Lets-Encrypt
將我的 LetsEncrypt 證書從一台伺服器移動到另一台伺服器有哪些選擇?
我有一個通過 Digital Ocean 執行的 ubuntu 伺服器,它有一個通過 LetsEncrypt 獲得的 SSH 證書。
我正在嘗試切換到更便宜的服務,我需要將證書移動到我的新伺服器。我怎樣才能做到這一點?
看起來我可以撤銷目前 DO 伺服器上的證書。然後我可以在我的新伺服器上創建一個新伺服器而沒有任何問題嗎?
其中一些已經說過,但只是給出一個完整的答案。我已經開始在公共服務上使用一些 LE 證書。移動選項幾乎不受限制,更多地取決於您用於請求證書的項目。獲得證書後,您可以將密鑰和證書導出到文件中,以便移動到您喜歡的任何服務。您無需撤銷任何內容即可獲得新證書。由於 LE 證書的短壽命(3 個月)和免費成本,我發現它們被大多數人視為一次性的。
我已經使用 eBekker 項目的 ACMEsharp 建構了一個 powershell 腳本來自動獲取新證書。這就是我到目前為止所擁有的。它目前必須在 Web 伺服器上執行。
https://github.com/ebekker/ACMESharp
## This requires the ACMESharp module from EBekker #Import-Module AcmeSharp $dns = "www.example.com" $webRoot = "C:\inetpub\wwwroot" $idRef = "$($dns.Replace('.','-'))-$(Get-Date -Format "yyyy-MM-dd_HH-mm")" $certRef = "cert-$($dns.Replace('.','-'))-$(Get-Date -Format "yyyy-MM-dd")" Import-Module AcmeSharp Write-Host "Getting a new challenge" New-ACMEIdentifier -Dns $dns -Alias $idRef | Out-Null $challanges = Complete-ACMEChallenge -IdentifierRef $idRef -ChallengeType http-01 -Handler manual $httpChallenge = ($challanges.Challenges | Where-Object {$_.Type -like 'http-01'}).Challenge Write-Host "Creating challenge folder path" New-Item -ItemType Directory -Path "$webRoot\$($httpChallenge.FilePath)" | Out-Null $challengeFilePath = "$webRoot\$($httpChallenge.FilePath)\Default.htm" if (Test-Path -Path $challengeFilePath) { Remove-Item -Path $challengeFilePath -Force } Write-Host "Adding Challenge text to the reuqested path" Add-Content -Path $challengeFilePath -Value $httpChallenge.FileContent -Force | Out-Null Write-Host "Waitin 15 sec..." Start-Sleep -Seconds 15 Write-Host "Submitting Challenge" Submit-ACMEChallenge -IdentifierRef $idRef -ChallengeType http-01 -Force | Out-Null Write-Host "Waiting 15 sec..." Start-Sleep -Seconds 15 $id = Update-ACMEIdentifier -IdentifierRef $idRef if ($id.Status -eq "pending") { Write-Host "Challenge still pending, waiting 30 sec and retrying" Start-Sleep -Seconds 30 Update-ACMEIdentifier -IdentifierRef $idRef } if ($id.Status -ne "valid") { throw "Identifier could not be validated." } else { Write-Host "Challenge appears completed. Building cert" New-ACMECertificate -IdentifierRef $idRef -Alias $certRef -Generate | Out-Null Submit-ACMECertificate -CertificateRef $certRef | Out-Null Start-Sleep -Seconds 15 Update-ACMECertificate -CertificateRef $certRef Get-ACMECertificate -CertificateRef $certRef -ExportKeyPEM C:\SSL\$dns.key.pem -ExportCertificatePEM C:\SSL\$dns.crt.pem -ExportPkcs12 C:\SSL\$dns.pfx #Install Cert #Install-ACMECertificateToIIS -Certificate $certRef }