CentOS5.11配置Let's Encrypt免费证书-白红宇

CentOS5.11配置Let's Encrypt免费证书

阅读量：6374 次

发布时间：2019-06-23

本文共 7074 字，大约阅读时间需要 23 分钟。

安装环境：

[root@WQ02 opt]# lsb_release -aLSB Version:	:core-4.0-amd64:core-4.0-ia32:core-4.0-noarch:graphics-4.0-amd64:graphics-4.0-ia32:graphics-4.0-noarch:printing-4.0-amd64:printing-4.0-ia32:printing-4.0-noarchDistributor ID:	CentOSDescription:	CentOS release 5.11 (Final)Release:	5.11Codename:	Final

1、下载certbot-auto：

wget https://dl.eff.org/certbot-autochmod   a+x   ./certbot-auto

2、升级Python到2.7版本。Centos5系统Python为2.4版本。certbot-auto需要依赖Python2.7+版本。

wget https://www.python.org/ftp/python/2.7.2/Python-2.7.2.tgztar xfz Python-2.7.2.tgz./configuremakemake install

安装后系统自动默认Python为新版本。

[root@WQ02 opt]# python -VPython 2.7.2

如果升级python后yum无法使用时可按照如下方法处理。

vim /usr/bin/yum将第一个行#!/usr/bin/python调整为原来python版本。如#!/usr/bin/python2.4

我本服务器的python升级到2.7.2后yum可正常使用。

3、安装pip

wget https://files.pythonhosted.org/packages/52/85/b160ebdaa84378df6bb0176d4eed9f57edca662446174eead7a9e2e566d6/pip-6.0.7.tar.gztar xfz pip-6.0.7.tar.gz./configuremakemake install

4、开始安装证书

[root@WQ02 opt]# ./certbot-auto certonly --webroot -w /www1/abc/ -d www.abc.org.cnBootstrapping dependencies for RedHat-based OSes... (you can skip this with --no-bootstrap)yum is /usr/bin/yumyum is hashed (/usr/bin/yum)Loaded plugins: fastestmirror, securityLoading mirror speeds from cached hostfile * epel: pubmirror2.math.uh.eduSetting up Install ProcessPackage gcc-4.1.2-55.el5.x86_64 already installed and latest versionPackage augeas-libs-1.2.0-1.el5.x86_64 already installed and latest versionPackage augeas-libs-1.2.0-1.el5.i386 already installed and latest versionPackage openssl-0.9.8e-40.el5_11.x86_64 already installed and latest versionPackage openssl-0.9.8e-40.el5_11.i686 already installed and latest versionPackage openssl-devel-0.9.8e-40.el5_11.x86_64 already installed and latest versionPackage openssl-devel-0.9.8e-40.el5_11.i386 already installed and latest versionPackage libffi-devel-3.0.5-1.el5.x86_64 already installed and latest versionPackage libffi-devel-3.0.5-1.el5.i386 already installed and latest versionPackage redhat-rpm-config-8.0.45-32.el5.centos.noarch already installed and latest versionNo package ca-certificates available.Package python-devel-2.4.3-56.el5.x86_64 already installed and latest versionPackage python-devel-2.4.3-56.el5.i386 already installed and latest versionPackage 1:python-virtualenv-1.7.2-2.el5.noarch already installed and latest versionPackage python-tools-2.4.3-56.el5.x86_64 already installed and latest versionNo package python-pip available.Package 1:mod_ssl-2.2.22-jason.1.x86_64 already installed and latest versionNothing to doWARNING: unable to check for updates.Creating virtual environment...Traceback (most recent call last):  File "/usr/lib/python2.4/site-packages/virtualenv.py", line 2441, in 
    
         main()  File "/usr/lib/python2.4/site-packages/virtualenv.py", line 954, in main    never_download=options.never_download)  File "/usr/lib/python2.4/site-packages/virtualenv.py", line 1064, in create_environment    search_dirs=search_dirs, never_download=never_download)  File "/usr/lib/python2.4/site-packages/virtualenv.py", line 598, in install_setuptools    search_dirs=search_dirs, never_download=never_download)  File "/usr/lib/python2.4/site-packages/virtualenv.py", line 570, in _install_req    cwd=cwd)  File "/usr/lib/python2.4/site-packages/virtualenv.py", line 1032, in call_subprocess    % (cmd_desc, proc.returncode))OSError: Command /opt/eff.org/certbot/venv/bin/python2.7 -c "#!python\"\"\"Bootstra...sys.argv[1:])" --always-copy -U setuptools failed with error code 1

问题排查：问题是出现在Creating virtual environment...。即创建python虚拟环境时出错的。问题找到了那么手动提前安装好虚拟环境是不是就能解决问题呢？

执行手动安装

[root@WQ02 opt]#  pip install virtualenvCollecting virtualenv  Could not find any downloads that satisfy the requirement virtualenv  No distributions at all found for virtualenv

还是失败，问题原因是没有找到对应的下载包。

尝试更改为国内的镜像站https://mirrors.tuna.tsinghua.edu.cn/help/pypi/。果然成功了。

[root@WQ02 opt]# pip install -i https://pypi.tuna.tsinghua.edu.cn/simple virtualenvCollecting virtualenv  Downloading https://pypi.tuna.tsinghua.edu.cn/packages/6a/d1/e0d142ce7b8a5c76adbfad01d853bca84c7c0240e35577498e20bc2ade7d/virtualenv-16.2.0-py2.py3-none-any.whl (1.9MB)    100% |################################| 1.9MB 147kB/s Collecting setuptools>=18.0.0 (from virtualenv)  Downloading https://pypi.tuna.tsinghua.edu.cn/packages/37/06/754589caf971b0d2d48f151c2586f62902d93dc908e2fd9b9b9f6aa3c9dd/setuptools-40.6.3-py2.py3-none-any.whl (573kB)    100% |################################| 573kB 252kB/s Installing collected packages: setuptools, virtualenv  Found existing installation: setuptools 12.0.3    Uninstalling setuptools-12.0.3:      Successfully uninstalled setuptools-12.0.3

将国内的镜像站设为默认。先升级pip到最新版本，然后配置config设置。

[root@WQ02 opt]# pip install -i https://pypi.tuna.tsinghua.edu.cn/simple virtualenv pip -U[root@WQ02 opt]# pip config set global.index-url https://pypi.tuna.tsinghua.edu.cn/simpleWriting to /root/.config/pip/pip.conf

5、一切OK，继续安装证书。

[root@WQ02 opt]# ./certbot-auto certonly --webroot -w /www1/abc/ -d www.abc.org.cnWARNING: unable to check for updates.Saving debug log to /var/log/letsencrypt/letsencrypt.logPlugins selected: Authenticator webroot, Installer NoneEnter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): abc@163.com- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Please read the Terms of Service athttps://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You mustagree in order to register with the ACME server athttps://acme-v02.api.letsencrypt.org/directory- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -(A)gree/(C)ancel: A- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Would you be willing to share your email address with the Electronic FrontierFoundation, a founding partner of the Let's Encrypt project and the non-profitorganization that develops Certbot? We'd like to send you email about our workencrypting the web, EFF news, campaigns, and ways to support digital freedom.- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -(Y)es/(N)o: YObtaining a new certificatePerforming the following challenges:http-01 challenge for www.dxaldqrmyy.org.cnUsing the webroot path /www1/abc for all unmatched domains.Waiting for verification...Cleaning up challengesIMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at:   /etc/letsencrypt/live/www.abc.org.cn/fullchain.pem   Your key file has been saved at:   /etc/letsencrypt/live/www.abc.org.cn/privkey.pem   Your cert will expire on 2019-04-21. To obtain a new or tweaked   version of this certificate in the future, simply run certbot-auto   again. To non-interactively renew *all* of your certificates, run   "certbot-auto renew" - If you like Certbot, please consider supporting our work by:   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate   Donating to EFF:                    https://eff.org/donate-le

后续配置方法参考：

1、

2、

3、

转载于:https://my.oschina.net/u/209161/blog/3003996

你可能感兴趣的文章

Logistic Regression的几个变种

查看>>

PopupMenu消失(Dismiss)抓住

查看>>

Determining if a point lies on the interior of a polygon

查看>>