Pulogalamu ya ProHoster > Blog > Ulamuliro > LetsEncrypt ikukonzekera kuchotsa ziphaso zake chifukwa cha cholakwika cha pulogalamu

LetsEncrypt ikukonzekera kuchotsa ziphaso zake chifukwa cha cholakwika cha pulogalamu

LetsEncrypt ikukonzekera kuchotsa ziphaso zake chifukwa cha cholakwika cha pulogalamu
LetsEncrypt, yomwe imapereka satifiketi yaulere ya SSL yachinsinsi, imakakamizika kuletsa satifiketi zina.

Vuto likugwirizana ndi cholakwika cha pulogalamu mu pulogalamu ya Boulder management yomwe imagwiritsidwa ntchito pomanga CA. Nthawi zambiri, kutsimikizika kwa DNS kwa mbiri ya CAA kumachitika nthawi imodzi ndikutsimikizira umwini wa domain, ndipo olembetsa ambiri amalandira satifiketi atangotsimikiziridwa, koma opanga mapulogalamu apanga izi kuti zotsatira za kutsimikizira zimaganiziridwa kuti zadutsa mkati mwa masiku 30 otsatira. . Nthawi zina, ndizotheka kuyang'ana zolemba kachiwiri chikalatacho chisanaperekedwe, makamaka CAA imayenera kutsimikiziridwanso mkati mwa maola 8 isanatulutsidwe, kotero kuti domain iliyonse yotsimikiziridwa nthawiyi isanakwane iyenera kutsimikiziridwanso.

Kodi cholakwika ndi chiyani? Ngati pempho la satifiketi lili ndi madera a N omwe amafunikira kutsimikizika kwa CAA mobwerezabwereza, Boulder amasankha imodzi mwazo ndikuzitsimikizira nthawi za N. Zotsatira zake, zinali zotheka kutulutsa satifiketi ngakhale pambuyo pake (mpaka masiku X + 30) mutakhazikitsa mbiri ya CAA yomwe imaletsa kuperekedwa kwa satifiketi ya LetsEncrypt.

Kuti atsimikizire ziphaso, kampaniyo yakonzekera chida chapaintanetizomwe zidzawonetsa lipoti latsatanetsatane.

Ogwiritsa ntchito apamwamba amatha kuchita zonse okha pogwiritsa ntchito malamulo awa:

# ΠΏΡ€ΠΎΠ²Π΅Ρ€ΠΊΠ° https
openssl s_client -connect example.com:443 -showcerts </dev/null 2>/dev/null | openssl x509 -text -noout | grep -A 1 Serial Number | tr -d :
# Π²Π°Ρ€ΠΈΠ°Π½Ρ‚ ΠΏΡ€ΠΎΠ²Π΅Ρ€ΠΊΠΈ ΠΎΡ‚ @simpleadmin 
echo | openssl s_client -connect example.com:443 |& openssl x509 -noout -serial
# ΠΏΡ€ΠΎΠ²Π΅Ρ€ΠΊΠ° ΠΏΠΎΡ‡Ρ‚ΠΎΠ²ΠΎΠ³ΠΎ сСрвСра, ΠΏΡ€ΠΎΡ‚ΠΎΠΊΠΎΠ» SMTP
openssl s_client -connect example.com:25 -starttls smtp -showcerts </dev/null 2>/dev/null | openssl x509 -text -noout | grep -A 1 Serial Number | tr -d :
# ΠΏΡ€ΠΎΠ²Π΅Ρ€ΠΊΠ° ΠΏΠΎΡ‡Ρ‚ΠΎΠ²ΠΎΠ³ΠΎ сСрвСра, ΠΏΡ€ΠΎΡ‚ΠΎΠΊΠΎΠ» SMTP
openssl s_client -connect example.com:587 -starttls smtp -showcerts </dev/null 2>/dev/null | openssl x509 -text -noout | grep -A 1 Serial Number | tr -d :
# ΠΏΡ€ΠΎΠ²Π΅Ρ€ΠΊΠ° ΠΏΠΎΡ‡Ρ‚ΠΎΠ²ΠΎΠ³ΠΎ сСрвСра, ΠΏΡ€ΠΎΡ‚ΠΎΠΊΠΎΠ» IMAP
openssl s_client -connect example.com:143 -starttls imap -showcerts </dev/null 2>/dev/null | openssl x509 -text -noout | grep -A 1 Serial Number | tr -d :
# ΠΏΡ€ΠΎΠ²Π΅Ρ€ΠΊΠ° ΠΏΠΎΡ‡Ρ‚ΠΎΠ²ΠΎΠ³ΠΎ сСрвСра, ΠΏΡ€ΠΎΡ‚ΠΎΠΊΠΎΠ» IMAP
openssl s_client -connect example.com:993 -showcerts </dev/null 2>/dev/null | openssl x509 -text -noout | grep -A 1 Serial Number | tr -d :
# Π² ΠΏΡ€ΠΈΠ½Ρ†ΠΈΠΏΠ΅ Π°Π½Π°Π»ΠΎΠ³ΠΈΡ‡Π½ΠΎ ΠΏΡ€ΠΎΠ²Π΅Ρ€ΡΡŽΡ‚ΡΡ ΠΈ Π΄Ρ€ΡƒΠ³ΠΈΠ΅ сСрвисы

Kenako muyenera kuyang'ana apa nambala yanu ya seriyo, ndipo ngati ili pamndandanda, tikulimbikitsidwa kukonzanso satifiketi (ma).

Kuti musinthe satifiketi, mutha kugwiritsa ntchito certbot:

certbot renew --force-renewal

Vutoli lidapezeka pa February 29, 2020; kuti athetse vutoli, kuperekedwa kwa ziphaso kudayimitsidwa kuchokera pa 3:10 UTC mpaka 5:22 UTC. Malinga ndi kafukufuku wamkati, cholakwikacho chidachitika pa Julayi 25, 2019; kampaniyo ipereka lipoti latsatanetsatane pambuyo pake.

UPD: ntchito yotsimikizira satifiketi yapaintaneti siyingagwire ntchito kuchokera ku ma adilesi aku Russia a IP.

Source: www.habr.com

Kuwonjezera ndemanga