Https(1)Certbot

Posted on In Word count in article: 310 Reading time ≈ 1 mins.

使用Certbot申请免费的SSL证书(Ubuntu 22.04),并且自动配置nginx。

安装Certbot

1
2
3
4
5
6
7
8
9
10
11
12
13
$ sudo apt update
# Install system dependencies
$ sudo apt install python3 python3-venv libaugeas0
# Set up a Python virtual environment
$ sudo python3 -m venv /opt/certbot/
$ sudo /opt/certbot/bin/pip install --upgrade pip
# Install Certbot
$ sudo /opt/certbot/bin/pip install certbot certbot-nginx
# Prepare the Certbot command
$ sudo ln -s /opt/certbot/bin/certbot /usr/bin/certbot
# Check certbot version
$ certbot --version
certbot 3.0.0

申请证书

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
$ sudo certbot --nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Which names would you like to activate HTTPS for?
We recommend selecting either all domains, or all domains in a VirtualHost/server block.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: jenkins.example.com
2: tool.example.com
3: www.example.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Requesting a certificate for jenkins.example.com

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/jenkins.example.com/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/jenkins.example.com/privkey.pem
This certificate expires on 2025-02-14.
These files will be updated when the certificate renews.

Deploying certificate
Successfully deployed certificate for jenkins.example.com to /etc/nginx/conf.d/jenkins.example.com.conf
Congratulations! You have successfully enabled HTTPS on https://jenkins.example.com

NEXT STEPS:
- The certificate will need to be renewed before it expires. Certbot can automatically renew the certificate in the background, but you may need to take steps to enable that functionality. See https://certbot.org/renewal-setup for instructions.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

证书续期

1
$ sudo certbot renew

获取所有的证书状态

1
$ sudo certbot certificates

参考

Certbot Instructions