如何免费的让网站启用HTTPS

如何免费的让网站启用HTTPS

什么是HTTPS?根据维基百科定义:超文本传输安全协议(英语:Hypertext Transfer Protocol Secure,缩写:HTTPS,常称为HTTP over TLS,HTTP over SSL或HTTP Secure)是一种通过计算机网络进行安全通信的传输协议。HTTPS经由HTTP进行通信,但利用SSL/TLS来加密数据包。HTTPS开发的主要目的,是提供对网站服务器的身份认证,保护交换数据的隐私与完整性。这个协议由网景公司(Netscape)在1994年首次提出,随后扩展到互联网上。
HTTPS有什么优点呢?
First and foremost 就是安全,加密传输,防止域名劫持。
参照左耳朵耗子的博客
核心命令

certbot --nginx

原计划半小时搞定,谁曾想出了很多意外。现在记录下整个排障过程,供日后参考。

安装
yum install certbot-nginx
Failed:
python-urllib3.noarch 0:1.10.2-3.el7
卸载
pip uninstall urllib3

使用pip安装, 首先升级pip
pip install –upgrade pip
继续yum
yum -y install python-urllib3

再次生成证书 certbot –nginx
又报错了:

Traceback (most recent call last):
  File "/bin/certbot", line 5, in <module>
    from pkg_resources import load_entry_point
  File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 3138, in <module>
    @_call_aside
  File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 3122, in _call_aside
    f(*args, **kwargs)
  File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 3151, in _initialize_master_working_set
    working_set = WorkingSet._build_master()
  File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 666, in _build_master
    return cls._build_from_requirements(__requires__)
  File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 679, in _build_from_requirements
    dists = ws.resolve(reqs, Environment())
  File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 867, in resolve
    raise DistributionNotFound(req, requirers)
pkg_resources.DistributionNotFound: The 'urllib3<1.23,>=1.21.1' distribution was not found and is required by requests

最后一句说明版本低,好,升级

# pip install --upgrade urllib3
Looking in indexes: http://mirrors.aliyun.com/pypi/simple/
Collecting urllib3
Downloading http://mirrors.aliyun.com/pypi/packages/63/cb/6965947c13a94236f6d4b8223e21beb4d576dc72e8130bd7880f600839b8/urllib3-1.22-py2.py3-none-any.whl (132kB)
100% |████████████████████████████████| 133kB 1.1MB/s
Installing collected packages: urllib3
Found existing installation: urllib3 1.10.2
Uninstalling urllib3-1.10.2:
Successfully uninstalled urllib3-1.10.2
Successfully installed urllib3-1.22
# certbot --nginx
Traceback (most recent call last):
File "/bin/certbot", line 9, in
load_entry_point('certbot==0.22.2', 'console_scripts', 'certbot')()
File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 570, in load_entry_point
return get_distribution(dist).load_entry_point(group, name)
File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2751, in load_entry_point
return ep.load()
File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2405, in load
return self.resolve()
File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2411, in resolve
module = __import__(self.module_name, fromlist=['__name__'], level=0)
File "/usr/lib/python2.7/site-packages/certbot/main.py", line 20, in
from certbot import client
File "/usr/lib/python2.7/site-packages/certbot/client.py", line 13, in
from acme import client as acme_client
File "/usr/lib/python2.7/site-packages/acme/client.py", line 33, in
requests.packages.urllib3.contrib.pyopenssl.inject_into_urllib3() # type: ignore
File "/usr/lib/python2.7/site-packages/urllib3/contrib/pyopenssl.py", line 112, in inject_into_urllib3
_validate_dependencies_met()
File "/usr/lib/python2.7/site-packages/urllib3/contrib/pyopenssl.py", line 147, in _validate_dependencies_met
raise ImportError("'pyOpenSSL' module missing required functionality. "
ImportError: 'pyOpenSSL' module missing required functionality. Try upgrading to v0.14 or newer.

最后一句说pyOpenSSL版本低,ok,升级

# pip install pyOpenSSL
Looking in indexes: http://mirrors.aliyun.com/pypi/simple/
Requirement already satisfied: pyOpenSSL in /usr/lib64/python2.7/site-packages (0.13.1)

# pip install --upgrade pyOpenSSL
Looking in indexes: http://mirrors.aliyun.com/pypi/simple/
Collecting pyOpenSSL
Downloading http://mirrors.aliyun.com/pypi/packages/79/db/7c0cfe4aa8341a5fab4638952520d8db6ab85ff84505e12c00ea311c3516/pyOpenSSL-17.5.0-py2.py3-none-any.whl (53kB)
100% |████████████████████████████████| 61kB 764kB/s
Collecting cryptography>=2.1.4 (from pyOpenSSL)
Downloading http://mirrors.aliyun.com/pypi/packages/dd/c2/3a5bfefb25690725824ade71e6b65449f0a9f4b29702cce10560f786ebf6/cryptography-2.2.2-cp27-cp27mu-manylinux1_x86_64.whl (2.2MB)
100% |████████████████████████████████| 2.2MB 4.0MB/s
Requirement not upgraded as not directly required: six>=1.5.2 in /usr/lib/python2.7/site-packages (from pyOpenSSL) (1.9.0)
Collecting cffi>=1.7; platform_python_implementation != "PyPy" (from cryptography>=2.1.4->pyOpenSSL)
Downloading http://mirrors.aliyun.com/pypi/packages/14/dd/3e7a1e1280e7d767bd3fa15791759c91ec19058ebe31217fe66f3e9a8c49/cffi-1.11.5-cp27-cp27mu-manylinux1_x86_64.whl (407kB)
100% |████████████████████████████████| 409kB 95.9MB/s
Requirement not upgraded as not directly required: enum34; python_version < "3" in /usr/lib/python2.7/site-packages (from cryptography>=2.1.4->pyOpenSSL) (1.0.4)
Collecting asn1crypto>=0.21.0 (from cryptography>=2.1.4->pyOpenSSL)
Downloading http://mirrors.aliyun.com/pypi/packages/ea/cd/35485615f45f30a510576f1a56d1e0a7ad7bd8ab5ed7cdc600ef7cd06222/asn1crypto-0.24.0-py2.py3-none-any.whl (101kB)
100% |████████████████████████████████| 102kB 79.9MB/s
Requirement not upgraded as not directly required: idna>=2.1 in /usr/lib/python2.7/site-packages (from cryptography>=2.1.4->pyOpenSSL) (2.6)
Requirement not upgraded as not directly required: ipaddress; python_version < "3" in /usr/lib/python2.7/site-packages (from cryptography>=2.1.4->pyOpenSSL) (1.0.16)
Requirement not upgraded as not directly required: pycparser in /usr/lib/python2.7/site-packages (from cffi>=1.7; platform_python_implementation != "PyPy"->cryptography>=2.1.4->pyOpenSSL) (2.14)
Installing collected packages: cffi, asn1crypto, cryptography, pyOpenSSL
Found existing installation: cffi 1.6.0
Uninstalling cffi-1.6.0:
Successfully uninstalled cffi-1.6.0
Found existing installation: cryptography 1.7.2
Uninstalling cryptography-1.7.2:
Successfully uninstalled cryptography-1.7.2
Found existing installation: pyOpenSSL 0.13.1
Cannot uninstall 'pyOpenSSL'. It is a distutils installed project and thus we cannot accurately determine which files belong to it which would lead to only a partial uninstall.

没法直接升级,不行手工安装新版本。
访问 ftp://ftp.muug.mb.ca/centos/7.4.1708/cloud/x86_64/openstack-newton/common/
根据自己的系统版本,找到合适的安装包:
ftp://ftp.muug.mb.ca/centos/7.4.1708/cloud/x86_64/openstack-newton/common/pyOpenSSL-0.15.1-1.el7.noarch.rpm
手工安装,直接安装使用-ivh,这里是升级:
rpm -Uvh pyOpenSSL-0.15.1-1.el7.noarch.rpm
继续生成证书,还是报错,用pip升级
pip install –upgrade pyOpenSSL
升级后版本为17.5.0。再次生成证书,终于可以正常工作了。

# pip show pyOpenSSL
Name: pyOpenSSL
Version: 17.5.0
Summary: Python wrapper module around the OpenSSL library
Home-page: https://pyopenssl.org/
Author: Hynek Schlawack

如果是编译安装的Python 3, 安装对应的rpm包后(such as: openssl-devel),需要重新编译(make && make install).

发表评论

电子邮件地址不会被公开。 必填项已用*标注