在之前的文章中我们已经提到过SSL的功能和其重要性。特别是Google已经在它的Chrome Version 68中把HTTP链接全部标识为不安全,给自己的网站部署SSL可以说迫在眉睫。但是对于大部分用户,特别是个人用户,好像没有必要花钱买一个证书,毕竟一张证书的价格可能已经比Hosting的价格还要贵了。
openssl genrsa -out mydomain.key 2048 Generating RSA private key, 2048 bit long modulus ...............+++ ..............................................................+++ e is 65537 (0x010001)
openssl genrsa -out account.key 4096 Generating RSA private key, 2048 bit long modulus ...............+++ ..............................................................+++ e is 65537 (0x010001)
openssl req -new -key mydomain.key -out mydomain.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:AU State or Province Name (full name) [Some-State]:Victoria Locality Name (eg, city) []:Melbourne Organization Name (eg, company) [Internet Widgits Pty Ltd]:Aufomm Organizational Unit Name (eg, section) []: Common Name (e.g. server FQDN or YOUR name) []:www.aufomm.win Email Address []:
Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:
le64.exe --key account.key --csr mydomain.csr --csr-key mydomain.key --crt mydomain.crt --domains "www.aufomm.win" --generate-missing --handle-as dns --live --api 2 2018/08/23 18:35:38 [ ZeroSSL Crypt::LE client v0.31 started. ] 2018/08/23 18:35:38 Loading an account key from account.key 2018/08/23 18:35:38 Loading a CSR from mydomain.csr 2018/08/23 18:35:42 Registering the account key 2018/08/23 18:35:43 The key is already registered. ID: **** 2018/08/23 18:35:43 Make sure to check TOS at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf Challenge for 'www.aufomm.win' requires the following DNS record to be created: Host: _acme-challenge.www.aufomm.win, type: TXT, value: hsiAudq0p2Uq7nGHLsIT6D7pLCyLYNCWvnPKjpEpP-k Wait for DNS to update by checking it with the command: nslookup -q=TXT _acme-challenge.www.aufomm.win When you see a text record returned, press <Enter>
2018/08/23 18:41:07 Processing the 'dns' verification for 'www.aufomm.win' 2018/08/23 18:41:07 Domain verification results for 'www.aufomm.win': success. 2018/08/23 18:41:07 You can now delete '_acme-challenge.www.aufomm.win' DNS record 2018/08/23 18:41:07 Requesting domain certificate. 2018/08/23 18:41:09 Requesting issuer's certificate. 2018/08/23 18:41:09 Saving the full certificate chain to mydomain.crt. 2018/08/23 18:41:09 The job is done, enjoy your certificate! For feedback and bug reports contact us at [ https://ZeroSSL.com | https://Do-Know.com ]
