CA证书和Ingress (5) Amazon Linux Certbot

Submitted by Lizhe on Tue, 04/23/2019 - 10:36

 

理论上来说, Amazon Linux 使用的是 Redhat 系的源码 + 自己的一些库 编译的, 也就是说应该和 Redhat/Centos 兼容,

但是实际上你无法直接在 Amazon Linux上直接使用 Certbot

 

[ec2-user@ip-10-1-0-60 ~]$ sudo /usr/local/bin/certbot-auto certonly

Sorry, I don't know how to bootstrap Certbot on your operating system!

 

You will need to install OS dependencies, configure virtualenv, and run pip install manually.

Please see https://letsencrypt.readthedocs.org/en/latest/contributing.html#prerequisites

for more info.

[ec2-user@ip-10-1-0-60 ~]$ 

 

添加config

 

[ec2-user@ip-10-1-0-60 ~]$ sudo mkdir /etc/letsencrypt

[ec2-user@ip-10-1-0-60 ~]$ sudo touch /etc/letsencrypt/config.ini

[ec2-user@ip-10-1-0-60 ~]$ sudo chmod 777 /etc/letsencrypt/config.ini

[ec2-user@ip-10-1-0-60 ~]$ sudo echo "rsa-key-size = 4096" >> /etc/letsencrypt/config.ini

[ec2-user@ip-10-1-0-60 ~]$ sudo echo "email = marshal_li_b@163.com" >> /etc/letsencrypt/config.ini

[ec2-user@ip-10-1-0-60 ~]$ 

 

 

 

 

cd /tmp

wget -O epel.rpm –nv \ https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

sudo yum install -y ./epel.rpm

 

 

sudo yum install python2-certbot-apache.noarch 

 

修改域名解析记录, 保证域名和ip绑定正确

20190423110304 

这里最好等待域名解析生效再继续下面的步骤

20190423110451

 

sudo yum update -y

sudo amazon-linux-extras install -y lamp-mariadb10.2-php7.2 php7.2

sudo yum install -y httpd mariadb-server

sudo systemctl start httpd

确认apache server 已经启动并且可以访问 ( 注意安全组配置 )

20190423111150

然后调用

 

sudo certbot -i apache -a manual --preferred-challenges dns -d www.bestofgit.com

不要一路回车或者Yes, 注意看提示, 下面这一步需要添加 dns记录

20190423111838 将上面的 随机key 添加到你的域名解析记录 , 注意类型是 TXT

20190423111830

添加之后等待 dns 解析生效然后按回车继续

20190423111933

访问URL可以看到证书已经生效了

20190423111957