chchang/hugo_backup
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

update some content

Browse Source
This commit is contained in:
Eric Chang
2021-10-28 14:15:01 +08:00
parent b8600ab259
commit 27b5a11382
163 changed files with 951 additions and 922 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
public/post/ubuntu-letsencrypt-cloudflare-wildcard/index.html
View File

@@ -45,9 +45,9 @@
<link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.3.1/css/all.css" integrity="sha384-mzrmE5qonljUremFsqc01SB46JvROS7bZs3IO2EmfFsd15uHvIt+Y8vEf7N7fWAU" crossorigin="anonymous">
<link href="https://h.cowbay.org/css/style.css?v=1634607506" rel="stylesheet" id="theme-stylesheet" type='text/css' media='all'>
<link href="https://h.cowbay.org/css/style.css?v=1635401692" rel="stylesheet" id="theme-stylesheet" type='text/css' media='all'>
<link href="https://h.cowbay.org/css/custom.css?v=1634607506" rel="stylesheet" type='text/css' media='all'>
<link href="https://h.cowbay.org/css/custom.css?v=1635401692" rel="stylesheet" type='text/css' media='all'>
<link rel="shortcut icon" href="https://h.cowbay.org/img/favicon.ico" type="image/x-icon">
<link rel="icon" href="https://h.cowbay.org/img/favicon.ico" type="image/x-icon">
@@ -315,7 +315,7 @@ if (!doNotTrack) {
<p>如果要改成自動化,要多一些步驟</p>
<h3 id="安裝-certbot-及-cloudflare-外掛">安裝 certbot 及 Cloudflare 外掛</h3>
<p>首先,先來安裝會用到的套件</p>
<pre tabindex="0"><code>sudo apt install certbot letsencrypt python3-certbot-dns-cloudflare
<pre><code>sudo apt install certbot letsencrypt python3-certbot-dns-cloudflare
</code></pre><h3 id="設定-cloudflare-api">設定 cloudflare API</h3>
<p>這個步驟我測了好久網路上的說明似乎都過期了造成cloudflare API 那邊會發生錯誤</p>
<p>先登入 cloudflare 管理界面的API token 設定</p>
@@ -332,17 +332,17 @@ zone-DNS-edit</p>
<h3 id="編輯-cloudflare-設定檔">編輯 cloudflare 設定檔</h3>
<p>在 /etc底下新增一個 cloudflare.ini</p>
<p>內容如下</p>
<pre tabindex="0"><code>sudo vim /etc/cloudflare.ini
<pre><code>sudo vim /etc/cloudflare.ini
dns_cloudflare_email = #email@address.here
dns_cloudflare_api_key = #API token here
</code></pre><p>存檔後離開然後改一下權限不然等一下certbot 會跳警告</p>
<pre tabindex="0"><code>sudo chmod 0600 /etc/cloudflare.ini
<pre><code>sudo chmod 0600 /etc/cloudflare.ini
</code></pre><h3 id="執行certbot-取得憑證">執行certbot 取得憑證</h3>
<p>執行以下的指令</p>
<pre tabindex="0"><code>sudo certbot certonly --dns-cloudflare --dns-cloudflare-credentials /etc/cloudflare.ini --preferred-challenges=dns --email admin@abc.com --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d abc.com -d *.abc.com
<pre><code>sudo certbot certonly --dns-cloudflare --dns-cloudflare-credentials /etc/cloudflare.ini --preferred-challenges=dns --email admin@abc.com --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d abc.com -d *.abc.com
</code></pre><p>正常的話,會是這樣的結果</p>
<pre tabindex="0"><code>sudo certbot certonly --dns-cloudflare --dns-cloudflare-credentials /etc/cloudflare.ini --preferred-challenges=dns --email admin@abc.com --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d abc.com -d *.abc.com
<pre><code>sudo certbot certonly --dns-cloudflare --dns-cloudflare-credentials /etc/cloudflare.ini --preferred-challenges=dns --email admin@abc.com --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d abc.com -d *.abc.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator dns-cloudflare, Installer None
@@ -370,7 +370,7 @@ IMPORTANT NOTES:
</code></pre><p>這樣子就取得了全域通用的SSL 憑證檔案</p>
<p>如果看到底下這種錯誤</p>
<pre tabindex="0"><code>administrator@ubuntu:~$ sudo certbot certonly --dns-cloudflare --dns-cloudflare-credentials /etc/cloudflare.ini --preferred-challenges=dns --email admin@abc.com --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d abc.com -d *.abc.com
<pre><code>administrator@ubuntu:~$ sudo certbot certonly --dns-cloudflare --dns-cloudflare-credentials /etc/cloudflare.ini --preferred-challenges=dns --email admin@abc.com --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d abc.com -d *.abc.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator dns-cloudflare, Installer None
Obtaining a new certificate
@@ -382,7 +382,7 @@ Error determining zone_id: 6003 Invalid request headers. Please confirm that you
</code></pre><p>那就是cloudflare API 那邊的權限設定錯了,我就是在這邊卡很久&hellip;</p>
<p>請參照上面的步驟和圖片正確的設定</p>
<p>可以用 certbot certificates 來驗證看看</p>
<pre tabindex="0"><code>administrator@ubuntu:~$ sudo certbot certificates
<pre><code>administrator@ubuntu:~$ sudo certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
@@ -394,10 +394,10 @@ Found the following certs:
Private Key Path: /etc/letsencrypt/live/abc.com/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
</code></pre><p>之後就可以用</p>
<pre tabindex="0"><code>sudo certbot renew
<pre><code>sudo certbot renew
</code></pre><p>來更新憑證</p>
<p>寫到/etc/crontab 去排程每個月的1號自動更新</p>
<pre tabindex="0"><code>administrator@ubuntu:~$ echo &quot;* * 1 * * root /usr/bin/certbot renew&quot; |sudo tee -a /etc/crontab
<pre><code>administrator@ubuntu:~$ echo &quot;* * 1 * * root /usr/bin/certbot renew&quot; |sudo tee -a /etc/crontab
* * 1 * * root /usr/bin/certbot renew
administrator@ubuntu:~$
</code></pre><p>接下來就等三個月之後,檢查看看憑證是否有自動更新了!</p>
@@ -691,7 +691,7 @@ title="pinterest icon"></i>
</div>
<script src="https://h.cowbay.org/js/jquery.min.js"></script>
<script src="https://h.cowbay.org/js/jquerymigrate.js"></script>
<script src="https://h.cowbay.org/js/production.min.js?v=1634607506"></script>
<script src="https://h.cowbay.org/js/production.min.js?v=1635401692"></script>
</body>
</html>