Last update at :2024-06-14,Edit by888u
Nowadays, more and more of our websites are beginning to use HTTPS formatted URLs. Previously, Google announced that it would take special care of websites that use SSL certificates, and Baidu in mainland China also announced that it supports HTTPS formatted URLs. Although from a certain perspective, websites that use SSL certificates tend to be e-commerce websites and use more user interaction information, after all, the security factors involved are considered.
Also including the permanently free Let\\’s Encrypt that Snail shared a few days ago, it is supported by more mainstream merchants and is currently in the public beta stage and is being used by many websites. We believe that it should be a common phenomenon for websites to use SSL certificates for HTTPS addresses in the near future. Although the current free SSL certificates have some limitations, we will use paid certificates. During this year's Black Friday, Snail also purchased several special-priced PositiveSSL certificates that have not been activated yet.
Because we consider that it must be activated and used before the end of January otherwise it will be wasted, why not take some time to demonstrate the activation and application of the PositiveSSL certificate purchased previously to a test site.
Snail has previously shared several articles about SSL certificates for reference:
1. Practical tutorial on how to apply for Let\\’s Encrypt permanent free SSL certificate and frequently asked questions
2. The process of installing SSL security certificate and deploying HTTPS website URL in LNMP one-click package environment
3. Free WoSign digital certificate SSL application process and Chinese interface to quickly issue certificates
First, Namecheap SSL certificate activation preparations
Namecheap official website: www.namecheap.com
Because Snail has purchased PositiveSSL before during Black Friday and has not activated it. If we have not purchased it yet, we can choose to purchase different forms of SSL certificates. However, from a basic application perspective, it does not make much difference which certificate is used. For example, the annual payment for a PositiveSSL certificate in NC is US$9. I won’t share the purchase process here because you only need to add it to the shopping cart and then pay.
In terms of server, Snail uses the Nginx website environment, so when activating the certificate later, you need to use the Nginx option to pair successfully.
Second, Nginx website environment generates CSR
Because we can activate the certificate after successfully purchasing Namecheap SSL, but we need to use the CSR file during activation. We need to generate this file in the server to obtain it. Therefore, we need to generate a CSR in the server before we can activate SSL in the NC panel.
Log in to our current VPS server and execute the following command to generate a CSR.
openssl req -new -newkey rsa:2048 -nodes -keyout laozuo.key -out laozuo.csr
Before executing the above script, we need to replace the red part with our own domain name, so that it is easy to identify which certificate belongs to which domain name.
Country Name (2 letter code) [AU]:CN //Country abbreviation State or Province Name (full name) [Some-State]: JS //Province abbreviation Locality Name (eg, city) []:SZ / /City abbreviation Organization Name (eg, company) [Internet Widgits Pty Ltd]: //Organizational name does not need to be written Organizational Unit Name (eg, section) []: //It does not need to write Common Name (eg, YOUR name) [] : laozuo.org //Fill in our domain name WWW and without WWW are different Email Address []:Email address
Please enter the following \\’extra\\’ attributesto be sent with your certificate requestA challenge password []://Do not writeAn optional company name []://Do not write
Then you can generate 2 certificate files in the current path, one is KEY and the other is CSR. We need to get the CSR execution cat laozuo.csr
Third, activate Namecheap SSL certificate
Log in to the backend of the NAMECHEAP website and you can see the SSL certificates we have purchased but not activated in the PRODUCT LIST.
We can see that there are currently three SSL SSLs in the picture above that have not been activated. Select the ACTIVE behind the one we need to activate.
Enter the CSR file we generated, then select the NGINX environment, and then submit. The domain name will automatically obtain the records we submitted when generating it previously.
The current domain name and other information can be automatically detected. Let's check it. If not, we need to regenerate the certificate file.
Select a domain name post office or WHOIS email address, and then you need to receive an activation verification email to verify that the domain name belongs to us. We can choose email activation or file activation. Then we fill in our personal information, I won’t take a screenshot here.
Check our main domain name, if not, you need to modify it, and then click CONFIRM to activate and confirm. After completion, we wait a few minutes for Namecheap to send an activation email, and then click Submit Activation Code to complete the verification. Finally, wait for the attachment file to be sent. This is the certificate file we need. It needs to be used for the website where the Nginx environment is installed.
Here Snail uses email activation, then click HERE as shown above, and then enter the verification code below.
After activation, we wait for the required file package to be sent. After getting the file package, we deploy the required files to the website.
If you have purchased SSL in NC before, you must know that a bunch of files will be sent, and we need to merge the files ourselves. Now we don’t need to. There is only one file, and we can deploy it directly.
To summarize, through the above steps, we can activate the Namecheap SSL we purchased. After the verification is completed, the official KEY file package will be sent, and then we can deploy it to our own Apache and Nginx website environments. In view of the time I have been struggling with this problem for more than an hour, so I will not share the deployment of Nginx environment website here for the time being. I will deploy it separately to the website application later.
Recommended site search: server rental US high defense, Japanese proxy server IP, host server rental, website virtual host space, cheap virtual host, website virtual host, me domain name registration, foreign free asp space, Singapore server Hong Kong vps host rental ,
发表评论