个人网站怎样生成免费SSL证书

郑重提示！为了不浪费您宝贵的5分钟，认为本文夹带私货的同行请移步。

本文以CentOS7.x系统为例进行说明，阅读本文之前请各位同行对Linux操作系统的一些主要发行版本进行初步了解。

本文仅供查阅，请勿转发。

准备工作

1. 个人注册并备案的域名一个

2. 安装certbot

   yum install epel-release -y
   yum install certbot -y
   

生成证书

3. 生成SSL证书(假设域名为xxx.com，现生成通配符域名证书和根域名证书)

   certbot certonly --manual --force-renewal \
   --server https://acme-v02.api.letsencrypt.org/directory \
   --preferred-challenges dns-01 -d "*.xxx.com,xxx.com"
   

4. 根据以上命令执行过程中的提示，进行相应的操作

   1. 输入邮箱
   2. 输入A(agree)
   3. 输入Y(yes)
   4. 输入Y(yes)
   5. 根据提示，添加生成通配符域名证书的TXT记录域名解析(用来验证您是域名的所有者)
   6. 根据提示，添加生成根域名证书的TXT记录域名解析(用来验证您是域名的所有者)
   7. 回车
   

5. 如果以上过程执行顺利，会得到类似如下提示

   IMPORTANT NOTES:
    - Congratulations! Your certificate and chain have been saved at:
      /etc/letsencrypt/live/xxx.com/fullchain.pem
      Your key file has been saved at:
      /etc/letsencrypt/live/xxx.com/privkey.pem
      Your cert will expire on 2xxx-xx-xx. To obtain a new or tweaked
      version of this certificate in the future, simply run certbot
      again. To non-interactively renew *all* of your certificates, run
      "certbot renew"
    - If you like Certbot, please consider supporting our work by:
      Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
      Donating to EFF:               https://eff.org/donate-le
   

6. 现在查看生成好的证书

   ll /etc/letsencrypt/live/xxx.com/
   

7. Web服务器配置SSL证书教程

   # Nginx配置SSL证书
   https://www.baidu.com/s?ie=utf-8&wd=Nginx%E9%85%8D%E7%BD%AESSL%E8%AF%81%E4%B9%A6
   # Apache配置SSL证书
   https://www.baidu.com/s?ie=utf-8&wd=Apache%E9%85%8D%E7%BD%AESSL%E8%AF%81%E4%B9%A6
   # Tomcat配置SSL证书
   https://www.baidu.com/s?ie=utf-8&wd=Tomcat%E9%85%8D%E7%BD%AESSL%E8%AF%81%E4%B9%A6