Setup Let's Encrypt with Dehydrated

Setup Let's Encrypt with Dehydrated.md

Letsencrypt SSL cert 设置笔记

Step 1: 下载 dehydrated

wget https://raw.githubusercontent.com/lukas2511/dehydrated/116386486b3749e4c5e1b4da35904f30f8b2749b/dehydrated

UPDATE: 下载最新版本：

wget https://raw.githubusercontent.com/lukas2511/dehydrated/master/dehydrated

下载后需要修改文件权限，建议放置到 /usr/local/sbin/ 之下：

chmod +x dehydrated
mv dehydrated /usr/local/sbin/

Step 2: 初始化相关文件夹和配置文件

mkdir /etc/dehydrated /var/www/dehydrated
curl https://raw.githubusercontent.com/lukas2511/dehydrated/116386486b3749e4c5e1b4da35904f30f8b2749b/docs/examples/config > /etc/dehydrated/config
curl https://raw.githubusercontent.com/lukas2511/dehydrated/116386486b3749e4c5e1b4da35904f30f8b2749b/docs/examples/hook.sh > /etc/dehydrated/hook.sh
chmod +x /etc/dehydrated/hook.sh
touch /etc/dehydrated/domains.txt

Step 3: 修改 config 配置文件

1. 设置 CONTACT_EMAIL；
2. 设置 HOOK=/etc/dehydrated/hook.sh；
3. 设置 WELLKNOWN=/var/www/dehydrated；
4. 修改 /etc/dehydrated/domains.txt ，添加相关域名。

Step 4: Web Server 相关设置（Nginx）

location /.well-known/acme-challenge {
    alias /var/www/dehydrated;
}

Step 5: 申请证书

首次执行需要同意协议：

dehydrated --register --accept-terms -f /etc/dehydrated/config

然后通过命令生成证书：

dehydrated -f /etc/dehydrated/config -c

Step 6: Nginx HTTPs 设置

    listen 80;
    listen 443 ssl;
    server_name www.example.com example.com;

    ssl_certificate     /etc/dehydrated/certs/example.com/fullchain.pem;
    ssl_certificate_key /etc/dehydrated/certs/example.com/privkey.pem;

Step 7: 设置自动更新的 crontab

30 5 * * 0 /usr/local/sbin/dehydrated -c -f /etc/dehydrated/config > /dev/null

---

References:

• Dehydrated: a bash client for Let’s Encrypt - Antoine Aflalo