阿里云oss使用免费SSL
让你的OSS用上免费的SSL证书
目录
1. 使用docker安装使用certbot/certbot
$ docker pull certbot/certbot
Using default tag: latest
latest: Pulling from certbot/certbot
0152682790bb: Pull complete
0e211c4074bd: Pull complete
41f5e61fea87: Pull complete
5609eb454da3: Pull complete
962529ed6ab1: Pull complete
2884400044e9: Pull complete
2e4c5c903eaa: Pull complete
76e739785434: Pull complete
ab57d30b5044: Pull complete
1647bed8f58a: Pull complete
b56172e20e00: Pull complete
Digest: sha256:3ad1eb352f6b2ae3f359dce4b262f699cc178be0ab9d9f375210e8741404720e
Status: Downloaded newer image for certbot/certbot:latest
docker.io/certbot/certbot:latest2. 生成证书
$ docker run -it --rm --name certbot -v "/Users/xxx/Desktop/certbot/letsencrypt:/etc/letsencrypt" -v "/Users/xxx/Desktop/certbot/letsencryptlib:/var/lib/letsencrypt" certbot/certbot certonly --manual
Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel): mail@xxxx.com # 输入邮箱
Please read the Terms of Service at:
https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf
You must agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y # 输入Y
.....
(Y)es/(N)o: Y # 输入Y
Account registered.
# 输入域名
Please enter the domain name(s) you would like on your certificate (comma and/or space separated) (Enter 'c' to cancel): oss-tlt.xxxx.com
Requesting a certificate for oss-tlt.xxxx.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Create a file containing just this data:
# 验证文件内容
zYzWSZFSCNdUmBZ7j_dyIhXqc0H7AUFYC7bGo-yS3p0.FzSQorROFBeAr3DPUDI3IN9vpZEfvOoXY6jfTBJ05Ik
And make it available on your web server at this URL:
# oss验证文件路径
http://oss-tlt.xxxx.com/.well-known/acme-challenge/zYzWSZFSCNdUmBZ7j_dyIhXqc0H7AUFYC7bGo-yS3p0
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue # 在oss创建上面文件,然后enter继续
Successfully received certificate.
# 证书文件
Certificate is saved at: /etc/letsencrypt/live/oss-tlt.xxxx.com/fullchain.pem
# 私钥文件
Key is saved at: /etc/letsencrypt/live/oss-tlt.xxxx.com/privkey.pem
This certificate expires on 2025-05-24.
These files will be updated when the certificate renews.
NEXT STEPS:
- This certificate will not be renewed automatically. Autorenewal of --manual certificates requires the use of an authentication hook script (--manual-auth-hook) but one was not provided. To renew this certificate, repeat this same certbot command before the certificate's expiry date.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -3. 解释
3.1 映射本地目录
/Users/xxx/Desktop/certbot
3.2 在oss上创建文件
- 文件URL:http://oss-tlt.xxxx.com/.well-known/acme-challenge/zYzWSZFSCNdUmBZ7j_dyIhXqc0H7AUFYC7bGo-yS3p0
- 文件内容:zYzWSZFSCNdUmBZ7j_dyIhXqc0H7AUFYC7bGo-yS3p0.FzSQorROFBeAr3DPUDI3IN9vpZEfvOoXY6jfTBJ05Ik
3.3 生成证书
在确保验证文件可访问后,按enter继续,完成证书生成
3.4 证书和私钥文件
证书文件
- docker容器内路径/etc/letsencrypt/live/oss-tlt.xxxx.com/fullchain.pem
- 对应本地文件:/Users/xxx/Desktop/certbot/letsencrypt/live/oss-tlt.xxxx.com/fullchain.pem
私钥文件
- /Users/xxx/Desktop/certbot/letsencrypt/live/oss-tlt.xxxx.com/privkey.pem对
- 应本地文件:对应本地文件:/Users/xxx/Desktop/certbot/letsencrypt/live/oss-tlt.xxxx.com/privkey.pem
4. 阿里云配置oss的ssl证书
按照文档指引,将上一步生成的证书和私钥上传到oss配置并启用即可
文档链接如下:
https://help.aliyun.com/zh/oss/user-guide/host-ssl-certificates