跳转到内容
主菜单
主菜单
移至侧栏
隐藏
导航
Wiki首页
Domoticz 中文站
Domoticz 论坛
Domoticz Github
随机页面
特殊页面
特殊页面
所有页面
分类
最近更改
Domoticz
搜索
搜索
登录
个人工具
登录
查看“使用LetsEncrypt生成SSL证书”的源代码
页面
讨论
大陆简体
阅读
查看源代码
查看历史
工具
工具
移至侧栏
隐藏
操作
阅读
查看源代码
查看历史
常规
链入页面
相关更改
特殊页面
页面信息
←
使用LetsEncrypt生成SSL证书
因为以下原因,您没有权限编辑本页:
您请求的操作仅限属于该用户组的用户执行:
用户
您可以查看和复制此页面的源代码。
This article shows you how to add a Lets Encrypt certificate to Domoticz so you can access your server over a secure HTTPS channel. The provided steps are executed using a Raspberry Pi, but they should work on every Linux OS. Prerequisites (see here : http://www.domoticz.com/wiki/Native_HTTPS_/_SSL_support) * Port 80 (HTTP) and 443 (HTTPS) are forwarded to your Domoticz server * You own a domain name * The (sub)domain name for Domoticz has a DNS entry that points to your external IP address ==Startup script== If you want Domoticz to use only HTTPS, you will need to edit the startup script. <code>sudo vi /etc/init.d/domoticz.sh DAEMON_ARGS="-daemon -sslwww 443"</code> ==安装Let’s Encrypt== <code>git clone https://github.com/letsencrypt/letsencrypt</code> ==生成证书== <code>cd letsencrypt sudo ./letsencrypt-auto certonly --manual --email <your email> -d <your domain name></code> You can specify multiple domain names using another -d parameter and domain name for each additional domain name. If the following message shows don't press enter: <syntaxhighlight lang="text"> If you don't have HTTP server configured, you can run the following command on the target server (as root): mkdir -p /tmp/letsencrypt/public_html/.well-known/acme-challenge cd /tmp/letsencrypt/public_html printf "%s" <some random string> > .well-known/acmechallenge/<some random string> # run only once per server: $(command -v python2 || command -v python2.7 || command -v python2.6) -c \ "import BaseHTTPServer, SimpleHTTPServer; \ s = BaseHTTPServer.HTTPServer(('', 80), SimpleHTTPServer.SimpleHTTPRequestHandler); \ s.serve_forever()" Press ENTER to continue </syntaxhighlight> Open another shell window and execute the given commands to validate the ownership of the server. <syntaxhighlight lang="text"> mkdir -p /tmp/letsencrypt/public_html/.well-known/acme-challenge cd /tmp/letsencrypt/public_html printf "%s" <some random string> > .wellknown/acmechallenge/<some random string> $(command -v python2 || command -v python2.7 || command -v python2.6) -c \ "import BaseHTTPServer, SimpleHTTPServer; \ s = BaseHTTPServer.HTTPServer(('', 80), SimpleHTTPServer.SimpleHTTPRequestHandler); \ s.serve_forever()" </syntaxhighlight> '''Edit Nov 4 2016'''. Alternative : Domoticz is a web server, so the direct registration is possible. Simply put the file /tmp/letsencrypt/public_html/.well-known/acme-challenge/<some random string> to /home/pi/domoticz/www/.well-known/acme-challenge/ and check that your domoticz is accessible on the port HTTP 80. (aka : NAT forwarding in your router) Now press enter on the other shell. If everything is OK this message shows: <syntaxhighlight lang="text"> IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/<your domain>/fullchain.pem. Your cert will expire on <date>. To obtain a new version of the certificate in the future, simply run Let's Encrypt again. - If you like Let's Encrypt, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le </syntaxhighlight> ==Add the certificate to Domoticz== The last thing to do is adding the created certificate to Domoticz. This is easily done with the following commands: <code> sudo rm ~/domoticz/server_cert.pem<br> sudo cat /etc/letsencrypt/live/<your domain>/privkey.pem >> ~/domoticz/server_cert.pem<br> sudo cat /etc/letsencrypt/live/<your domain>/fullchain.pem >> ~/domoticz/server_cert.pem<br> </code> When there's a domoticz error after rebooting the service like : Error: [web:443] missing SSL DH parameters from file Add the DHparam : <code> sudo cat /etc/ssl/certs/dhparam.pem >> ~/domoticz/server_cert.pem </code> [[Category:Domoticz]] [[Category:手册]] [[Category:设置]] [[Category:安全]] [[Category:脚本]] [[Category:Bash]]
返回
使用LetsEncrypt生成SSL证书
。
开关有限宽度模式