no way to compare when less than two revisions
| |
— | tech:ssl_letsencrypt:cf_centos6 [2021/06/23 22:39] (目前版本) – 建立 jonathan |
---|
| ==== CentOS 6 ==== |
| - 建立 /root/lets-encrypt/authenticator.sh<code sh> |
| cd /root/lets-encrypt/ |
| wget https://svn.ichiayi.com/opensvn/opentrysoft/certbot/authenticator.sh |
| chmod a+x authenticator.sh |
| </code> |
| - 建立 /root/lets-encrypt/cleanup.sh<code sh> |
| cd /root/lets-encrypt/ |
| wget https://svn.ichiayi.com/opensvn/opentrysoft/certbot/cleanup.sh |
| chmod a+x cleanup.sh</code> |
| - 取得 CloudFlare 的 Zone ID 與 Global API Key 更改 authenticator.sh 與 cleanup.sh 內容<file> |
| : |
| API_KEY="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" |
| EMAIL="[email protected]" |
| ZONE_ID="xxxxxxxxxxxxxxx" |
| : |
| </file>++看 CloudFlare 取得 Zone ID / Global API Key 畫面| {{:tech:2019031501.png}} \\ {{:tech:2019031502.png}} \\ {{:tech:2019031503.png}} \\ {{:tech:2019031504.png}} \\ {{:tech:2019031505.png}}++ |
| - 執行取得 SSL 憑證命令 Exp. erp.ichiayi.com <code sh> |
| /root/lets-encrypt/certbot-auto certonly --manual --preferred-challenges=dns --manual-auth-hook /root/lets-encrypt/authenticator.sh --manual-cleanup-hook /root/lets-encrypt/cleanup.sh -d erp.ichiayi.com |
| </code> |
| * 設定憑證到期自動更新 |
| - 建立 /root/lets-encrypt/renewcert.sh Exp. erp.ichiayi.com <code sh> |
| vi /root/lets-encrypt/renewcert.sh</code><file> |
| /root/lets-encrypt/certbot-auto renew --preferred-challenges=dns --manual-auth-hook /root/lets-encrypt/authenticator.sh --manual-cleanup-hook /root/lets-encrypt/cleanup.sh --agree-tos |
| </file> |
| - 設定執行權限<code sh> |
| chmod a+x /root/lets-encrypt/renewcert.sh |
| </code> |
| - 設定每天 4:30 執行自動檢查一次<code sh> |
| vi /etc/crontab |
| </code><file> |
| : |
| # erp.ichiayi.com SSL cert auto renew |
| 30 4 * * * root /root/lets-encrypt/renewcert.sh > /tmp/certrenew.log |
| </file><code sh> |
| service crond restart |
| </code> |
| |