{"id":24374,"date":"2024-04-26T17:00:54","date_gmt":"2024-04-26T09:00:54","guid":{"rendered":"https:\/\/www.zhidianwl.net\/zhidianwl\/?p=24374"},"modified":"2024-04-26T17:00:54","modified_gmt":"2024-04-26T09:00:54","slug":"%e5%85%8d%e8%b4%b9%e7%94%b3%e8%af%b7%e5%a4%9a%e5%9f%9f%e5%90%8dssl%e8%af%81%e4%b9%a6%e6%96%b9%e6%b3%95","status":"publish","type":"post","link":"https:\/\/www.zhidianwl.net\/zhidianwl\/2024\/04\/26\/%e5%85%8d%e8%b4%b9%e7%94%b3%e8%af%b7%e5%a4%9a%e5%9f%9f%e5%90%8dssl%e8%af%81%e4%b9%a6%e6%96%b9%e6%b3%95\/","title":{"rendered":"\u514d\u8d39\u7533\u8bf7\u591a\u57df\u540dssl\u8bc1\u4e66\u65b9\u6cd5"},"content":{"rendered":"

SSL\u8bc1\u4e66\u662f\u4e00\u79cd\u5b89\u5168\u5957\u63a5\u5b57\u5c42\uff08SSL\uff09\u8bc1\u4e66\uff0c\u7528\u4e8e\u52a0\u5bc6\u548c\u9a8c\u8bc1\u4e92\u8054\u7f51\u4e0a\u7684\u6570\u636e\u4f20\u8f93\u3002\u5b83\u662f\u4e00\u4e2a\u6570\u5b57\u8bc1\u4e66\uff0c\u7528\u4e8e\u8bc1\u660e\u7f51\u7ad9\u7684\u8eab\u4efd\uff0c\u4ee5\u4fbf\u7528\u6237\u53ef\u4ee5\u653e\u5fc3\u5730\u4e0e\u8be5\u7f51\u7ad9\u8fdb\u884c\u4ea4\u4e92\u3002\u591a\u57df\u540dSSL\u8bc1\u4e66\u662f\u4e00\u79cd\u7279\u6b8a\u7c7b\u578b\u7684SSL\u8bc1\u4e66\uff0c\u5b83\u5141\u8bb8\u60a8\u5728\u4e00\u4e2a\u8bc1\u4e66\u4e2d\u4f7f\u7528\u591a\u4e2a\u57df\u540d\u3002<\/p>\n

\u5728\u8fc7\u53bb\uff0cSSL\u8bc1\u4e66\u662f\u6602\u8d35\u7684\u3002\u53ea\u6709\u5927\u578b\u4f01\u4e1a\u548c\u91d1\u878d\u673a\u6784\u624d\u80fd\u627f\u62c5\u5f97\u8d77\u3002\u4f46\u662f\uff0c\u968f\u7740\u65f6\u95f4\u7684\u63a8\u79fb\uff0c\u5e02\u573a\u4e0a\u51fa\u73b0\u4e86\u4e00\u4e9b\u514d\u8d39\u7684SSL\u8bc1\u4e66\uff0c\u8fd9\u4f7f\u5f97\u4e2d\u5c0f\u578b\u4f01\u4e1a\u548c\u4e2a\u4eba\u535a\u4e3b\u4e5f\u80fd\u591f\u83b7\u5f97SSL\u8bc1\u4e66\u7684\u4fdd\u62a4\u3002<\/p>\n

\u4e0b\u9762\u4ecb\u7ecd\u4e00\u79cd\u514d\u8d39\u7533\u8bf7\u591a\u57df\u540dSSL\u8bc1\u4e66\u7684\u65b9\u6cd5\u3002<\/p>\n

\u6b65\u9aa4\u4e00\uff1a\u9009\u62e9SSL\u8bc1\u4e66\u63d0\u4f9b\u5546<\/p>\n

\u6709\u5f88\u591a\u63d0\u4f9b\u5546\u53ef\u4ee5\u63d0\u4f9b\u514d\u8d39\u7684SSL\u8bc1\u4e66\uff0c\u5176\u4e2dLet’s Encrypt\u662f\u6700\u53d7\u6b22\u8fce\u7684\u63d0\u4f9b\u5546\u4e4b\u4e00\u3002\u5b83\u662f\u7531\u975e\u8425\u5229\u7ec4\u7ec7Internet Security Research Group\uff08ISRG\uff09\u521b\u5efa\u7684\uff0c\u65e8\u5728\u63d0\u4f9b\u514d\u8d39\u7684SSL\u8bc1\u4e66\u3002<\/p>\n

\u6b65\u9aa4\u4e8c\uff1a\u5b89\u88c5Certbot<\/p>\n

Certbot\u662f\u4e00\u4e2a\u5f00\u6e90\u5de5\u5177\uff0c\u53ef\u5e2e\u52a9\u60a8\u5728\u60a8\u7684\u670d\u52a1\u5668\u4e0a\u81ea\u52a8\u5b89\u88c5\u548c\u66f4\u65b0Let’s Encrypt SSL\u8bc1\u4e66\u3002\u5b83\u652f\u6301\u5404\u79cd\u4e0d\u540c\u7684Web\u670d\u52a1\u5668\uff0c\u5305\u62ecApache\u548cNginx\u3002<\/p>\n

\u60a8\u53ef\u4ee5\u5728Certbot\u7684\u5b98\u65b9\u7f51\u7ad9\u4e0a\u627e\u5230\u5b89\u88c5\u6307\u5357\uff0c\u6839\u636e\u60a8\u7684\u670d\u52a1\u5668\u7c7b\u578b\u548c\u64cd\u4f5c\u7cfb\u7edf\u8fdb\u884c\u5b89\u88c5\u3002<\/p>\n

\u6b65\u9aa4\u4e09\uff1a\u751f\u6210\u8bc1\u4e66<\/p>\n

\u4e00\u65e6\u60a8\u5b89\u88c5\u4e86Certbot\uff0c\u5c31\u53ef\u4ee5\u5f00\u59cb\u751f\u6210\u8bc1\u4e66\u4e86\u3002\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\uff1a<\/p>\n

“`<\/p>\n

sudo certbot certonly –manual -d example.com -d www.example.com -d blog.example.com<\/p>\n

“`<\/p>\n

\u5728\u8fd9\u4e2a\u547d\u4ee4\u4e2d\uff0c\u201c-d\u201d\u53c2\u6570\u5141\u8bb8\u60a8\u6307\u5b9a\u8981\u5305\u542b\u5728\u8bc1\u4e66\u4e2d\u7684\u57df\u540d\u3002\u60a8\u53ef\u4ee5\u4f7f\u7528\u591a\u4e2a\u201c-d\u201d\u53c2\u6570\u6765\u6307\u5b9a\u591a\u4e2a\u57df\u540d\u3002<\/p>\n

Certbot\u5c06\u8981\u6c42\u60a8\u9a8c\u8bc1\u60a8\u7684\u57df\u540d\u6240\u6709\u6743\u3002\u8fd9\u901a\u5e38\u6d89\u53ca\u5728\u60a8\u7684\u7f51\u7ad9\u4e0a\u6dfb\u52a0\u4e00\u4e2a\u7279\u6b8a\u7684\u6587\u4ef6\u6216\u8bb0\u5f55\u4e00\u4e2a\u7279\u6b8a\u7684DNS\u6761\u76ee\u3002\u4e00\u65e6\u60a8\u5b8c\u6210\u4e86\u9a8c\u8bc1\uff0cCertbot\u5c06\u4e3a\u60a8\u751f\u6210\u8bc1\u4e66\u3002<\/p>\n

\u6b65\u9aa4\u56db\uff1a\u5b89\u88c5\u8bc1\u4e66<\/p>\n

\u751f\u6210\u8bc1\u4e66\u540e\uff0c<\/p>\n

<\/figure>\n<\/p>\n

\u60a8\u9700\u8981\u5c06\u8bc1\u4e66\u5b89\u88c5\u5230\u60a8\u7684\u670d\u52a1\u5668\u4e0a\u3002\u5177\u4f53\u6b65\u9aa4\u53d6\u51b3\u4e8e\u60a8\u4f7f\u7528\u7684Web\u670d\u52a1\u5668\u3002<\/p>\n

\u5bf9\u4e8eApache\u670d\u52a1\u5668\uff0c\u8bf7\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\uff1a<\/p>\n

“`<\/p>\n

sudo a2enmod ssl<\/p>\n

sudo systemctl restart apache2<\/p>\n

sudo mkdir \/etc\/apache2\/ssl<\/p>\n

sudo cp \/etc\/letsencrypt\/live\/example.com\/fullchain.pem \/etc\/apache2\/ssl\/<\/p>\n

sudo cp \/etc\/letsencrypt\/live\/example.com\/privkey.pem \/etc\/apache2\/ssl\/<\/p>\n

“`<\/p>\n

\u5bf9\u4e8eNginx\u670d\u52a1\u5668\uff0c\u8bf7\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\uff1a<\/p>\n

“`<\/p>\n

sudo mkdir \/etc\/nginx\/s\u600e\u4e48\u7533\u8bf7ssl\u8bc1\u4e66<\/a>sl<\/p>\n

sudo cp \/etc\/letsencrypt\/live\/example.com\/fullchain.pem \/etc\/nginx\/ssl\/<\/p>\n

sudo cp \/etc\/letsencrypt\/live\/example.com\/privkey.pem \/etc\/nginx\/ssl\/<\/p>\n

“`<\/p>\n

\u6b65\u9aa4\u4e94\uff1a\u914d\u7f6eWeb\u670d\u52a1\u5668<\/p>\n

\u6700\u540e\uff0c\u60a8\u9700\u8981\u914d\u7f6eWeb\u670d\u52a1\u5668\u4ee5\u4f7f\u7528\u65b0\u7684SSL\u8bc1\u4e66\u3002\u5177\u4f53\u6b65\u9aa4\u53d6\u51b3\u4e8e\u60a8\u4f7f\u7528\u7684Web\u670d\u52a1\u5668\u3002<\/p>\n

\u5bf9\u4e8eApache\u670d\u52a1\u5668\uff0c\u7f16\u8f91\u60a8\u7684\u865a\u62df\u4e3b\u673a\u914d\u7f6e\u6587\u4ef6\uff0c\u5e76\u6dfb\u52a0\u4ee5\u4e0b\u884c\uff1a<\/p>\n

“`<\/p>\n

SSLCertificateFile \/etc\/apache2\/ssl\/fullchain.pem<\/p>\n

SSLCertificateKeyFile \/etc\/apache2\/ssl\/privkey.pem<\/p>\n

“`<\/p>\n

\u5bf9\u4e8eNginx\u670d\u52a1\u5668\uff0c\u7f16\u8f91\u60a8\u7684\u670d\u52a1\u5668\u5757\u914d\u7f6e\u6587\u4ef6\uff0c\u5e76\u6dfb\u52a0\u4ee5\u4e0b\u884c\uff1a<\/p>\n

“`<\/p>\n

ssl_certificate \/etc\/nginx\/ssl\/fullchain.pem;<\/p>\n

ssl_certificate_key \/etc\/nginx\/ssl\/privkey.pem;<\/p>\n

“`<\/p>\n

\u5b8c\u6210\u4ee5\u4e0a\u6b65\u9aa4\u540e\uff0c\u60a8\u7684\u670d\u52a1\u5668\u73b0\u5728\u5e94\u8be5\u4f7f\u7528\u514d\u8d39\u7684\u591a\u57df\u540dSSL\u8bc1\u4e66\u6765\u4fdd\u62a4\u60a8\u7684\u7f51\u7ad9\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"

SSL\u8bc1\u4e66\u662f\u4e00\u79cd\u5b89\u5168\u5957\u63a5\u5b57\u5c42\uff08SSL\uff09\u8bc1\u4e66\uff0c\u7528\u4e8e\u52a0\u5bc6\u548c\u9a8c\u8bc1\u4e92\u8054\u7f51\u4e0a\u7684\u6570\u636e\u4f20\u8f93\u3002\u5b83\u662f\u4e00\u4e2a\u6570\u5b57\u8bc1\u4e66\uff0c\u7528\u4e8e\u8bc1\u660e\u7f51\u7ad9\u7684\u8eab\u4efd\uff0c\u4ee5\u4fbf\u7528\u6237\u53ef\u4ee5\u653e\u5fc3\u5730\u4e0e\u8be5\u7f51\u7ad9\u8fdb\u884c\u4ea4\u4e92\u3002\u591a\u57df\u540dSSL\u8bc1\u4e66\u662f\u4e00\u79cd\u7279\u6b8a\u7c7b\u578b\u7684SSL\u8bc1\u4e66\uff0c\u5b83<\/p>\n","protected":false},"author":19,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11],"tags":[24334,24335,241,197,138],"topic":[],"class_list":{"0":"post-24374","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"hentry","6":"category-sslzhengshu","7":"tag-https","9":"tag-241","10":"tag-197","11":"tag-138"},"_links":{"self":[{"href":"https:\/\/www.zhidianwl.net\/zhidianwl\/wp-json\/wp\/v2\/posts\/24374","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.zhidianwl.net\/zhidianwl\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.zhidianwl.net\/zhidianwl\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.zhidianwl.net\/zhidianwl\/wp-json\/wp\/v2\/users\/19"}],"replies":[{"embeddable":true,"href":"https:\/\/www.zhidianwl.net\/zhidianwl\/wp-json\/wp\/v2\/comments?post=24374"}],"version-history":[{"count":1,"href":"https:\/\/www.zhidianwl.net\/zhidianwl\/wp-json\/wp\/v2\/posts\/24374\/revisions"}],"predecessor-version":[{"id":24491,"href":"https:\/\/www.zhidianwl.net\/zhidianwl\/wp-json\/wp\/v2\/posts\/24374\/revisions\/24491"}],"wp:attachment":[{"href":"https:\/\/www.zhidianwl.net\/zhidianwl\/wp-json\/wp\/v2\/media?parent=24374"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.zhidianwl.net\/zhidianwl\/wp-json\/wp\/v2\/categories?post=24374"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.zhidianwl.net\/zhidianwl\/wp-json\/wp\/v2\/tags?post=24374"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.zhidianwl.net\/zhidianwl\/wp-json\/wp\/v2\/topic?post=24374"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}