Apache部署 Let’s Encrypt 证书 &&自动续期脚本

首先我们要安装git

apt-get update
apt-get -y install git

然后,检出Let's Encrypt的客户端源码

git clone https://github.com/letsencrypt/letsencrypt

这样,我们就成功的下载了Let's Encrypt的客户端
签发证书

cd letsencrypt

使用 Let's Encrypt的Apache插件生成证书即可

./letsencrypt-auto --apache -d example.com

如果只签一个域名,按照上面的命令就可以了
他会自动安装插件,然后你需要输入邮箱来用于证书的找回。同时还会要求你选择是否同时开启Http和https和是否开启强制https。

如果是多个域名,就用下面的命令生成

./letsencrypt-auto --apache -d example.com -d www.example.com
#!/bin/bash
#================================================================
# Let's Encrypt renewal script for Apache on Ubuntu/Debian
# @author Erika Heidi<erika@do.co>
# Usage: ./le-renew.sh [base-domain-name]
#================================================================
domain=$1
le_path='/opt/letsencrypt'
le_conf='/etc/letsencrypt'
exp_limit=30;
get_domain_list(){
certdomain=$1
config_file="$le_conf/renewal/$certdomain.conf"

if [ ! -f $config_file ] ; then
echo "[ERROR] The config file for the certificate $certdomain was not found."
exit 1;
fi
domains=$(grep --only-matching --perl-regex "( <=domains = ).*" "${config_file}")
last_char=$(echo "${domains}" | awk '{print substr($0,length,1)}')
if [ "${last_char}" = "," ]; then
domains=$(echo "${domains}" |awk '{print substr($0, 1, length-1)}')
fi
echo $domains;
}
if [ -z "$domain" ] ; then
echo "[ERROR] you must provide the domain name for the certificate renewal."
exit 1;
fi
cert_file="/etc/letsencrypt/live/$domain/fullchain.pem"
if [ ! -f $cert_file ]; then
echo "[ERROR] certificate file not found for domain $domain."
exit 1;
fi
exp=$(date -d "`openssl x509 -in $cert_file -text -noout|grep "Not After"|cut -c 25-`" +%s)
datenow=$(date -d "now" +%s)
days_exp=$(echo ( $exp - $datenow ) / 86400 |bc)
echo "Checking expiration date for $domain..."
if [ "$days_exp" -gt "$exp_limit" ] ; then
echo "The certificate is up to date, no need for renewal ($days_exp days left)."
exit 0;
else
echo "The certificate for $domain is about to expire soon. Starting renewal request..."
domain_list=$( get_domain_list $domain )
"$le_path"/letsencrypt-auto certonly --apache --renew-by-default --domains "${domain_list}"
echo "Restarting Apache..."
/usr/sbin/service apache2 reload
echo "Renewal process finished for domain $domain"
exit 0;
fi

将这个脚本加上可执行权限,再配置每个月或每两个月自动执行就可以保证你的证书不过期了!

以上内容完整摘录自:如何在 Apache 上部署 Let's Encrypt 证书 &&自动续期脚本


未经允许不得转载:阿藏博客 » Apache部署 Let’s Encrypt 证书 &&自动续期脚本