添加网站https的证书

准备工作

首先有一个linux虚拟机

1
2
3
4
5
$ apt-get install letsencrypt
$ apt-get install python-pip
$ pip install --upgrade pip
$ pip install certbot
$ certbot certonly --manual --preferred-challenges dns --email foo@bar.com --domains test001.bar.com

执行成功后

1
2
3
Please deploy a DNS TXT record under the name
_acme-challenge.erpnext.xyz with the following value:
J50GNXkhGmKCfn-0LQJcknVGtPEAQ_U_WajcLXgqWqo

产生key-value对,添加dns中(Create TXT record via DNS console and setup key and value):
Record Name: acme-challenge.erpnext.xyz
Record Value: J50GNXkhGmKCfn-0LQJcknVGtPEAQ_U_WajcLXgqWqo

点击继续,出现下面的提示,导出证书成功:

1
2
3
4
5
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/nova.moe/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/nova.moe/privkey.pem

创建google Cloud load balancing 谷歌云负载平衡

  • 添加google Cloud load balancing https负载,
  • 后端服务器连接到网页存储的cloud storage中。
  • 前端配置https,导入证书。
  • 如果希望https和hhtp都可用,可以让此ip分别监听80和443两个端口,同时早域名商中,添加域名到ip的链接。

参考资料

使用 Google Cloud Platform 的 Storage 托管静态站点并通过 Google CDN 加速
Generate Wildcard SSL certificate using Let’s Encrypt/Certbot
Letsencrypt how to use preferred-challenges
cloud google load balancing
How to Setup a SSL for Google Cloud Storage hosted Site?
Google Cloud Load Balancer redirect HTTP to HTTPS