certbot-auto nginx

nginx 

wget https://dl.eff.org/certbot-auto

./certbot-auto --nginx

./certbot-auto --nginx --no-redirect

Saving debug log to /var/log/letsencrypt/letsencrypt.log

The nginx plugin is not working; there may be problems with your existing configuration.

The error was: NoInstallationError("Could not find a usable 'nginx' binary. Ensure nginx exists, the binary is executable, and your PATH is set correctly.",)

 ln -s /home/nginx/conf  nginx

IMPORTANT NOTES:

 - Unable to install the certificate

 - Congratulations! Your certificate and chain have been saved at:

   /etc/letsencrypt/live/tv.inswave.net/fullchain.pem

   Your key file has been saved at:

   /etc/letsencrypt/live/tv.inswave.net/privkey.pem

   Your cert will expire on 2020-05-09. To obtain a new or tweaked

   version of this certificate in the future, simply run certbot-auto

   again with the "certonly" option. To non-interactively renew *all*

   of your certificates, run "certbot-auto renew"

echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && /home/certbot/certbot-auto renew" | sudo tee -a /etc/crontab > /dev/null

https://certbot.eff.org/lets-encrypt/centos6-nginx.html

/home/certbot/certbot-auto --apache -d demo300.mygoodnews.com --apache-server-root /home/apache2

apache  

cd /etc

 ln -s /home/apache2/conf httpd

  mkdir /etc/httpd/conf.d

 ln -s /home/apache2/modules /etc/httpd/modules

./certbot-auto certonly --manual --email [email protected]  -d iwav.co.kr

IMPORTANT NOTES:

 - The following errors were reported by the server:

   Domain: iwav.co.kr

   Type:   unauthorized

   Detail: Invalid response from

   http://iwav.co.kr/.well-known/acme-challenge/8OU45pxOiGs4-RE14--XSedQksG-PocruKemTSJFup8

   [121]: "<html>n<head>n<title>?숇뀈쨌?댁엫 以묒떖?쇰줈 遺€??媛쒗렪:援먯쑁?щ쭩

   news.eduhope.net</title>n<meta http-equiv="Content-T"

   To fix these errors, please make sure that your domain name was

   entered correctly and the DNS A/AAAA record(s) for that domain

   contain(s) the right IP address.

[root@s20171110 certbot]# ./certbot-auto certonly --manual --email [email protected] -d iwav.co.kr

Your system is not supported by certbot-auto anymore.

certbot-auto and its Certbot installation will no longer receive updates.

You will not receive any bug fixes including those fixing server compatibility

or security problems.

Please visit https://certbot.eff.org/ to check for other alternatives.

Saving debug log to /var/log/letsencrypt/letsenc

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

NOTE: The IP of this machine will be publicly logged as having requested this

certificate. If you're running certbot in manual mode on a machine that is not

your server, please ensure you're okay with that.

Are you OK with your IP being logged?

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

(Y)es/(N)o: Y

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Create a file containing just this data:

T9zsaENUqBgney_gubaKJDsw-vDBCjUvmgDX0zjFQ8.7H0dzp_qlYa5VKbV_iPCSgejwMsG_Lugt5LwxqXP4fM

And make it available on your web server at this URL:

http://iwav.co.kr/.well-known/acme-challenge/T9zsaEeNUqBgney_gubaKJDsw-vDBCjUvmgDX0zjFQ8

 =============================

서버에 .well-known/acme-challenge 이 디레토리를 만들고 

파일명  T9zsaEeNUqBgney_gubaKJDsw-vDBCjUvmgDX0zjFQ8

이것을 만든 다음 그 파일 안에 

T9zsaENUqBgney_gubaKJDsw-vDBCjUvmgDX0zjFQ8.7H0dzp_qlYa5VKbV_iPCSgejwMsG_Lugt5LwxqXP4fM

이 내용을 입력후  브라우져에서 접속해서 나오면 enter 을 입력 후 진행하면 된다 

수동 설정이기 때문에   설정 파일에 443 를 추가 해야 한다.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Press Enter to Continue

Waiting for verification...

Cleaning up challenges

IMPORTANT NOTES:

 - Congratulations! Your certificate and chain have been saved at:

   /etc/letsencrypt/live/news.eduhope.net/fullchain.pem

   Your key file has been saved at:

   /etc/letsencrypt/live/news.eduhope.net/privkey.pem

   Your cert will expire on 2021-05-17. To obtain a new or tweaked

   version of this certificate in the future, simply run certbot-auto

   again. To non-interactively renew *all* of your certificates, run

   "certbot-auto renew"

 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate

   Donating to EFF:                    https://eff.org/donate-le

====================================================

cent7 rpm install certbot

yum install -y epel-release

yum install -y certbot

certbot certonly -d aaa.com -w /home/1

certbot renew