cpanel使用第三方SSL(letsencrypt)非官方插件
细节看插件官方它好像是收费,我们只作测试请访问https://letsencrypt-for-cpanel.com/pricing 网站说明为试用72小时,你可以尝试72小时后是否还可以签发.
第三方SSL安装教程连接 https://letsencrypt-for-cpanel.com/docs/for-admins/installation/
1.增加安装源
wget https://cpanel.fleetssl.com/static/letsencrypt.repo -O /etc/yum.repos.d/letsencrypt.repo
2.更新安装软件
yum -y install letsencrypt-cpanel
3.安装后自检
le-cp self-test
下面为执行过程
[root@ireland ~]# yum -y install letsencrypt-cpanel Loaded plugins: fastestmirror, universal-hooks Loading mirror speeds from cached hostfile * EA4: 91.197.228.252 * cpanel-addons-production-feed: 91.197.228.252 * cpanel-plugins: 91.197.228.252 * base: ftp.tsukuba.wide.ad.jp * extras: ftp.tsukuba.wide.ad.jp * updates: ftp.tsukuba.wide.ad.jp EA4 | 2.9 kB 00:00:00 cpanel-addons-production-feed | 2.9 kB 00:00:00 cpanel-plugins | 2.9 kB 00:00:00 base | 3.6 kB 00:00:00 extras | 2.9 kB 00:00:00 letsencrypt-cpanel | 2.9 kB 00:00:00 mysql-connectors-community | 2.5 kB 00:00:00 mysql-tools-community | 2.5 kB 00:00:00 mysql57-community | 2.5 kB 00:00:00 updates | 2.9 kB 00:00:00 (1/2): letsencrypt-cpanel/primary_db | 5.7 kB 00:00:00 (2/2): cpanel-plugins/x86_64/primary_db | 30 kB 00:00:00 Resolving Dependencies –> Running transaction check —> Package letsencrypt-cpanel.x86_64 0:0.15.1-1 will be installed –> Finished Dependency Resolution Dependencies Resolved ============================================================================================================================================================================================================================================================= Package Arch Version Repository Size ============================================================================================================================================================================================================================================================= Installing: letsencrypt-cpanel x86_64 0.15.1-1 letsencrypt-cpanel 5.1 M Transaction Summary ============================================================================================================================================================================================================================================================= Install 1 Package Total download size: 5.1 M Installed size: 14 M Downloading packages: letsencrypt-cpanel-0.15.1-1.x86_64.rpm | 5.1 MB 00:00:00 Running transaction check Running transaction test Transaction test succeeded Running transaction *** By running this installer, you indicate that you have read the end-user licence agreement (https://cpanel.fleetssl.com/eula) and agree to all of its terms, as stated. *** Running installer as root OS version OK cPanel version OK No licence file detected at /etc/letsencrypt-cpanel.licence Fetching new trial licence … Licence file present Redirecting to /bin/systemctl stop letsencrypt-cpanel.service Failed to stop letsencrypt-cpanel.service: Unit letsencrypt-cpanel.service not loaded. FleetSSL cPanel service daemon stopped Installing : letsencrypt-cpanel-0.15.1-1.x86_64 1/1 This server has self-signed service certificates It is not safe to operate this plugin in this circumstance ‘insecure’ is being added to /etc/letsencrypt-cpanel.conf If you wish to generate a Let’s Encrypt cert for the server Please read the configuration documentation on our website, at https://cpanel.fleetssl.com/docs/service-certificates/ Config written to /etc/letsencrypt-cpanel.conf Uninstallation of existing service failed (it’s OK) Installed init scripts. Copied plugin files OK Installing cPanel paper_lantern plugin (may take a minute) … cPanel Plugin installer succeeded OK Installed chkservd scripts Added apache pre virtualhost global include Set cpanel tweak settings — Installation complete — The plugin should now be available in the cPanel feature manager Will rebuild conf and restart Apache to reload AutoSSL DCV URLs Rebuilding Apache conf and restarting now … Built /etc/apache2/conf/httpd.conf OK Verifying : letsencrypt-cpanel-0.15.1-1.x86_64 1/1 Installed: letsencrypt-cpanel.x86_64 0:0.15.1-1 Complete! [root@ireland ~]# le-cp self-test [SELF-TEST] Has valid licence ………… SUCCESS. [SELF-TEST] Can read config ………… SUCCESS. [SELF-TEST] Can connect to Let’s Encrypt ………… SUCCESS. [SELF-TEST] Can talk to WHM API ………… SUCCESS. [SELF-TEST] Can talk to plugin RPC ………… SUCCESS. [SELF-TEST] System tuning correctness ………… SUCCESS. [root@ireland ~]#
5.以下为使用方法 https://letsencrypt-for-cpanel.com/docs/for-admins/autossl/
1.关于自动签发( AutoSSL )
该插件可以提供“ AutoSSL”类型的功能。
默认情况下禁用。
如果启用,它将每隔12小时(在续订完成后进行处理):
- 查找符合以下条件的虚拟主机
- 没有有效的证书(未自签名且在接下来的48小时内没有过期)
- 收集所有通过DCV(域控制验证)检查的域,并通过插件为所有域添加证书
- DCV失败的域将被自动跳过
- 超出“加密”速率限制的证书(即每个证书超过100个名称)
- 反复失败的域最终将停止重试,但始终可以通过UI发出它们.
启用/禁用
启用(推荐)
[root@~]$ le-cp autossl enable
禁用
[root@~]$ le-cp autossl disable5.人工签发(如果发现证书过期,首先要删除证书
(Home »SSL/TLS »Manage SSL Hosts
6.然后到SSH使用命令签发:
le-cp ssl --user=用户名 issue abc.com www.abc.com成功例子:
[root@ireland ~]# le-cp ssl --user=drma**** issue drmartens*******.fi www.drmartens*******.fi
INFO[0011] 1 certificates were returned
INFO[0011] Domain: drmartens*******.fi
INFO[0011] Requested AltNames: [drmartens*******.fi www.drmartens*******.fi]
INFO[0011] Expiry: 2020-05-12 21:49:45 -0400 EDT
INFO[0011] URL: https://acme-v02.api.letsencrypt.org/acme/order/78038503/2315490342
INFO[0011] Cert ID: drmartens*******_fi_d2ae8_3e4c3_1589334585_c28571a4e7223c826fa6ba29749bb59a
INFO[0011] Key ID: d2ae8_3e4c3_73dbff3b435eb636c6faf1f391287465
INFO[0011] Actual DNS Names on Certificate: [drmartens*******.fi www.drmartens*******.fi]
