\u041d\u0443\u0436\u0435\u043d \u043b\u0438 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442 \u0434\u043b\u044f \u0441\u0430\u0439\u0442\u0430 \u0438\u043b\u0438 \u043d\u0435\u0442, \u0435\u0441\u0442\u044c \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0441\u0442\u044c \u0432 ssl \u0438 \u043d\u0430\u0434\u043e \u043b\u0438 https \u0432\u043c\u0435\u0441\u0442\u043e http \u0440\u0435\u0448\u0430\u0435\u0442 \u043a\u0430\u0436\u0434\u044b\u0439 \u0441\u0430\u043c. <\/p>\n\n\n\n
\u0418\u0442\u0430\u043a, \u0438\u043c\u0435\u0435\u043c \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440 Debian c Apache2 \u0438 \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u044b\u043c virtualhost, \u0437\u0430\u0434\u0430\u0447\u0430 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0438\u0442\u044c https, ssl \u0441 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u043c. <\/p>\n\n\n\n\n\n\n\n
\u0421\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442 \u0431\u0443\u0434\u0435\u0442 \u043d\u0435 \u0441\u0430\u043c\u043e\u043f\u043e\u0434\u043f\u0438\u0441\u0430\u043d\u043d\u044b\u0439, \u0430 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0438\u0439 \u0438\u0437 \u0443\u0434\u043e\u0441\u0442\u043e\u0432\u0435\u0440\u044f\u044e\u0449\u0435\u0433\u043e \u0446\u0435\u043d\u0442\u0440\u0430, \u043d\u043e \u0431\u0435\u0441\u043f\u043b\u0430\u0442\u043d\u044b\u0439. \u0421\u0435\u0433\u043e\u0434\u043d\u044f \u043c\u043e\u0436\u043d\u043e \u043d\u0430\u0439\u0442\u0438 \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u0441\u0442\u0430\u0442\u0435\u0439, \u0433\u0434\u0435 \u043e\u043f\u0438\u0441\u044b\u0432\u0430\u044e\u0442 \u043a\u0430\u043a \u043d\u0430\u0439\u0442\u0438 \u0431\u0435\u0441\u043f\u043b\u0430\u0442\u043d\u044b\u0435 \u0446\u0435\u043d\u0442\u0440\u044b \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.<\/p>\n\n\n\n
\u042f \u0432\u044b\u0431\u0440\u0430\u043b Let’s Encrypt. \u0421\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442 \u0432\u044b\u0434\u0430\u0435\u0442\u0441\u044f \u043d\u0430 90 \u0434\u043d\u0435\u0439 \u0441 \u043f\u043e\u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u043c \u043f\u0435\u0440\u0435\u0432\u044b\u043f\u0443\u0441\u043a\u043e\u043c \u0430\u0431\u0441\u043e\u043b\u044e\u0442\u043d\u043e \u0431\u0435\u0441\u043f\u043b\u0430\u0442\u043d\u043e. <\/p>\n\n\n\n
\u041d\u0430\u0441\u0442\u0440\u043e\u0438\u043c:<\/p>\n\n\n\n
\u041f\u0435\u0440\u0435\u0445\u043e\u0434\u0438\u043c \u043d\u0430 \u0441\u0430\u0439\u0442 https:\/\/certbot.eff.org\/ \u0438 \u0432\u044b\u0431\u0438\u0440\u0430\u0435\u043c \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u044b \u0441\u0435\u0440\u0432\u0435\u0440\u0430 (Apache \u0438 Debian 9).<\/p>\n\n\n\n
\u0414\u043e\u0431\u0430\u0432\u0438\u043c Stretch backports \u0434\u043b\u044f Debian:<\/p>\n\n\n\n
echo \"deb http:\/\/deb.debian.org\/debian stretch-backports main\" \/etc\/apt\/sources.list<\/h1>\napt-get update<\/code><\/pre>\n\n\n\n- \u0421\u0442\u0430\u0432\u0438\u043c CertBot:<\/li><\/ol>\n\n\n\n
apt-get install certbot python-certbot-apache<\/code><\/pre>\n\n\n\n- \u041d\u0430\u0441\u0442\u0440\u0430\u0438\u0432\u0430\u0435\u043c Certbot \u043f\u043e\u0434 Apache:<\/li><\/ol>\n\n\n\n
certbot --apache<\/code><\/pre>\n\n\n\n\u041f\u0440\u043e\u0446\u0435\u0441\u0441 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438:<\/strong><\/p>\n\n\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \nPlease read the Terms of Service at\nhttps:\/\/letsencrypt.org\/documents\/LE-SA-v1.2-November-15-2017.pdf. You must\nagree in order to register with the ACME server at\nhttps:\/\/acme-v02.api.letsencrypt.org\/directory\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n(A)gree\/(C)ancel: <\/code><\/pre>\n\n\n\n\u0432\u0432\u043e\u0434\u0438\u043c e-mail \u0430\u0434\u0440\u0435\u0441 \u043a\u0443\u0434\u0430 \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u044c \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f \u043e\u0442 certbot, \u043f\u0440\u0438\u043d\u0438\u043c\u0430\u0435\u043c \u0441\u043e\u0433\u043b\u0430\u0448\u0435\u043d\u0438\u0435<\/p>\n\n\n\n
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \nWould you be willing to share your email address with the Electronic Frontier\nFoundation, a founding partner of the Let's Encrypt project and the non-profit\norganization that develops Certbot? We'd like to send you email about our work\nencrypting the web, EFF news, campaigns, and ways to support digital freedom.\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n(Y)es\/(N)o: <\/code><\/pre>\n\n\n\n\u043e\u0442\u0432\u0435\u0447\u0430\u0435\u043c \u043d\u0430 \u0432\u043e\u043f\u0440\u043e\u0441 «\u0425\u043e\u0442\u0435\u043b\u0438 \u0431\u044b \u0432\u044b \u043f\u043e\u0434\u0435\u043b\u0438\u0442\u044c\u0441\u044f \u0441\u0432\u043e\u0438\u043c \u0430\u0434\u0440\u0435\u0441\u043e\u043c \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043f\u043e\u0447\u0442\u044b \u0441 Electronic Frontier?»<\/p>\n\n\n\n
Which names would you like to activate HTTPS for?\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \n1: domain.ru\n2: www.domain.ru\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \nSelect the appropriate numbers separated by commas and\/or spaces, or leave input\nblank to select all options shown (Enter 'c' to cancel):<\/code><\/pre>\n\n\n\n \u0434\u0430\u043b\u0435\u0435 \u0432\u044b\u0431\u0438\u0440\u0430\u0435\u043c \u043d\u0430 \u043a\u0430\u043a\u0438\u0435 \u0434\u043e\u043c\u0435\u043d\u043d\u044b\u0435 \u0438\u043c\u0435\u043d\u0430 \u0430\u043a\u0442\u0438\u0432\u0438\u0440\u043e\u0432\u0430\u0442\u044c HTTPS? <\/p>\n\n\n\n
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \n1: No redirect - Make no further changes to the webserver configuration.\n2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for\nnew sites, or if you're confident your site works on HTTPS. You can undo this\nchange by editing your web server's configuration.\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \nSelect the appropriate number [1-2] then [enter] (press 'c' to cancel):<\/code><\/pre>\n\n\n\n\u0412\u044b\u0431\u0438\u0440\u0430\u0435\u043c, \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u043b\u0438 \u043f\u0435\u0440\u0435\u043d\u0430\u043f\u0440\u0430\u0432\u043b\u044f\u0442\u044c HTTP-\u0442\u0440\u0430\u0444\u0438\u043a \u043d\u0430 HTTPS, \u0443\u0434\u0430\u043b\u044f\u044f \u0434\u043e\u0441\u0442\u0443\u043f HTTP? \u042f \u0432\u044b\u0431\u0438\u0440\u0430\u044e Redirect.<\/p>\n\n\n\n
\u0421\u043e\u0437\u0434\u0430\u044e\u0442\u0441\u044f \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438 \u0438\u2026<\/p>\n\n\n\n
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nCongratulations! You have successfully enabled https:\/\/domain.ru and\nhttps:\/\/www.domain.ru\n\nYou should test your configuration at:\nhttps:\/\/www.ssllabs.com\/ssltest\/analyze.html?d=domain.ru\nhttps:\/\/www.ssllabs.com\/ssltest\/analyze.html?d=www.domain.ru\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \n\nIMPORTANT NOTES:\n - Congratulations! Your certificate and chain have been saved at:\n \/etc\/letsencrypt\/live\/domain.ru\/fullchain.pem\n Your key file has been saved at:\n \/etc\/letsencrypt\/live\/domain.ru\/privkey.pem\n Your cert will expire on 2019-07-09. To obtain a new or tweaked\n version of this certificate in the future, simply run certbot again\n with the \"certonly\" option. To non-interactively renew *all* of\n your certificates, run \"certbot renew\"\n - Your account credentials have been saved in your Certbot\n configuration directory at \/etc\/letsencrypt. You should make a\n secure backup of this folder now. This configuration directory will\n also contain certificates and private keys obtained by Certbot so\n making regular backups of this folder is ideal.\n - If you like Certbot, please consider supporting our work by:\n\n Donating to ISRG \/ Let's Encrypt: https:\/\/letsencrypt.org\/donate\n Donating to EFF: https:\/\/eff.org\/donate-le<\/code><\/pre>\n\n\n\n\u041f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u043c \u043d\u0430\u0448 \u0441\u0430\u0439\u0442 \u0432 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0435 \u0438 \u0437\u0430\u043c\u0435\u0447\u0430\u0435\u043c, \u0447\u0442\u043e \u043f\u0440\u043e\u0438\u0437\u043e\u0448\u043b\u043e \u043f\u0435\u0440\u0435\u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u043d\u0430 https.<\/p>\n\n\n\n
\u041d\u0430 \u044d\u0442\u043e\u043c \u0432\u0441\u0435. \u041d\u0430\u0448 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d, \u0441\u0430\u0439\u0442 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e https, \u0432\u0441\u0435 \u0437\u0430\u043f\u0440\u043e\u0441\u044b \u043f\u043e http \u043f\u0435\u0440\u0435\u043d\u0430\u043f\u0440\u0430\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u043d\u0430 https.<\/p>\n\n\n\n
\u041e\u0441\u0442\u0430\u0435\u0442\u0441\u044f \u043d\u0430\u0441\u0442\u0440\u043e\u0438\u0442\u044c \u043f\u043b\u0430\u043d\u0438\u0440\u043e\u0432\u0449\u0438\u043a \u0437\u0430\u0434\u0430\u0447 (crontab) \u043d\u0430 \u043f\u0435\u0440\u0435\u0432\u044b\u043f\u0443\u0441\u043a \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0430 \u043a\u0430\u0436\u0434\u044b\u0435 90 \u0434\u043d\u0435\u0439 \u0441 \u043a\u043e\u043c\u0430\u043d\u0434\u043e\u0439:<\/p>\n\n\n\n
certbot renew --dry-run<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"\u041d\u0443\u0436\u0435\u043d \u043b\u0438 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442 \u0434\u043b\u044f \u0441\u0430\u0439\u0442\u0430 \u0438\u043b\u0438 \u043d\u0435\u0442, \u0435\u0441\u0442\u044c \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0441\u0442\u044c \u0432 ssl \u0438 \u043d\u0430\u0434\u043e \u043b\u0438 https \u0432\u043c\u0435\u0441\u0442\u043e http \u0440\u0435\u0448\u0430\u0435\u0442 \u043a\u0430\u0436\u0434\u044b\u0439 \u0441\u0430\u043c. \u0418\u0442\u0430\u043a, \u0438\u043c\u0435\u0435\u043c \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440 Debian c Apache2...<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[4,5],"tags":[18,12,35,15,34],"_links":{"self":[{"href":"https:\/\/blog.airmeno.ru\/index.php?rest_route=\/wp\/v2\/posts\/198"}],"collection":[{"href":"https:\/\/blog.airmeno.ru\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.airmeno.ru\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.airmeno.ru\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.airmeno.ru\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=198"}],"version-history":[{"count":1,"href":"https:\/\/blog.airmeno.ru\/index.php?rest_route=\/wp\/v2\/posts\/198\/revisions"}],"predecessor-version":[{"id":199,"href":"https:\/\/blog.airmeno.ru\/index.php?rest_route=\/wp\/v2\/posts\/198\/revisions\/199"}],"wp:attachment":[{"href":"https:\/\/blog.airmeno.ru\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=198"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.airmeno.ru\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=198"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.airmeno.ru\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=198"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}