nginx配置https/证书更新/ Let's encrypt免费证书(https)以及错误解决!
2016-12-21 18:43
721 查看
git地址如下
https://github.com/xdtianyu/scripts/tree/master/lets-encrypt
调用 acme_tiny.py 认证、获取、更新证书,不需要额外的依赖。
下载脚本和配置文件
File "/tmp/acme_tiny.py", line 2, in <module>
import argparse, subprocess, json, os, sys, base64, binascii, time, hashlib, re, copy, textwrap, logging
ImportError: No module named argparse
1.yum install python-argparse
2.手动安装python-argparse:
wget https://pypi.python.org/packages/source/a/argparse/argparse-1.4.0.tar.gz#md5=08062d2ceb6596fcbc5a7e725b53746f tar -xzvf argparse-1.4.0.tar.gz
cd argparse-1.4.0
python setup.py install
出现如下信息表示安装成功:
running install
running bdist_egg
running egg_info
writing argparse.egg-info/PKG-INFO
writing top-level names to argparse.egg-info/top_level.txt
writing dependency_links to argparse.egg-info/dependency_links.txt
reading manifest file 'argparse.egg-info/SOURCES.txt'
reading manifest template 'MANIFEST.in'
warning: no previously-included files matching '*.pyc' found anywhere in distribution
warning: no previously-included files matching '*.pyo' found anywhere in distribution
warning: no previously-included files matching '*.orig' found anywhere in distribution
warning: no previously-included files matching '*.rej' found anywhere in distribution
no previously-included directories found matching 'doc/_build'
no previously-included directories found matching 'env24'
no previously-included directories found matching 'env25'
no previously-included directories found matching 'env26'
no previously-included directories found matching 'env27'
writing manifest file 'argparse.egg-info/SOURCES.txt'
installing library code to build/bdist.linux-x86_64/egg
running install_lib
running build_py
creating build
creating build/lib
copying argparse.py -> build/lib
creating build/bdist.linux-x86_64
creating build/bdist.linux-x86_64/egg
copying build/lib/argparse.py -> build/bdist.linux-x86_64/egg
byte-compiling build/bdist.linux-x86_64/egg/argparse.py to argparse.pyc
creating build/bdist.linux-x86_64/egg/EGG-INFO
copying argparse.egg-info/PKG-INFO -> build/bdist.linux-x86_64/egg/EGG-INFO
copying argparse.egg-info/SOURCES.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
copying argparse.egg-info/dependency_links.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
copying argparse.egg-info/top_level.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
zip_safe flag not set; analyzing archive contents...
creating dist
creating 'dist/argparse-1.4.0-py2.6.egg' and adding 'build/bdist.linux-x86_64/egg' to it
removing 'build/bdist.linux-x86_64/egg' (and everything under it)
Processing argparse-1.4.0-py2.6.egg
Copying argparse-1.4.0-py2.6.egg to /usr/lib/python2.6/site-packages
Adding argparse 1.4.0 to easy-install.pth file
Installed /usr/lib/python2.6/site-packages/argparse-1.4.0-py2.6.egg
Processing dependencies for argparse==1.4.0
Finished processing dependencies for argparse==1.4.0
如果执行python setup.py install安装python-argparse时出现错误如下错误时是因为setuptools没有安装,请安装setuptools
Traceback (most recent call last):
File "setup.py", line 3, in <module>
from setuptools import setup, find_packages
ImportError: No module named setuptools
红色部分错误提示的表面意思是:没有setuptools的模块,说明python缺少这个模块,那我们只要安装这个模块即可解决此问题
wget http://pypi.python.org/packages/source/s/setuptools/setuptools-0.6c11.tar.gz tar zxvf setuptools-0.6c11.tar.gz
cd setuptools-0.6c11
python setup.py build
python setup.py install
方法二:
在http://pypi.python.org/pypi/setuptools这个地方下载setuptools-0.6c11-py2.7.egg文件到本地,使用chmod +x setuptools-0.6c11-py2.7.egg命令使文件成为可执行文件。然后运行sudo sh setuptools-0.6c11-py2.7.egg命令完成安装。
方法三:
到http://pypi.python.org/pypi/setuptools,按照对应说明下载安装setuptools模块!
Generate account key...
Generating RSA private key, 4096 bit long modulus
......................................++
.....................................................................++
e is 65537 (0x10001)
Generate domain key...
Generating RSA private key, 2048 bit long modulus
........+++
................................................................................................................+++
e is 65537 (0x10001)
Generate CSR...app.csr
Parsing account key...
Parsing CSR...
Registering account...
Registered!
Verifying app.lebaoedu.com...
Traceback (most recent call last):
File "/tmp/acme_tiny.py", line 198, in <module>
main(sys.argv[1:])
File "/tmp/acme_tiny.py", line 194, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca)
File "/tmp/acme_tiny.py", line 140, in get_crt
e.code, json.loads(e.read().decode('utf8'))))
AttributeError: 'URLError' object has no attribute 'code'
生成证书时如果出现如下信息证明没有生成成功(本例是因为目录没有+wx权限但没有报权限错直接出现如下信息的)
Generate CSR...lebao.csr
New cert: lebao.chained.crt has been generated
Parsing account key...
Parsing CSR...
Registering account...
Already registered!
Verifying test.api.lebaoedu.com...
test.api.lebaoedu.com verified!
Signing certificate...
Certificate signed!
New cert: lebao.chained.crt has been generated
生成后的证书目录会有类似如下文件:
test.chained.crt test.com.key letsencrypt-account.key test.crt test.csr ...
0 0 1 * * /data/cron/ssl/letsencrypt.sh /data/cron/ssl/letsencrypt.conf >> /var/log/lets-encrypt.log 2>&1
server {
listen 443;
server_name test.com;
access_log /data/wwwlogs/test_nginx.log main;
index index.html index.htm index.php;
root /data/wwwroot/test.com;
ssl on;
ssl_certificate /data/cron/ssl/test.chained.crt;
ssl_certificate_key /data/cron/ssl/test.com.key;
location ~ \.php {
#fastcgi_pass remote_php_ip:9000;
fastcgi_pass unix:/dev/shm/php-cgi.sock;
fastcgi_index index.php;
include fastcgi_params;
set $real_script_name $fastcgi_script_name;
if ($fastcgi_script_name ~ "^(.+?\.php)(/.+)$") {
set $real_script_name $1;
#set $path_info $2;
}
fastcgi_param SCRIPT_FILENAME $document_root$real_script_name;
fastcgi_param SCRIPT_NAME $real_script_name;
#fastcgi_param PATH_INFO $path_info;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|ico)$ {
expires 30d;
access_log off;
}
location ~ .*\.(js|css)?$ {
expires 7d;
access_log off;
}
}
https://github.com/xdtianyu/scripts/tree/master/lets-encrypt
调用 acme_tiny.py 认证、获取、更新证书,不需要额外的依赖。
下载脚本和配置文件
wget https://raw.githubusercontent.com/xdtianyu/scripts/master/lets-encrypt/letsencrypt.conf wget https://raw.githubusercontent.com/xdtianyu/scripts/master/lets-encrypt/letsencrypt.sh chmod +x letsencrypt.sh
配置文件
只需要修改DOMAIN_KEY
DOMAIN_DIR
DOMAINS为你自己的信息(详尽解释联系 摘取天上星 即可)
ACCOUNT_KEY="letsencrypt-account.key" DOMAIN_KEY="test.com.key" DOMAIN_DIR="/data/wwwroot/test.com" DOMAINS="DNS:test.com,DNS:api.test.com"执行过程中会自动生成需要的 key 文件。
执行证书生成
(拥有不同虚拟站点目录以及不同域名生成证书时需要更改配置文件内容即文件名,根据不同配置文件重新执行生成新站点的证书操作即可)./letsencrypt.sh letsencrypt.conf
注意(脚本会先下载一个lets-encrypt-x3-cross-signed.pem文件后依次执行生成证书过程,如果没有下载,请根据脚本示连接地址信息手动下载即可)
需要已经绑定域名到/var/www/test.com目录,即通过
http://test.com
http://api.test.com可以访问到
/var/www/test.com目录,用于域名的验证
如果出现如下错误信息(yum install python-argparse安装python-argparse再执行即可,如果yum安装不了请手动编译安装):
Traceback (most recent call last):File "/tmp/acme_tiny.py", line 2, in <module>
import argparse, subprocess, json, os, sys, base64, binascii, time, hashlib, re, copy, textwrap, logging
ImportError: No module named argparse
1.yum install python-argparse
2.手动安装python-argparse:
wget https://pypi.python.org/packages/source/a/argparse/argparse-1.4.0.tar.gz#md5=08062d2ceb6596fcbc5a7e725b53746f tar -xzvf argparse-1.4.0.tar.gz
cd argparse-1.4.0
python setup.py install
出现如下信息表示安装成功:
running install
running bdist_egg
running egg_info
writing argparse.egg-info/PKG-INFO
writing top-level names to argparse.egg-info/top_level.txt
writing dependency_links to argparse.egg-info/dependency_links.txt
reading manifest file 'argparse.egg-info/SOURCES.txt'
reading manifest template 'MANIFEST.in'
warning: no previously-included files matching '*.pyc' found anywhere in distribution
warning: no previously-included files matching '*.pyo' found anywhere in distribution
warning: no previously-included files matching '*.orig' found anywhere in distribution
warning: no previously-included files matching '*.rej' found anywhere in distribution
no previously-included directories found matching 'doc/_build'
no previously-included directories found matching 'env24'
no previously-included directories found matching 'env25'
no previously-included directories found matching 'env26'
no previously-included directories found matching 'env27'
writing manifest file 'argparse.egg-info/SOURCES.txt'
installing library code to build/bdist.linux-x86_64/egg
running install_lib
running build_py
creating build
creating build/lib
copying argparse.py -> build/lib
creating build/bdist.linux-x86_64
creating build/bdist.linux-x86_64/egg
copying build/lib/argparse.py -> build/bdist.linux-x86_64/egg
byte-compiling build/bdist.linux-x86_64/egg/argparse.py to argparse.pyc
creating build/bdist.linux-x86_64/egg/EGG-INFO
copying argparse.egg-info/PKG-INFO -> build/bdist.linux-x86_64/egg/EGG-INFO
copying argparse.egg-info/SOURCES.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
copying argparse.egg-info/dependency_links.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
copying argparse.egg-info/top_level.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
zip_safe flag not set; analyzing archive contents...
creating dist
creating 'dist/argparse-1.4.0-py2.6.egg' and adding 'build/bdist.linux-x86_64/egg' to it
removing 'build/bdist.linux-x86_64/egg' (and everything under it)
Processing argparse-1.4.0-py2.6.egg
Copying argparse-1.4.0-py2.6.egg to /usr/lib/python2.6/site-packages
Adding argparse 1.4.0 to easy-install.pth file
Installed /usr/lib/python2.6/site-packages/argparse-1.4.0-py2.6.egg
Processing dependencies for argparse==1.4.0
Finished processing dependencies for argparse==1.4.0
如果执行python setup.py install安装python-argparse时出现错误如下错误时是因为setuptools没有安装,请安装setuptools
Traceback (most recent call last):
File "setup.py", line 3, in <module>
from setuptools import setup, find_packages
ImportError: No module named setuptools
红色部分错误提示的表面意思是:没有setuptools的模块,说明python缺少这个模块,那我们只要安装这个模块即可解决此问题
安装setuptools:
方法一:wget http://pypi.python.org/packages/source/s/setuptools/setuptools-0.6c11.tar.gz tar zxvf setuptools-0.6c11.tar.gz
cd setuptools-0.6c11
python setup.py build
python setup.py install
方法二:
在http://pypi.python.org/pypi/setuptools这个地方下载setuptools-0.6c11-py2.7.egg文件到本地,使用chmod +x setuptools-0.6c11-py2.7.egg命令使文件成为可执行文件。然后运行sudo sh setuptools-0.6c11-py2.7.egg命令完成安装。
方法三:
到http://pypi.python.org/pypi/setuptools,按照对应说明下载安装setuptools模块!
证书生成过程中如果出现如下情况(尤其红色部分)则表示证书“DNS query timed out”,由于域名DNS解析的问题导致无法验证域名从而获取SSL证书不成功
(对比发现国内的DNSPOD、阿里云DNS、CloudXNS等都会时不时的出现Let's Encrypt 验证域名超时的情况,国外的Namecheap DNS、Linode DNS、Domain.com DNS等都是没有问题,出现证书DNS超时时,选择网络空闲的时候重新执行命令生成证书即可!)Generate account key...
Generating RSA private key, 4096 bit long modulus
......................................++
.....................................................................++
e is 65537 (0x10001)
Generate domain key...
Generating RSA private key, 2048 bit long modulus
........+++
................................................................................................................+++
e is 65537 (0x10001)
Generate CSR...app.csr
Parsing account key...
Parsing CSR...
Registering account...
Registered!
Verifying app.lebaoedu.com...
Traceback (most recent call last):
File "/tmp/acme_tiny.py", line 198, in <module>
main(sys.argv[1:])
File "/tmp/acme_tiny.py", line 194, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca)
File "/tmp/acme_tiny.py", line 140, in get_crt
e.code, json.loads(e.read().decode('utf8'))))
AttributeError: 'URLError' object has no attribute 'code'
生成证书时如果出现如下信息证明没有生成成功(本例是因为目录没有+wx权限但没有报权限错直接出现如下信息的)
Generate CSR...lebao.csr
New cert: lebao.chained.crt has been generated
真正执行证书生成成功后的提示信息如下(有更详细的证书生成成功信息):
Generate CSR...lebao.csrParsing account key...
Parsing CSR...
Registering account...
Already registered!
Verifying test.api.lebaoedu.com...
test.api.lebaoedu.com verified!
Signing certificate...
Certificate signed!
New cert: lebao.chained.crt has been generated
生成后的证书目录会有类似如下文件:
test.chained.crt test.com.key letsencrypt-account.key test.crt test.csr ...
cron 定时任务
每个月自动更新一次证书,可以在脚本最后加入service nginx reload等重新加载服务(具体根据自己的实际路径修改要执行的定时文件地址即可)
0 0 1 * * /data/cron/ssl/letsencrypt.sh /data/cron/ssl/letsencrypt.conf >> /var/log/lets-encrypt.log 2>&1
证书生成后记得修改nginx.conf配置文件,并重新加载(service nginx reload)
红色部分为证书必须配置项目,请指定自己的实际证书地址server {
listen 443;
server_name test.com;
access_log /data/wwwlogs/test_nginx.log main;
index index.html index.htm index.php;
root /data/wwwroot/test.com;
ssl on;
ssl_certificate /data/cron/ssl/test.chained.crt;
ssl_certificate_key /data/cron/ssl/test.com.key;
location ~ \.php {
#fastcgi_pass remote_php_ip:9000;
fastcgi_pass unix:/dev/shm/php-cgi.sock;
fastcgi_index index.php;
include fastcgi_params;
set $real_script_name $fastcgi_script_name;
if ($fastcgi_script_name ~ "^(.+?\.php)(/.+)$") {
set $real_script_name $1;
#set $path_info $2;
}
fastcgi_param SCRIPT_FILENAME $document_root$real_script_name;
fastcgi_param SCRIPT_NAME $real_script_name;
#fastcgi_param PATH_INFO $path_info;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|ico)$ {
expires 30d;
access_log off;
}
location ~ .*\.(js|css)?$ {
expires 7d;
access_log off;
}
}
相关文章推荐
- 使用 Cerbot 部署 Let's Encrypt免费证书 简单 升级 http 到 https 申请单域名ssl证书
- 使用Let`s encrypt 免费的https 证书
- Django开发个人博客网站——32、启用Let's Encrypt免费的HTTPS证书
- 再次更新https证书之startssl与let's Encrypt
- let's encrypt免费证书 制作 HTTPS证书
- Let’s encrypt 计划为网站提供免费的基本 SSL 证书,以加速互联网从 HTTP 向 HTTPS 过渡。
- 怎么申请完全免费的Let's encrypt通配符https证书
- 免费HTTPS证书Let's Encrypt安装教程
- 利用SSL For Free工具3分钟获取Let's Encrypt免费SSL证书(https免费证书)
- 免费HTTPS证书不是梦!在Ubuntu(Linux)的VPS上使用Let's Encrypt为一堆域名申请并安装HTTPS证书
- 免费靠谱的 Let’s Encrypt 免费 https 证书申请全过程
- Let’s Encrypt免费证书加速互联网过渡https
- Let's Encrypt,免费好用的 HTTPS 证书
- 免费HTTPS证书Let's Encrypt安装教程的坑
- let's Encrypt永久免费证书SSL配置HTTPS
- centos7用Let's Encrypt 获取免费证书 实现https访问
- Let's Encrypt申请免费https证书并配置nginx
- 借助 Let’s Encrypt 免费 https 证书搭建 HTTPS 网站
- 申请免费的https证书-Let's Encrypt
- IE8 访问https安全证书错误;导航阻止 解决办法 《转》