ProHoster > ื‘ืœื•ื’ > ืžื™ื ื”ืœ > LetsEncrypt ืžืชื›ื ื ืช ืœื‘ื˜ืœ ืืช ื”ืื™ืฉื•ืจื™ื ืฉืœื” ืขืงื‘ ื‘ืื’ ื‘ืชื•ื›ื ื”

LetsEncrypt ืžืชื›ื ื ืช ืœื‘ื˜ืœ ืืช ื”ืื™ืฉื•ืจื™ื ืฉืœื” ืขืงื‘ ื‘ืื’ ื‘ืชื•ื›ื ื”

LetsEncrypt ืžืชื›ื ื ืช ืœื‘ื˜ืœ ืืช ื”ืื™ืฉื•ืจื™ื ืฉืœื” ืขืงื‘ ื‘ืื’ ื‘ืชื•ื›ื ื”
LetsEncrypt, ื”ืžืฆื™ืขื” ืชืขื•ื“ื•ืช SSL ื‘ื—ื™ื ื ืœื”ืฆืคื ื”, ื ืืœืฆืช ืœื‘ื˜ืœ ื›ืžื” ืื™ืฉื•ืจื™ื.

ื”ื‘ืขื™ื” ืงืฉื•ืจื” ืœ ืฉื’ื™ืืช ืชื•ื›ื ื” ื‘ืชื•ื›ื ืช ื‘ืงืจืช ื‘ื•ืœื“ืจ ื”ืžืฉืžืฉืช ืœื‘ื ื™ื™ืช ื”-CA. ื‘ื“ืจืš ื›ืœืœ, ืื™ืžื•ืช ื”-DNS ืฉืœ ืจืฉื•ืžืช ื”-CAA ืžืชืจื—ืฉ ื‘ื•-ื–ืžื ื™ืช ืขื ืื™ืฉื•ืจ ื”ื‘ืขืœื•ืช ืขืœ ื”ื“ื•ืžื™ื™ืŸ, ื•ืจื•ื‘ ื”ืžื ื•ื™ื™ื ืžืงื‘ืœื™ื ืื™ืฉื•ืจ ืžื™ื“ ืœืื—ืจ ื”ืื™ืžื•ืช, ืืš ืžืคืชื—ื™ ื”ืชื•ื›ื ื” ืขืฉื• ื–ืืช ื›ืš ืฉืชื•ืฆืืช ื”ืื™ืžื•ืช ืชื™ื—ืฉื‘ ืฉืขื‘ืจื” ื‘ืชื•ืš 30 ื”ื™ืžื™ื ื”ื‘ืื™ื. . ื‘ืžืงืจื™ื ืžืกื•ื™ืžื™ื, ื ื™ืชืŸ ืœื‘ื“ื•ืง ืจืฉื•ืžื•ืช ืคืขื ืฉื ื™ื™ื” ืจื’ืข ืœืคื ื™ ื”ื ืคืงืช ื”ืชืขื•ื“ื”, ื‘ืคืจื˜ ื™ืฉ ืœืืžืช ืžื—ื“ืฉ ืืช ื”-CAA ืชื•ืš 8 ืฉืขื•ืช ืœืคื ื™ ื”ื”ื ืคืงื”, ื•ืœื›ืŸ ื™ืฉ ืœืืžืช ืžื—ื“ืฉ ื›ืœ ื“ื•ืžื™ื™ืŸ ืฉืื•ืžืช ืœืคื ื™ ืชืงื•ืคื” ื–ื•.

ืžื” ื”ื˜ืขื•ืช? ืื ื‘ืงืฉืช ืื™ืฉื•ืจ ืžื›ื™ืœื” N ื“ื•ืžื™ื™ื ื™ื ื”ื“ื•ืจืฉื™ื ืื™ืžื•ืช ื—ื•ื–ืจ ืฉืœ CAA, Boulder ื‘ื•ื—ืจ ืื—ื“ ืžื”ื ื•ืžืืžืช ืื•ืชื• N ืคืขืžื™ื. ื›ืชื•ืฆืื” ืžื›ืš, ื ื™ืชืŸ ื”ื™ื” ืœื”ื ืคื™ืง ืชืขื•ื“ื” ื’ื ืื ืงื‘ืขืชื ืžืื•ื—ืจ ื™ื•ืชืจ (ืขื“ X+30 ื™ืžื™ื) ืจืฉื•ืžืช CAA ื”ืื•ืกืจืช ื”ื ืคืงืช ืชืขื•ื“ืช LetsEncrypt.

ืœืื™ืžื•ืช ืื™ืฉื•ืจื™ื, ื”ื—ื‘ืจื” ื”ื›ื™ื ื” ื›ืœื™ ืžืงื•ื•ืŸืฉื™ืฆื™ื’ ื“ื•ื— ืžืคื•ืจื˜.

ืžืฉืชืžืฉื™ื ืžืชืงื“ืžื™ื ื™ื›ื•ืœื™ื ืœืขืฉื•ืช ื”ื›ืœ ื‘ืขืฆืžื ื‘ืืžืฆืขื•ืช ื”ืคืงื•ื“ื•ืช ื”ื‘ืื•ืช:

# ะฟั€ะพะฒะตั€ะบะฐ https
openssl s_client -connect example.com:443 -showcerts </dev/null 2>/dev/null | openssl x509 -text -noout | grep -A 1 Serial Number | tr -d :
# ะฒะฐั€ะธะฐะฝั‚ ะฟั€ะพะฒะตั€ะบะธ ะพั‚ @simpleadmin 
echo | openssl s_client -connect example.com:443 |& openssl x509 -noout -serial
# ะฟั€ะพะฒะตั€ะบะฐ ะฟะพั‡ั‚ะพะฒะพะณะพ ัะตั€ะฒะตั€ะฐ, ะฟั€ะพั‚ะพะบะพะป SMTP
openssl s_client -connect example.com:25 -starttls smtp -showcerts </dev/null 2>/dev/null | openssl x509 -text -noout | grep -A 1 Serial Number | tr -d :
# ะฟั€ะพะฒะตั€ะบะฐ ะฟะพั‡ั‚ะพะฒะพะณะพ ัะตั€ะฒะตั€ะฐ, ะฟั€ะพั‚ะพะบะพะป SMTP
openssl s_client -connect example.com:587 -starttls smtp -showcerts </dev/null 2>/dev/null | openssl x509 -text -noout | grep -A 1 Serial Number | tr -d :
# ะฟั€ะพะฒะตั€ะบะฐ ะฟะพั‡ั‚ะพะฒะพะณะพ ัะตั€ะฒะตั€ะฐ, ะฟั€ะพั‚ะพะบะพะป IMAP
openssl s_client -connect example.com:143 -starttls imap -showcerts </dev/null 2>/dev/null | openssl x509 -text -noout | grep -A 1 Serial Number | tr -d :
# ะฟั€ะพะฒะตั€ะบะฐ ะฟะพั‡ั‚ะพะฒะพะณะพ ัะตั€ะฒะตั€ะฐ, ะฟั€ะพั‚ะพะบะพะป IMAP
openssl s_client -connect example.com:993 -showcerts </dev/null 2>/dev/null | openssl x509 -text -noout | grep -A 1 Serial Number | tr -d :
# ะฒ ะฟั€ะธะฝั†ะธะฟะต ะฐะฝะฐะปะพะณะธั‡ะฝะพ ะฟั€ะพะฒะตั€ััŽั‚ัั ะธ ะดั€ัƒะณะธะต ัะตั€ะฒะธัั‹

ื”ื‘ื ืืชื” ืฆืจื™ืš ืœื”ืกืชื›ืœ ื›ืืŸ ื”ืžืกืคืจ ื”ืกื™ื“ื•ืจื™ ืฉืœืš, ื•ืื ื”ื•ื ื‘ืจืฉื™ืžื”, ืžื•ืžืœืฅ ืœื—ื“ืฉ ืืช ื”ืชืขื•ื“ื•ืช.

ื›ื“ื™ ืœืขื“ื›ืŸ ืื™ืฉื•ืจื™ื, ืืชื” ื™ื›ื•ืœ ืœื”ืฉืชืžืฉ ื‘-certbot:

certbot renew --force-renewal

ื”ื‘ืขื™ื” ื ืžืฆืื” ื‘-29 ื‘ืคื‘ืจื•ืืจ 2020; ื›ื“ื™ ืœืคืชื•ืจ ืืช ื”ื‘ืขื™ื”, ื”ื ืคืงืช ื”ืื™ืฉื•ืจื™ื ื”ื•ืฉืขืชื” ืž-3:10 UTC ืขื“ 5:22 UTC. ืœืคื™ ื”ื—ืงื™ืจื” ื”ืคื ื™ืžื™ืช, ื”ื˜ืขื•ืช ื ืคืœื” ื‘-25 ื‘ื™ื•ืœื™ 2019; ื”ื—ื‘ืจื” ืชืžืกื•ืจ ื“ื™ื•ื•ื— ืžืคื•ืจื˜ ื™ื•ืชืจ ื‘ื”ืžืฉืš.

UPD: ื™ื™ืชื›ืŸ ืฉืฉื™ืจื•ืช ืื™ืžื•ืช ื”ืื™ืฉื•ืจื™ื ื”ืžืงื•ื•ืŸ ืœื ื™ืคืขืœ ืžื›ืชื•ื‘ื•ืช IP ืจื•ืกื™ื•ืช.

ืžืงื•ืจ: www.habr.com

ื”ื•ืกืคืช ืชื’ื•ื‘ื”