Ubuntu 下安裝 Lets Encrypt 免費SSL憑證

2023-02-22
以下是伺服器環境:
  • Ubuntu 22.04
  • Apache 2.4

1. 安裝snap
sudo snap install core; sudo snap refresh core

安裝完成會出現如下的訊息
core 16-2.58.2 from Canonical✓ installed
snap "core" has no updates available

2. 安裝certbot
sudo snap install --classic certbot

3. 設置cerbot cmd
sudo ln -s /snap/bin/certbot /usr/bin/certbot

4. 設置apache cerbot
sudo certbot --apache

然後按照問題去填寫就可以了

5. 啟動自動更新
sudo vim /etc/systemd/system/certbot.service

填寫以下設置
[Unit]
Description=Lets Encrypt renewal

[Service]
Type=oneshot
ExecStart=/usr/bin/certbot renew --quiet --agree-tos
ExecStartPost=/bin/systemctl reload apache2.service

再開啟下面檔案
sudo vim /etc/systemd/system/certbot.timer

寫入以下設置:
[Unit]
Description=Twice daily renewal of Let's Encrypts certificates

[Timer]
OnCalendar=0/12:00:00
RandomizedDelaySec=1h
Persistent=true

[Install]
WantedBy=timers.target

啟動服務
systemctl enable --now certbot.timer

檢查服務執行狀況
sudo systemctl status certbot.timer

如果沒問題會出現下方訊息
● certbot.timer - Twice daily renewal of Let's Encrypts certificates
     Loaded: loaded (/etc/systemd/system/certbot.timer; enabled; vendor preset: enabled)
     Active: active (waiting) since Wed 2023-02-22 08:12:45 CST; 35s ago
    Trigger: Wed 2023-02-22 12:51:33 CST; 4h 38min left
   Triggers: ● certbot.service

Feb 22 08:12:45 keenchief systemd[1]: Started Twice daily renewal of Let's Encrypt's certificates.

6. 測試更新
sudo certbot renew --dry-run


參考:
安裝certbot
https://certbot.eff.org/instructions?ws=apache&os=ubuntufocal&tab=standard

設置自動更新服務
https://gist.github.com/dbirks/0b659a149cab038ef696fd8a6274c48b

Contact

Github

Codepen

歡迎參觀我的賣場
© 2013 Copyright Digishot Web | Design Tools
Visitors【696619】
digishot webdesign studio