差異處

這裏顯示兩個版本的差異處。

--- tech:ssl_letsencrypt [2021/06/23 22:29] – [申請 Let's Encrypt 與設定 Web Server 程序] jonathan
+++ tech:ssl_letsencrypt [2022/02/04 22:36] – jonathan
@@ 行 4: / 行 4: @@
 ===== 申請 Let's Encrypt 與設定 Web Server 程序 =====
-{{tabinclude>tech:ssl_letsencrypt:ubuntu20_04, tech:ssl_letsencrypt:centos8, tech:ssl_letsencrypt:centos7}}
+{{tabinclude>tech:ssl_letsencrypt:ubuntu20_04, tech:ssl_letsencrypt:alpine3_15, tech:ssl_letsencrypt:centos8, tech:ssl_letsencrypt:centos7}}
     * 這過程會檢查與安裝 python packages 並讀取 web server 的設定, 查看目前的網站網址, 如果有設定 Virtual Host 多網址, 也可以選擇產生多網域的憑證((只產生一個憑證檔案, 但該憑證檔案內有包含多個網址))
@@ 行 205: / 行 205: @@
   * 因為部份網站是內部網站, 並無法對外透過 Web 方式認證自動更新憑證, 所以需要透過 DNS 即時建立 TXT Record 來認證, 如要自動認證, 就需要透過 DNS 提供整合 API 才能達成
 {{tabinclude>tech:ssl_letsencrypt:cf_ubuntu20_04, tech:ssl_letsencrypt:cf_centos8, tech:ssl_letsencrypt:cf_centos7, tech:ssl_letsencrypt:cf_centos6}}
-==== CentOS 8 ====
-  * 安裝 DNS CloudFlare Plugin<cli>
-dnf install python3-certbot-dns-cloudflare
-</cli>
-  * 建立 /root/lets-encrypt/cloudflare.ini <cli>
-mkdir -p /root/lets-encrypt/
-vi /root/lets-encrypt/cloudflare.ini
-</cli>Exp:<file>
-# Cloudflare API credentials used by Certbot
-dns_cloudflare_email = [email protected]
-dns_cloudflare_api_key = 0123456789abcdef0123456789abcdef01234567
-</file>
-  * 設定保護權限 <cli>
-chmod 600 /root/lets-encrypt/cloudflare.ini
-</cli>
-  * 進行申請新憑證 Exp. example.com <code sh>
-/usr/bin/certbot certonly \
-  --dns-cloudflare \
-  --dns-cloudflare-credentials /root/lets-encrypt/cloudflare.ini \
-  --dns-cloudflare-propagation-seconds 10 \
-  -d example.com
-</code>
-  * 進行定期更新憑證 Exp. example.com <cli>
-/usr/bin/certbot renew \
-  --dns-cloudflare \
-  --dns-cloudflare-credentials /root/lets-encrypt/cloudflare.ini \
-  --dns-cloudflare-propagation-seconds 10
-</cli>
-  * 設定每天自動檢查更新
-    - 建立 /root/lets-encrypt/renewcert.sh <cli>
-vi /root/lets-encrypt/renewcert.sh</cli><file>
-/usr/bin/certbot renew \
-  --dns-cloudflare \
-  --dns-cloudflare-credentials /root/lets-encrypt/cloudflare.ini \
-  --dns-cloudflare-propagation-seconds 10
-</file><cli>
-chmod a+x /root/lets-encrypt/renewcert.sh
-</cli>
-    - 設定 /etc/crontab<cli>
-vi /etc/crontab</cli><file>
-:
-# let's encrypt
-2 * * * root /root/lets-encrypt/renewcert.sh > /tmp/renewcert.log
-</file><cli>
-systemctl restart crond
-</cli>
-==== CentOS 7 ====
-  * 安裝 DNS CloudFlare Plugin<code sh>
-yum install python2-certbot-dns-cloudflare
-</code>
-  * 建立 /root/lets-encrypt/cloudflare.ini <code sh>mkdir -p /root/lets-encrypt/</code>Exp:<file>
-# Cloudflare API credentials used by Certbot
-dns_cloudflare_email = [email protected]
-dns_cloudflare_api_key = 0123456789abcdef0123456789abcdef01234567
-</file>
-  * 設定保護權限 <code sh>
-chmod 600 /root/lets-encrypt/cloudflare.ini
-</code>
-  * 進行申請新憑證 Exp. example.com <code sh>
-/usr/bin/certbot certonly \
-  --dns-cloudflare \
-  --dns-cloudflare-credentials /root/lets-encrypt/cloudflare.ini \
-  --dns-cloudflare-propagation-seconds 10 \
-  -d example.com
-</code>
-  * 進行定期更新憑證 Exp. example.com <code sh>
-/usr/bin/certbot renew \
-  --dns-cloudflare \
-  --dns-cloudflare-credentials /root/lets-encrypt/cloudflare.ini \
-  --dns-cloudflare-propagation-seconds 10
-</code>
-  * 設定每天自動檢查更新
-    - 建立 /root/lets-encrypt/renewcert.sh <code sh>
-vi /root/lets-encrypt/renewcert.sh</code><file>
-/usr/bin/certbot renew \
-  --dns-cloudflare \
-  --dns-cloudflare-credentials /root/lets-encrypt/cloudflare.ini \
-  --dns-cloudflare-propagation-seconds 10
-</file><code sh>
-chmod a+x /root/lets-encrypt/renewcert.sh
-</code>
-    - 設定 /etc/crontab<code sh>
-vi /etc/crontab</code><file>
-:
-# let's encrypt
-2 * * * root /root/lets-encrypt/renewcert.sh > /tmp/renewcert.log
-</file><code sh>
-systemctl restart crond
-</code>
-==== CentOS 6 ====
-  - 建立 /root/lets-encrypt/authenticator.sh<code sh>
-cd /root/lets-encrypt/
-wget https://svn.ichiayi.com/opensvn/opentrysoft/certbot/authenticator.sh
-chmod a+x authenticator.sh
-</code>
-  - 建立 /root/lets-encrypt/cleanup.sh<code sh>
-cd /root/lets-encrypt/
-wget https://svn.ichiayi.com/opensvn/opentrysoft/certbot/cleanup.sh
-chmod a+x cleanup.sh</code>
-  - 取得 CloudFlare 的 Zone ID 與 Global API Key 更改 authenticator.sh 與 cleanup.sh 內容<file>
-:
-API_KEY="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
-EMAIL="[email protected]"
-ZONE_ID="xxxxxxxxxxxxxxx"
-:
-</file>++看 CloudFlare 取得 Zone ID / Global API Key 畫面| {{:tech:2019031501.png}} \\ {{:tech:2019031502.png}} \\ {{:tech:2019031503.png}} \\ {{:tech:2019031504.png}} \\ {{:tech:2019031505.png}}++
-  - 執行取得 SSL 憑證命令 Exp. erp.ichiayi.com <code sh>
-/root/lets-encrypt/certbot-auto certonly --manual --preferred-challenges=dns --manual-auth-hook /root/lets-encrypt/authenticator.sh --manual-cleanup-hook /root/lets-encrypt/cleanup.sh -d erp.ichiayi.com
-</code>
-  * 設定憑證到期自動更新
-    - 建立 /root/lets-encrypt/renewcert.sh Exp. erp.ichiayi.com <code sh>
-vi /root/lets-encrypt/renewcert.sh</code><file>
-/root/lets-encrypt/certbot-auto renew --preferred-challenges=dns --manual-auth-hook /root/lets-encrypt/authenticator.sh --manual-cleanup-hook /root/lets-encrypt/cleanup.sh --agree-tos
-</file>
-    - 設定執行權限<code sh>
-chmod a+x /root/lets-encrypt/renewcert.sh
-</code>
-    - 設定每天 4:30 執行自動檢查一次<code sh>
-vi /etc/crontab
-</code><file>
-:
-# erp.ichiayi.com SSL cert auto renew
-4 * * * root /root/lets-encrypt/renewcert.sh > /tmp/certrenew.log
-</file><code sh>
-service crond restart
-</code>
 ===== 參考網址 =====
   * https://certbot.eff.org/lets-encrypt/centos6-apache
   * https://certbot.eff.org/lets-encrypt/centosrhel7-other
+  * https://gitpress.io/@chchang/ubuntu-letsencrypt-cloudflare-wildcard
+  * https://blog.anzupop.com/posts/acquire-lets-encrypt-certs-using-dns-cloudflare-plugin/
   * https://serverfault.com/questions/744960/configuring-ssl-with-virtual-hosts-under-apache-and-centos
   * https://sslmate.com/caa/