Certbot

Материал из BSD Howto
Перейти к навигации Перейти к поиску

Установка security/py-certbot

Certbot — это инструмент для автоматического получения и установки сертификатов X.509 для включения TLS на серверах. Клиент будет взаимодействовать с центром сертификации Let's Encrypt, который будет выдавать бесплатные сертификаты, доверенные браузеру.

Установка security/py-certbot-nginx

Это plug-in для Nginx.

Установка пакета (предварительная установка менеджера пакетов PKG не требуется, дополнительная информация о котором в статье PKG): 

# pkg install py311-certbot-nginx

Получение сертификата: 

# certbot certonly --standalone -d mydomain.ru

Получение сертификата для сайта на Nginx

Получение сертификата: 

# certbot --nginx -d site.mydomain.ru
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel): ***@mail.ru

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y
Account registered.
Requesting a certificate for site.mydomain.ru

Successfully received certificate.
Certificate is saved at: /usr/local/etc/letsencrypt/live/site.mydomain.ru/fullchain.pem
Key is saved at:         /usr/local/etc/letsencrypt/live/site.mydomain.ru/privkey.pem
This certificate expires on 2025-07-27.
These files will be updated when the certificate renews.

Deploying certificate
Successfully deployed certificate for mailadmin.bsdhowto.ru to /usr/local/etc/nginx/site.mydomain.ru.conf
Congratulations! You have successfully enabled HTTPS on https://site.mydomain.ru

NEXT STEPS:
- The certificate will need to be renewed before it expires. Certbot can automatically renew the certificate in the background, but you may need to take steps to enable that 
functionality. See https://certbot.org/renewal-setup for instructions.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Включение автоматического обновления сертификатов

# echo 'weekly_certbot_enable="YES"' >> /etc/periodic.conf
Источник — https://wiki.bsdhowto.ru/index.php?title=Certbot&oldid=257