get freessl by certbot

unimof 2021年07月07日 161次浏览

environment:centos7 + nginx

1. SSH into the server

2. Install snapd

sudo yum install epel-release
sudo yum install snapd
sudo systemctl enable --now snapd.socket
sudo ln -s /var/lib/snapd/snap /snap

Reference:

https://snapcraft.io/docs/installing-snapd

3. Ensure that your version of snapd is up to date

sudo snap install core
sudo snap refresh core

4. Remove certbot-auto and any Certbot OS packages

sudo yum remove certbot

5. Install Certbot

sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot

6. Get a certificates

  • Nginx

If your server is Nginx, Run this command to get a certificate and have Certbot edit your Nginx configuration automatically to serve it, turning on HTTPS access in a single step.

sudo certbot --nginx
  • Just get a certificate

If you're feeling more conservative and would like to make the changes to your Nginx configuration by hand, run this command.

sudo certbot certonly --nginx

7. Renew automatic

The Certbot packages on your system come with a cron job or systemd timer that will renew your certificates automatically before they expire. You will not need to run Certbot again, unless you change your configuration.

You can test automatic renewal for your certificates by running this command:

sudo certbot renew --dry-run

If that command completes without errors, your certificates will renew automatically in the background.

Question

  1. Error: too early for operation, device not yet seeded or device model not acknowledged