\n\thttps:\/\/github.com\/interbrite\/letsencrypt-vesta GitHub\u9879\u76ee\u5730\u5740\u3002\n<\/p>\n
\n\t\n<\/p>\n
\n\t\tInstallation must be done as root. If your system doesn't support root logins, append sudo to each of the following commands, or open a root shell with sudo su -.\n\t<\/p>\n
\n\t\t\t\tClone both the Let's Encrypt client and this tool into \/usr\/local. This will create two new directories, \/usr\/local\/certbot and \/usr\/local\/letsencrypt-vesta.\n\t\t\t<\/p>\n
cd \/usr\/local\r\ngit clone https:\/\/github.com\/certbot\/certbot.git\r\ngit clone https:\/\/github.com\/interbrite\/letsencrypt-vesta.git<\/pre>\n<\/li>\n
\n\t\t\t\tCreate the \"webroot\" directory where Let's Encrypt will write the files needed for domain verification.\n\t\t\t<\/p>\n
mkdir -p \/etc\/letsencrypt\/webroot<\/pre>\n<\/li>\n
\n\t\t\t\tChoose to implement either the Apache configuration or Nginx configuration (both below) depending on your specific server configuration (the Apache configuration is recommended unless you're only running Nginx).\n\t\t\t<\/p>\n<\/li>\n
\n\t\t\t\tSymlink certbot-auto and letsencrypt-vesta in \/usr\/local\/bin for easier access. This allows them to be run without needing to know the full path to the programs.\n\t\t\t<\/p>\n
ln -s \/usr\/local\/certbot\/certbot-auto \/usr\/local\/bin\/certbot-auto\r\nln -s \/usr\/local\/letsencrypt-vesta\/letsencrypt-vesta \/usr\/local\/bin\/letsencrypt-vesta<\/pre>\n<\/li>\n
\n\t\t\t\tCreate your first certificate.\n\t\t\t<\/p>\n
letsencrypt-vesta USERNAME DOMAIN<\/pre>\n<\/li>\n<\/ol>\n\n\t\tThe first time you run certbot-auto (either via letsencrypt-vesta or separately) it will do some initial setup work that could take a few minutes. Subsequent runs should be faster, as this setup is only needed once per server.\n\t<\/p>\n
\n\t\t<\/a>Apache Configuration
\n\t<\/h3>\n\n\t\tThe Apache configuration is recommended for any server running Apache (with or without Nginx).\n\t<\/p>\n
\n
- \n
\n\t\t\t\tSymlink the Apache conf file in your Apache conf.d directory. This enables Apache to properly serve the validation files from the webroot directory above.\n\t\t\t<\/p>\n
Depending on OS:\r\nln -s \/usr\/local\/letsencrypt-vesta\/letsencrypt.conf \/etc\/httpd\/conf.d\/letsencrypt.conf\r\nln -s \/usr\/local\/letsencrypt-vesta\/letsencrypt.conf \/etc\/apache2\/conf.d\/letsencrypt.conf<\/pre>\n<\/li>\n- \n
\n\t\t\t\tRestart Apache to pick up the configuration change.\n\t\t\t<\/p>\n
Depending on OS:\r\nservice httpd restart\r\nservice apache2 restart<\/pre>\n<\/li>\n<\/ol>\n\n\t\t<\/a>Nginx Configuration
\n\t<\/h3>\n\n\t\tThe Nginx configuration is best suited to servers not<\/em> running Apache. On servers running both web servers, the Apache configuration is recommended.\n\t<\/p>\n
\n
- \n
\n\t\t\t\tAdd the following to any of the Nginx virtual host configuration templates you plan to use. Templates can be found in \/usr\/local\/vesta\/data\/templates\/web\/nginx and \/usr\/local\/vesta\/data\/templates\/web\/nginx\/php5-fpm. You should add this block along with the other \"location\" blocks in the file and before the \"location @fallback\" block, if one exists.\n\t\t\t<\/p>\n
location \/.well-known\/acme-challenge {\r\n default_type text\/plain;\r\n root \/etc\/letsencrypt\/webroot;\r\n}<\/pre>\n<\/li>\n- \n
\n\t\t\t\tReapply the modified template to each existing account with the following command. This will enable existing sites to use Let's Encrypt certificates.\n\t\t\t<\/p>\n
\/usr\/local\/vesta\/bin\/v-rebuild-web-domains USERNAME<\/pre>\n<\/li>\n- \n
\n\t\t\t\tRestart Nginx to pick up the configuration changes.\n\t\t\t<\/p>\n
service nginx restart<\/pre>\n<\/li>\n<\/ol>\n\n\t\t<\/a>Updating
\n\t<\/h2>\n\n\t\tTo ensure you are using the latest version of letsencrypt-vesta, run the following:\n\t<\/p>\n
cd \/usr\/local\/letsencrypt-vesta \r\ngit pull origin master<\/pre>\n\n\t\tAlso be sure you have replaced the original Let's Encrypt client with the new Certbot client if you've been running letsencrypt-vesta for a while. See the installation instructions above for details.\n\t<\/p>\n
\n\t\t<\/a>Automatic Renewals
\n\t<\/h2>\n\n\t\tletsencrypt-vesta now supports automatic renewals using at or cron. Be sure you have the latest version of letsencrypt-vesta installed, as older versions did not support this functionality.\n\t<\/p>\n
\n\t\t<\/a>at
\n\t<\/h3>\n\n\t\tat is the preferred autorenewal method as it requires no external setup to configure. However, it uses the Unix at scheduler, which is not running by default on all systems.\n\t<\/p>\n
\n\t\tAssuming that at is available, simply call letsencrypt-vesta with the -a option, followed by the number of days before the certificate should be renewed (60 is recommended):\n\t<\/p>\n
letsencrypt-vesta -a 60 USERNAME DOMAIN<\/pre>\n\n\t\tletsencrypt-vesta will go through it's normal certificate request and installation process and, when complete, will attempt to schedule the same command to run again in the specified number of days. Since all subsequent commands will also contain the -a flag, this will effectively schedule updates perpetually. If at is not available, or the at daemon is not running, letsencrypt-vesta will display a warning and will not reschedule the job, but the certificate initial will be installed.\n\t<\/p>\n
\n\t\tTo check if at is available, run the following commands:\n\t<\/p>\n
\n
- \n\t\t\twhich at atd atq atrm\n\t\t<\/li>\n
- \n\t\t\tservice atd status\n\t\t<\/li>\n<\/ul>\n
\n\t\tIf the first command returns nothing, at is most likely not installed. To install it, run one of the following commands:\n\t<\/p>\n
Depending on OS:\r\n sudo yum install at\r\n sudo apt-get install at<\/pre>\n\n\t\tOnce installed, or if the second command indicates that the service is installed but not running, run the following to start the at daemon:\n\t<\/p>\n
sudo service atd start<\/pre>\n\n\t\t<\/a>cron
\n\t<\/h3>\n\n\t\tCron is the most well-know job scheduling tool for Unix-type systems. It schedules jobs to occur automatically at set times on a recurring basis and is installed by default on most systems. Unlike at, however, cron requires an additional step to set up recurring certificate installations.\n\t<\/p>\n
\n\t\tIf you choose to use cron, you must first run the letsencrypt-vesta command on its own to complete the initial certificate request and installation. Then you must manually schedule the job to run again by adding it to the root user's crontab file.\n\t<\/p>\n
\n\t\tTo edit the crontab, type the following command:\n\t<\/p>\n
sudo crontab -e<\/pre>\n\n\t\tIf you aren't familiar with the format of a crontab file, the Wikipedia article on Cron<\/a> does a good job of describing it. As an example, this command will schedule the job to run at 2:08 am on the first day of each even numbered month (February, April, June, ...):\n\t<\/p>\n
8 2 1 *\/2 * \/usr\/local\/bin\/letsencrypt-vesta USERNAME DOMAIN<\/pre>\n\n\t\tBe sure not to use the -a option when using cron as it could cause the same certificates to be double-renewed.\n\t<\/p><\/p>\n","protected":false},"excerpt":{"rendered":"