Letsencrypt SSL免費證書申請(Docker)

最近須要SSL證書,又不想花錢買,正好看到linux基金會去年末上線了新的開源項目,免費推廣SSL遂嘗試。python

 

Let's Encrypt 介紹

Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG).linux

We give people the digital certificates they need in order to enable HTTPS (SSL/TLS) for websites, for free, in the most user-friendly way we can. We do this because we want to create a more secure and privacy-respecting Web.git

The key principles behind Let’s Encrypt are:web

Free: Anyone who owns a domain name can use Let’s Encrypt to obtain a trusted certificate at zero cost.
Automatic: Software running on a web server can interact with Let’s Encrypt to painlessly obtain a certificate, securely configure it for use, and automatically take care of renewal.
Secure: Let’s Encrypt will serve as a platform for advancing TLS security best practices, both on the CA side and by helping site operators properly secure their servers.
Transparent: All certificates issued or revoked will be publicly recorded and available for anyone to inspect.
Open: The automatic issuance and renewal protocol will be published as an open standard that others can adopt.
Cooperative: Much like the underlying Internet protocols themselves, Let’s Encrypt is a joint effort to benefit the community, beyond the control of any one organization.
We have a page with more detailed information about how the Let’s Encrypt CA works.docker

 

如下內容來源於dockhub上的xataz/letsencrypt,有修改瀏覽器

 

1.編輯Dockerfile以下(部份內容來源於網絡:xazta)服務器

FROM alpine:3.5網絡

ENV CERTBOT_VER v0.11.1less

LABEL description="Letsencrypt based on alpine" \
tags="latest 0.11.1 0.1" \
maintainer="shawn.qian" \
build_ver="2017022401"dom

RUN BUILD_DEPS="py2-pip \
gcc \
musl-dev \
python2-dev \
libffi-dev \
openssl-dev" \
&& apk add -U ${BUILD_DEPS} \
tini \
dialog \
python \
libssl1.0 \
&& pip install --no-cache virtualenv \
&& virtualenv --no-site-packages -p python2 /usr/certbot/venv \
&& /usr/certbot/venv/bin/pip install --no-cache-dir certbot==$CERTBOT_VER \
&& pip uninstall --no-cache-dir -y virtualenv \
&& apk del ${BUILD_DEPS} \
&& rm -rf /var/cache/apk/* /root/.cache/pip

EXPOSE 80 443
VOLUME /etc/letsencrypt/

ENTRYPOINT ["/sbin/tini","--","/usr/certbot/venv/bin/certbot"]
CMD ["--help"]

保存文件,運行

docker build -t yourreposname/letsencrypt

安靜等待build完成

2. 執行

sudo docker run -it --rm \

-v /etc/letsencrypt:/etc/letsencrypt \

-p 443:443 yourreposname/letsencrypt certonly \

--standalone \

--agree-tos

\-m yourmailadd@mail.com

\-d your.domain.com

P.S

1.本案例使用443端口,請保持你的443端口暢通,成功後會在/etc/letsencrypt下生成live/your.domain.com文件夾,裏面就是你的證書文件了。

2. yourreposname/letsencrypt 其中"yourreposname"改爲你的倉庫名

cert.pem 申請的服務器證書文件

privkey.pem 服務器證書對應的私鑰

chain.pem 除服務器證書外,瀏覽器解析所需的其餘所有證書,好比根證書和中間證書

fullchain.pem 包含服務器證書的所有證書鏈文件

相關文章
相關標籤/搜索