Creating virtual environment...
Installing Python packages...
Installation succeeded.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): lkm@mygreencom.net
1. https://www.greencom.com.tw
# /usr/share/letsencrypt/letsencrypt-auto renew
# yum install gcc libffi-devel python-devel openssl-devel git
# yum install gcc libffi-dev python-dev git
# cd /usr/share
# git clone https://github.com/letsencrypt/letsencrypt letsencrypt
# cd /usr/share/letsencrypt
# ./letsencrypt-auto --apache -d greencom.com.tw -d www.greencom.com.tw
# service httpd restart
https://dmngaya.com/2015/10/25/installing-python-2-7-on-centos-6-7/
https://github.com/h2oai/h2o-2/wiki/installing-python-2.7-on-centos-6.3.-follow-this-sequence-exactly-for-centos-machine-only
https://github.com/h2oai/h2o-2/wiki/installing-python-2.7-on-centos-6.3.-follow-this-sequence-exactly-for-centos-machine-only
yum install -y centos-release-SCL
yum install -y python27
Okay for centos 6.4 also On apu.0xdata.loc, after this install was done
7.5.2.4. 吊銷已簽發的證書 使用ca中的 -revoke 命令:
# openssl ca -revoke client.pem -keyfile ca.key -cert ca.crt
證書被吊銷之後,還需要發佈新的CRL檔案:
# openssl ca -gencrl -out ca.crl -keyfile ca.key -cert ca.crt
http://netkiller.sourceforge.net/cryptography/openssl/email.html#idp46
SSLScan 可以從 http://sourceforge.net/projects/sslscan/ 下載
命令格式: sslscan [OPTIONs] HOST[:PORT]
常用選項說明:
# yum install git epel-release
# yum install gcc libffi-devel python-devel openssl-devel
# cd /root
# git clone https://github.com/letsencrypt/letsencrypt
# cd /root/letsencrypt
# ./letsencrypt-auto certonly -a standalone -d yourdomain.com -d www.yourdomain.com
right method
./letsencrypt-auto --apache -d greencom.com.tw -d www.greencom.com.tw
Let’s encrypt 會將憑證檔案放到 /etc/letsencrypt/live/.
# yum install mod_ssl
先安裝 git 及 EPEL repo:
# yum install git epel-release
安裝 Let’s encrypt 所需套件:
# yum install gcc libffi-devel python-devel openssl-devel
然後下載 Let’s encrypt:
# cd /root
# git clone https://github.com/letsencrypt/letsencrypt
這時系統會將 Let’s encrypt 的最新檔案下載到 /root/letsencrypt, 執行以下 script SSL certificate:
# cd /root/letsencrypt
# ./letsencrypt-auto certonly -a standalone -d yourdomain.com -d www.yourdomain.com
Let’s encrypt 會將憑證檔案放到 /etc/letsencrypt/live/.
接著可以配置 Apache, 先安裝 mod_ssl:
# yum install mod_ssl
yum install epel-release mod_ssl
yum install python-certbot-apache
certbot --apache -d example.com
certbot --apache -d example.com -d www.example.com
IMPORTANT! The first domain should be your base domain, in this sample it’s example.com
早先 TLS/SSL 安全性憑證一定是向憑證機構購買,這樣瀏覽器才會認得你是合法的憑證(這些瀏覽器在出廠時就已經設定好要相信哪些憑證機構),例如 alphacamp.co 是在NameCheap 這家代理商購買的。好消息是,為了推廣 HTTPS 安全連線,去年由許多大公司以及各大非營利團體共同贊助推出 Let’s Encrypt 這個服務,免費發佈 TLS/SSL 憑證。中文使用說明可以參考 https://letsencrypt.tw/,或是用 certbot 這個工具。