我是靠谱客的博主 背后枕头,最近开发中收集的这篇文章主要介绍Letsencrypt SSL免费证书申请(Docker)Let's Encrypt 介绍,觉得挺不错的,现在分享给大家,希望可以做个参考。

概述

最近需要SSL证书,又不想花钱买,正好看到linux基金会去年底上线了新的开源项目,免费推广SSL遂尝试。

 

Let's Encrypt 介绍

Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG).

We give people the digital certificates they need in order to enable HTTPS (SSL/TLS) for websites, for free, in the most user-friendly way we can. We do this because we want to create a more secure and privacy-respecting Web.

The key principles behind Let’s Encrypt are:

Free: Anyone who owns a domain name can use Let’s Encrypt to obtain a trusted certificate at zero cost.
Automatic: Software running on a web server can interact with Let’s Encrypt to painlessly obtain a certificate, securely configure it for use, and automatically take care of renewal.
Secure: Let’s Encrypt will serve as a platform for advancing TLS security best practices, both on the CA side and by helping site operators properly secure their servers.
Transparent: All certificates issued or revoked will be publicly recorded and available for anyone to inspect.
Open: The automatic issuance and renewal protocol will be published as an open standard that others can adopt.
Cooperative: Much like the underlying Internet protocols themselves, Let’s Encrypt is a joint effort to benefit the community, beyond the control of any one organization.
We have a page with more detailed information about how the Let’s Encrypt CA works.

 

以下内容来源于dockhub上的xataz/letsencrypt,有修改

 

1.编辑Dockerfile如下(部分内容来源于网络:xazta)

FROM alpine:3.5

ENV CERTBOT_VER v0.11.1

LABEL description="Letsencrypt based on alpine"
tags="latest 0.11.1 0.1"
maintainer="shawn.qian"
build_ver="2017022401"

RUN BUILD_DEPS="py2-pip
gcc
musl-dev
python2-dev
libffi-dev
openssl-dev"
&& apk add -U ${BUILD_DEPS}
tini
dialog
python
libssl1.0
&& pip install --no-cache virtualenv
&& virtualenv --no-site-packages -p python2 /usr/certbot/venv
&& /usr/certbot/venv/bin/pip install --no-cache-dir certbot==$CERTBOT_VER
&& pip uninstall --no-cache-dir -y virtualenv
&& apk del ${BUILD_DEPS}
&& rm -rf /var/cache/apk/* /root/.cache/pip

EXPOSE 80 443
VOLUME /etc/letsencrypt/

ENTRYPOINT ["/sbin/tini","--","/usr/certbot/venv/bin/certbot"]
CMD ["--help"]

保存文件,运行

docker build -t yourreposname/letsencrypt

安静等待build完成

2. 执行

sudo docker run -it --rm

-v /etc/letsencrypt:/etc/letsencrypt

-p 443:443 yourreposname/letsencrypt certonly

--standalone

--agree-tos

-m yourmailadd@mail.com

-d your.domain.com

P.S

1.本案例使用443端口,请保持你的443端口畅通,成功后会在/etc/letsencrypt下生成live/your.domain.com文件夹,里面就是你的证书文件了。

2. yourreposname/letsencrypt 其中"yourreposname"改成你的仓库名

cert.pem 申请的服务器证书文件

privkey.pem 服务器证书对应的私钥

chain.pem 除服务器证书外,浏览器解析所需的其他全部证书,比如根证书和中间证书

fullchain.pem 包含服务器证书的全部证书链文件

转载于:https://www.cnblogs.com/shown1985/p/6474266.html

最后

以上就是背后枕头为你收集整理的Letsencrypt SSL免费证书申请(Docker)Let's Encrypt 介绍的全部内容,希望文章能够帮你解决Letsencrypt SSL免费证书申请(Docker)Let's Encrypt 介绍所遇到的程序开发问题。

如果觉得靠谱客网站的内容还不错,欢迎将靠谱客网站推荐给程序员好友。

本图文内容来源于网友提供,作为学习参考使用,或来自网络收集整理,版权属于原作者所有。
点赞(45)

评论列表共有 0 条评论

立即
投稿
返回
顶部