亚马逊推出了一款名为“Amazon Linux 2”的新 Linux
当我尝试让 certbot 运行时......
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
./certbot-auto
给出了这个错误
Sorry, I don't know how to bootstrap Certbot on your operating system!
You will need to install OS dependencies, configure virtualenv, and run pip install manually.
Please see https://letsencrypt.readthedocs.org/en/latest/contributing.html#prerequisites for more info.
然后我尝试:
yum install pip
yum install python-pip
pip install cryptography
pip install certbot
yum install python-urllib3
yum install augeas
/usr/bin/certbot
我收到了这条消息
Traceback (most recent call last):
File "/usr/bin/certbot", line 7, in <module>
from certbot.main import main
File "/usr/lib/python2.7/site-packages/certbot/main.py", line 19, in <module>
from certbot import client
File "/usr/lib/python2.7/site-packages/certbot/client.py", line 11, in <module>
from acme import client as acme_client
File "/usr/lib/python2.7/site-packages/acme/client.py", line 34, in <module>
import urllib3.contrib.pyopenssl # pylint: disable=import-error
File "/usr/lib/python2.7/site-packages/urllib3/contrib/pyopenssl.py", line 50, in <module>
from ndg.httpsclient.ssl_peer_verification import SUBJ_ALT_NAME_SUPPORT
ImportError: No module named ndg.httpsclient.ssl_peer_verification
我不知道接下来该怎么做。任何建议我都会非常感激!
答案1
我也遇到了这个问题,因为 Amazon Linux 2 在其存储库中没有这个epel-release,但我发现你可以安装 EPEL RPM 包本身,然后你就可以从那里安装certbot或。certbot-nginx
下载 RPM
curl -O http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm然后安装
sudo yum install epel-release-latest-7.noarch.rpm现在你可以安装 certbot
sudo yum install certbot然后照常运行
sudo certbot
查看certbot 页面之后获取配置详细信息。
答案2
除了 Certbot,您还可以使用巅峰,它有效且文档齐全。我有一个关于在 Amazon Linux 上设置 Let's Encrypt 的教程这里。
Nginx 配置
在颁发证书之前,Let's Encrypt 需要调用服务器来验证请求。Acmetool 可以使用其内置的 Web 服务器或外部 Web 服务器。这是我的 Nginx 配置,它与为网站其余部分提供服务的安全服务器块并列。
# This server directly serves ACME / certificate redirects. All other requests are forwarded the https version of the page
server {
listen 80;
server_name example.com;
access_log /var/log/nginx/access.log main;
# Let's Encrypt certificates with Acmetool
location /.well-known/acme-challenge/ {
alias /var/www/.well-known/acme-challenge/;
}
location / {
return 301 https://www.photographerstechsupport.com$request_uri;
}
}
Nginx 文件夹
mkdir -p /var/www/.well-known/acme-challenge
chmod -R user:www-data /var/www/acme-challenge/*
find /var/www/acme-challenge/ -type d -exec chmod 755 {} \;
vi /var/www/acme-challenge/.well-known/acme-challenge/text.html (add "hello world" or similar)
安装 Acme
sudo -i (this is run as root)
cd /opt
wget https://github.com/hlandau/acme/releases/download/v0.0.62/acmetool-v0.0.62-linux_386.tar.gz (NB check for newer versions here)
tar -xzf acmetool-v0.0.62-linux_386.tar.gz
cd acmetool-v0.0.62-linux_386/bin
cp ./acmetool /usr/local/bin
/usr/local/bin/acmetool quickstart
在快速入门中输入此内容作为你的 webroot
/var/www/.well-known/acme-challenge/
申请证书
/usr/local/bin/acmetool want example.com www.example.com
故障排除 #1
acmetool --xlog.severity=debug > /tmp/dump 2>&1 want example.com www.example.com
fgrep -v fdb: /tmp/dump | fgrep -v storageops: > /tmp/dumpout
我的博客文章中还有其他故障排除技巧。