Jang go Beakanya SSL Certificate ka Let's Encrypt

SSL certificates di sireletsa data fa gare ga server ya gago le di-browser tsa baeng, go netefatsa dikgolagano tse di sireletsegileng. Let's Encrypt e fana ka SSL certificates tsa mahala tse di tshepiwang ke di-browser tsotlhe tse dikgolo. Kaelo e e go bontsha gore o ka beakanya jang SSL mo Hiddence server ya gago.

Di-prerequisite

• Domain name e e supang kwa IP ya server ya gago
• Nginx kgotsa Apache web server e tsentswe
• Ports 80 le 443 di bulegile mo firewall
• Phithelelo ya Root kgotsa sudo mo server

Go Tsenya Certbot

# Ya Ubuntu/Debian
sudo apt update
sudo apt install certbot python3-certbot-nginx -y

# Ya CentOS/RHEL
sudo yum install epel-release -y
sudo yum install certbot python3-certbot-nginx -y

Go Bona Certificate sa Nginx

Certbot e ka beakanya Nginx ka tsela ya otomatiki. Tsamaisa:

sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com
# Latela ditaelo go wetsa peakanyo

Go Bona Certificate sa Apache

Ya Apache, dirisa:

sudo certbot --apache -d yourdomain.com -d www.yourdomain.com
# Latela ditaelo go wetsa peakanyo

Puseletso ya Certificate ka Seatla

Let's Encrypt certificates di fela morago ga malatsi a le 90. Testa puseletso:

sudo certbot renew --dry-run

Go Beakanya Puseletso ya Otomatiki

Certbot e tlhama cron job ka tsela ya otomatiki. Netefatsa gore e teng:

sudo systemctl status certbot.timer
# Kgotsa tlhola crontab
sudo crontab -l | grep certbot

Dikeletso tse di Mosola

• Certificates di ipuseletsa ka tsela ya otomatiki malatsi a le 30 pele di fela
• Testa tirego ya puseletso: sudo certbot renew --dry-run
• Dirisa wildcard certificates tsa di-subdomain: certbot certonly --dns-cloudflare
• Tlhola go fela ga certificate: sudo certbot certificates
• Pateletsa puseletso fa go tlhokega: sudo certbot renew --force-renewal