This is the 31st day of my participation in the August Text Challenge.More articles in August
preface
In the LIST of SSL certificates shown in the figure, the last one will expire in four or five days. This time, the process of replacing the SSL certificate after the SSL certificate expires is recorded to ensure that the application will not be affected. Record the entire process so that your SSL certificate can be replaced when it expires.
Quick start
It can be seen from the picture that the SSL certificate of the domain name weixin.*****. Com is about to expire, and this time will start based on this domain name.
The certificate application
Click the certificate request button as shown below.
Enter the domain name
Clicking on the certificate application will bring up the following input box. Bind the domain name to be applied for. Enter your contact information, which automatically brings up your contact and location if you have applied, and click Next.
Authentication information
After clicking the verification information, the basic information of the domain name will be automatically brought out. Since my domain name and server are in Aliyun, I can directly click the verification.
Submit audit
As shown in the figure below, after clicking Verify, “Domain name verification succeeded. Delete the domain name verification record after the certificate is issued. Otherwise, the certificate will fail to be issued because there is no resolution record.” The verification succeeds. Click the Submit Review button next.
Submission for review successful
Click “Submit for review”. After successful submission, the application will pop up. It is expected that the application will be successful in a few minutes
Application is successful
Check the list a few minutes later and you’ll find that the application was successful. If the STATUS of the SSL certificate changes to Issued, the SSL certificate is successfully applied for. The next step is installation.
Install the certificate
The certificate application has been completed. The following steps will be used to install the certificate, which is quite complicated for a novice. Last time, WE explained how to deploy SSL certificates based on pagoda. this time, because we use the second level domain name and do not deploy the website in pagoda. therefore, we will introduce how to update SSL certificates based on configuration files.
To install SSL certificates based on pagodas, please refer to: Developers, how can there be no personal blog! The site is deployed with SSL certificates based on pagodas
Logging In to the Server
Log in to the server and find the configuration file for the SSL certificate you installed last time. The path for saving the configuration file in each system may be different. You need to query the configuration file based on the actual path. Due to the time is relatively long, the last installation has been nearly a year, so I looked for a few minutes. This time the path will be recorded.
The SSL certificate configuration path is:
/www/server/panel/vhost/apache
Copy the codeThe configuration file
Note the following four points when configuring an SSL certificate in the configuration file.
- SSLHonorCipherOrder: on
- SSLCertificateFile: specifies the path of the SSL certificate file
- SSLCertificateKeyFile: specifies the directory for storing the Key file of the SSL certificate
- SSLCertificateChainFile: path to the Chain file of the SSL certificate
SSLHonorCipherOrder on
SSLCertificateFile /etc/letsencrypt/live/weixin.*****.com/4437482_weixin.*****_public.crt
SSLCertificateKeyFile /etc/letsencrypt/live/weixin.*****.com/4437482_weixin.*****.key
SSLCertificateChainFile /etc/letsencrypt/live/weixin.*****.com/4437482_weixin.*****_chain.crt
Copy the codeDownload the certificate
In the SSL certificate list, click the Download button, select the relevant server type and click Download.
Upload a certificate to the server
Upload the certificate to the server /etc/letsencrypt/live/. This is the path used by the author. You can upload the certificate to your server according to the file configured by your server. As shown in the following figure, the certificate file has been uploaded to the specified location, which also contains information about the SSL certificate file that was about to expire last time.
Deployment is complete
Since the SSL certificate has already been deployed, you only need to replace the new certificate term this time. This time, replace the certificate with a new one and restart it.
conclusion
Once the SSL certificate expires, the process of replacing the SSL certificate is complete. This article recorded the installation of the whole process, the installation of their next installation and partners also have certain help. Share experience, happy you and me!
For more personal websites and personal blog series, check out the column: Building a Personal Technology Blog from Scratch
If you have a personal technical website or blog, you can also exchange and learn together, add a friendship link. About the author: [Little Ajie] a love tinkering with the program ape, JAVA developers and enthusiasts. Public number [Java full stack architect] maintainer, welcome to pay attention to reading communication.
Well, thank you for reading, I hope you like it, if it is helpful to you, welcome to like collection. If there are shortcomings, welcome comments and corrections. See you next time.