9032\u53bb\uff0c\u4e0d\u7528\u624b\u52d5\u4e00\u500b\u4e00\u500b\u88dd) \u624d\u80fd\u7528\uff0c\u7136\u5f8c\u7533\u8acb\u7684\u6642\u5019\u8981\u628a apache\/nginx \u95dc\u6389\u653e\u51fa 80 port\uff0c\u67d0\u7a2e\u7a0b\u5ea6\u4f86\u8b1b\u9084\u883b\u8b93\u4eba\u56f0\u64fe\u7684\uff0c\u5f8c\u4f86\u770b\u5230\u6709\u4eba\u7528 shell script \u5beb\u4e86\u4e00\u500b\u6bd4\u8f03\u6c92\u90a3\u9ebc\u80a5\u7684\u00a0letsencrypt.sh\uff0c\u4e3b\u8981\u5f97\u53e6\u5916\u5b89\u88dd curl \u800c\u5df2\uff0c\u4e5f\u4e0d\u7528\u95dc\u6389 apache\/nginx\uff0c\u770b\u8d77\u4f86\u883b\u7406\u60f3\u7684\uff0c\u800c\u4e14\u4e5f\u9032 FreeBSD \u7684 ports \u4e86 (security\/letsencrypt.sh)\uff0c\u6293\u4f86\u4e0b\u7528\u4e86\u4e00\u4e0b\u611f\u89ba\u9084\u4e0d\u932f\uff1a \u7528 ports \u5b89\u88dd\u7684\u8a71\u6a94\u6848\u9810\u8a2d\u6703\u653e\u5728 \/usr\/local\/etc\/letsencrypt.sh \u76ee\u9304\u4e0b\uff0c\u7136\u5f8c\u56e0\u70ba\u9810\u8a2d\u7684 $BASEDIR&hellip; <\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[4591,4271,4287],"class_list":["post-2719","post","type-post","status-publish","format-standard","hentry","category-freebsd","tag-freebsd","tag-shell-scripts","tag-ssl"],"_links":{"self":[{"href":"https:\/\/blog.pighead.cc\/whsyu\/wp-json\/wp\/v2\/posts\/2719","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.pighead.cc\/whsyu\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.pighead.cc\/whsyu\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.pighead.cc\/whsyu\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.pighead.cc\/whsyu\/wp-json\/wp\/v2\/comments?post=2719"}],"version-history":[{"count":6,"href":"https:\/\/blog.pighead.cc\/whsyu\/wp-json\/wp\/v2\/posts\/2719\/revisions"}],"predecessor-version":[{"id":2759,"href":"https:\/\/blog.pighead.cc\/whsyu\/wp-json\/wp\/v2\/posts\/2719\/revisions\/2759"}],"wp:attachment":[{"href":"https:\/\/blog.pighead.cc\/whsyu\/wp-json\/wp\/v2\/media?parent=2719"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.pighead.cc\/whsyu\/wp-json\/wp\/v2\/categories?post=2719"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.pighead.cc\/whsyu\/wp-json\/wp\/v2\/tags?post=2719"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}