免费获取SSL证书，自动续签提升网站安全与信任度

什么是SSL？

SSL（Secure Sockets Layer，安全套接层）是一种网络安全协议，用于在互联网应用程序和用户之间建立加密和身份验证的安全连接。SSL证书包含公钥和私钥，通过使用这些密钥对数据进行加密和解密，确保数据传输的安全性。

为什么需要SSL证书？

数据加密：SSL证书可以对传输的数据进行加密，防止数据在传输过程中被窃取或篡改。
身份验证：SSL证书可以验证网站的身份，确保用户访问的是合法的网站，防止钓鱼网站和中间人攻击。
提升信任度：拥有SSL证书的网站在浏览器中会显示安全锁标志，提升用户对网站的信任度。

如何免费申请SSL证书？

1. Let’s Encrypt

Let’s Encrypt是目前最流行的免费SSL证书颁发机构，由互联网安全研究小组（ISRG）维护。

申请步骤：

安装Certbot：Certbot是Let’s Encrypt的官方客户端，用于自动化获取、部署和续订SSL证书。
- Ubuntu/Debian：
 
 sudo apt-get update sudo apt-get install certbot
 
 1
 2
 3
 4
 5
 
 sudo apt-get update
 
 sudo apt-get install certbot
- CentOS/RHEL：
 
 sudo yum install epel-release sudo yum install certbot
 
 1
 2
 3
 4
 5
 
 sudo yum install epel-release
 
 sudo yum install certbot

获取SSL证书：

使用HTTP-01验证：

sudo certbot certonly <span class="token operator">--</span>standalone <span class="token operator">-</span>d yourdomain<span class="token operator">.</span>com <span class="token operator">-</span>d www<span class="token operator">.</span>yourdomain<span class="token operator">.</span>com

sudo certbot certonly --standalone -d yourdomain.com -d www.yourdomain.com

使用DNS-01验证（适用于域名提供商支持DNS API的情况）：

sudo certbot certonly <span class="token operator">--</span>dns<span class="token operator">-</span>cloudflare <span class="token operator">-</span>d yourdomain<span class="token operator">.</span>com <span class="token operator">-</span>d www<span class="token operator">.</span>yourdomain<span class="token operator">.</span>com

sudo certbot certonly --dns-cloudflare -d yourdomain.com -d www.yourdomain.com

配置Web服务器：

Nginx：

server <span class="token punctuation">{</span>
listen <span class="token number">443</span> ssl<span class="token punctuation">;</span>
server_name yourdomain<span class="token operator">.</span>com www<span class="token operator">.</span>yourdomain<span class="token operator">.</span>com<span class="token punctuation">;</span>
ssl_certificate <span class="token operator">/</span>etc<span class="token operator">/</span>letsencrypt<span class="token operator">/</span>live<span class="token operator">/</span>yourdomain<span class="token operator">.</span>com<span class="token operator">/</span>fullchain<span class="token operator">.</span>pem<span class="token punctuation">;</span>
ssl_certificate_key <span class="token operator">/</span>etc<span class="token operator">/</span>lets加密<span class="token operator">/</span>live<span class="token operator">/</span>yourdomain<span class="token operator">.</span>com<span class="token operator">/</span>privkey<span class="token operator">.</span>pem<span class="token punctuation">;</span>
location <span class="token operator">/</span> <span class="token punctuation">{</span>
proxy_pass http<span class="token punctuation">:</span><span class="token comment">//localhost:8080;</span>
proxy_set_header <span class="token class-name type-declaration">Host</span> <span class="token variable">$host</span><span class="token punctuation">;</span>
proxy_set_header <span class="token constant">X</span><span class="token operator">-</span>Real<span class="token operator">-</span><span class="token class-name type-declaration">IP</span> <span class="token variable">$remote_addr</span><span class="token punctuation">;</span>
proxy_set_header <span class="token constant">X</span><span class="token operator">-</span>Forwarded<span class="token operator">-</span><span class="token keyword">For</span> <span class="token variable">$proxy_add_x_forwarded_for</span><span class="token punctuation">;</span>
proxy_set_header <span class="token constant">X</span><span class="token operator">-</span>Forwarded<span class="token operator">-</span><span class="token class-name type-declaration">Proto</span> <span class="token variable">$scheme</span><span class="token punctuation">;</span>
<span class="token punctuation">}</span>
<span class="token punctuation">}</span>

server {

listen 443 ssl;

server_name yourdomain.com www.yourdomain.com;

ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;

ssl_certificate_key /etc/lets加密/live/yourdomain.com/privkey.pem;

location / {

proxy_pass http://localhost:8080;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Proto $scheme;

}

Apache：

<span class="token operator">&lt;</span>VirtualHost <span class="token operator">*</span><span class="token punctuation">:</span><span class="token number">443</span><span class="token operator">&gt;</span>
ServerName yourdomain<span class="token operator">.</span>com
ServerAlias www<span class="token operator">.</span>yourdomain<span class="token operator">.</span>com
SSLEngine on
SSLCertificateFile <span class="token operator">/</span>etc<span class="token operator">/</span>letsencrypt<span class="token operator">/</span>live<span class="token operator">/</span>yourdomain<span class="token operator">.</span>com<span class="token operator">/</span>fullchain<span class="token operator">.</span>pem
SSLCertificateKeyFile <span class="token operator">/</span>etc<span class="token operator">/</span>letsencrypt<span class="token operator">/</span>live<span class="token operator">/</span>yourdomain<span class="token operator">.</span>com<span class="token operator">/</span>privkey<span class="token operator">.</span>pem
ProxyPass <span class="token operator">/</span> http<span class="token punctuation">:</span><span class="token comment">//localhost:8080/</span>
ProxyPassReverse <span class="token operator">/</span> http<span class="token punctuation">:</span><span class="token comment">//localhost:8080/</span>
<span class="token operator">&lt;</span><span class="token operator">/</span>VirtualHost<span class="token operator">&gt;</span>

ServerName yourdomain.com

ServerAlias www.yourdomain.com

SSLEngine on

SSLCertificateFile /etc/letsencrypt/live/yourdomain.com/fullchain.pem

SSLCertificateKeyFile /etc/letsencrypt/live/yourdomain.com/privkey.pem

ProxyPass / http://localhost:8080/

ProxyPassReverse / http://localhost:8080/

</VirtualHost>

自动续订：

Certbot会自动创建定时任务，每90天自动续订SSL证书。

sudo crontab <span class="token operator">-</span>e

sudo crontab -e

添加以下内容：

<span class="token number">0</span> <span class="token number">0</span><span class="token punctuation">,</span><span class="token number">12</span> <span class="token operator">*</span> <span class="token operator">*</span> <span class="token operator">*</span> <span class="token operator">/</span>usr<span class="token operator">/</span>bin<span class="token operator">/</span>certbot renew <span class="token operator">--</span>quiet

0 0,12 * * * /usr/bin/certbot renew --quiet

2. Cloudflare

Cloudflare是一家提供内容分发网络（CDN）服务的公司，也提供免费的SSL证书。

申请步骤：

注册Cloudflare账号：访问Cloudflare官网，注册并登录账号。
添加站点：点击“Add Site”，输入你的域名，按照提示完成添加站点的过程。
选择SSL模式：在Cloudflare的DNS设置页面，选择“Full (strict)”或“Full”模式。
更新DNS记录：根据Cloudflare的提示，更新你的域名DNS记录，指向Cloudflare的DNS服务器。
等待生效：等待几分钟到几小时，直到Cloudflare检测到DNS记录更新并启用SSL证书。

总结

通过以上两种方法，你可以轻松免费申请到SSL证书，提升网站的安全性和用户信任度。无论是使用Let’s Encrypt还是Cloudflare，都能获得可靠的SSL证书服务。

相关阅读：

免费获取SSL证书，自动续签提升网站安全与信任度

什么是SSL？

为什么需要SSL证书？

如何免费申请SSL证书？

1. Let’s Encrypt

申请步骤：

2. Cloudflare

申请步骤：

总结

Zoom Earth 全球气象卫星聚合平台

小红书图文卡片生成器-将文本转换为小红书卡片

延伸阅读: