In recent years, there’s been a strong push by Google and others to make the web more secure by encouraging the use of TLS/SSL (transport layer security/secure sockets layer) on every website.
近年来, Google和其他公司大力推动通过鼓励在每个网站上使用TLS / SSL(传输层安全性/安全套接字层)来使网络更安全。
Google has added extra encouragement for using HTTPS by giving a ranking boost to sites, and, like other browser makers, is gradually turning up the heat in Chrome by introducing increasingly alarming alerts on sites without encryption.
Google通过提高网站排名来增加使用HTTPS的额外鼓励,并且像其他浏览器制造商一样,通过在未加密的网站上引入越来越多的警报来逐步提高Chrome的吸引力。
Until recently, SSL certificates were quite costly. Let’s Encrypt changed that by offering free certificates.
直到最近,SSL证书还是非常昂贵的。 让我们通过提供免费证书来改变它。
There are lots of online tutorials showing how to install Let’s Encrypt certificates, but they tend to require quite a bit of technical expertise (knowledge of how to operate a Linux web server and manage root access) and rarely guide you on how to install it through a common shared hosting control panel. If your cPanel or other control panel instance doesn’t provide a feature like One Click Install for Let’s Encrypt SSL (and many don’t), then you may feel there’s no option but to fork out money for a certificate through your web hosting provider.
有许多在线教程显示了如何安装Let's Encrypt证书,但是它们往往需要相当多的技术知识(有关如何操作Linux Web服务器和管理根访问权限的知识),并且很少指导您如何安装证书一个通用的共享托管控制面板。 如果您的cPanel或其他控制面板实例未提供“让我们加密SSL的一键安装”之类的功能(很多都没有),那么您可能会感到别无选择,只能通过您的网络托管服务提供商掏钱购买证书。
However, in this article I’ll show you how to install a Let’s Encrypt SSL certificate on your shared web hosting server using the services from SSL For Free. SSL For Free allows you to install a Let’s Encrypt SSL certificate without having to have root access and a VPS, but just a regular shared web hosting server.
但是,在本文中,我将向您展示如何使用SSL For Free的服务在共享的Web托管服务器上安装Let's Encrypt SSL证书。 SSL For Free允许您安装root加密SSL证书,而不必具有root用户访问权限和VPS,而只需一个常规的共享Web托管服务器。
Looking to take your SSL chops to the next level? Check out this amazing course by Nick Janetakis:
想要使您的SSL排行榜更上一层楼? 看看Nick Janetakis的精彩课程:
The Best Way to Secure Your Site with HTTPS 使用HTTPS保护您的网站的最佳方法 Nick Janetakis 尼克·简塔基斯(Nick Janetakis) Everything you need to take your site from insecure to an A+ rated secure site in just 3 hours. SitePoint fans get it for 40% off. 在短短3个小时内将站点从不安全状态迁移到A +级安全站点所需的一切。 SitePoint粉丝可获得40%的折扣。Step 1: Head over to the SSL For Free website.
第1步:转到SSL Free网站。
Step 2: In the enter your website to secure input box, type your website domain address (for example: yourdomain.com).
步骤2:在“ 输入要保护的网站”输入框中,键入您的网站域名地址(例如: yourdomain.com )。
Step 3: SSL For Free will provide SSL certificates for yourdomain.com and www.yourdomain.com automatically.
步骤3:免费的SSL将自动为yourdomain.com和www.yourdomain.com提供SSL证书。
Step 4: If you want to add another subdomain (for example: sub.yourdomain.com), click the Add / Edit Domains link, and you’ll be returned to the domain address input page.
步骤4:如果要添加另一个子域(例如: sub.yourdomain.com ),请单击“ 添加/编辑域”链接,您将返回到域名地址输入页面。
Step 5: Add the subdomain you desire in the input box.
步骤5:在输入框中添加所需的子域。
There are three ways to verify your domain by SSL For Free (you can choose any one of them).
您可以通过三种方式通过免费的SSL验证您的域(可以选择其中一种)。
The first is via Automatic FTP Verification. Here, you’ll be asked for data about your web hosting FTP account.
首先是通过自动FTP验证 。 在这里,系统会要求您提供有关您的网络托管FTP帐户的数据。
The second is through Manual Verification. You’ll be prompted to download two files from SSL For Free, which you’ll later upload to your web hosting server.
第二种是通过手动验证 。 系统将提示您从免费的SSL下载两个文件,然后将其上传到网络托管服务器。
The third is through Manual Verification (DNS). This way, you’ll be prompted to create a new TXT record through your web hosting control panel.
第三是通过手动验证(DNS) 。 这样,系统将提示您通过网络托管控制面板创建新的TXT记录。
Let’s take a look at each of the verification steps.
让我们看一下每个验证步骤。
Step 1: Click the Automatic FTP Verification button.
步骤1:点击“ 自动FTP验证”按钮。
Step 2: Below this, you’ll be prompted to input data from your web hosting FTP account. Input the data completely:
步骤2:在此下方,系统将提示您输入Web托管FTP帐户中的数据。 完整输入数据:
If you feel uncomfortable with this way (giving your FTP account access data), then you can choose the second way (which I highly recommend) below.
如果您对这种方式不满意(提供您的FTP帐户访问数据),则可以选择以下第二种方式(我强烈推荐)。
Step 1: You’ll be prompted to download two files generated by SSL For Free, which you’ll then upload to your web hosting server. Click Manual Verification. (Note: don’t close this tab/page!)
步骤1:系统将提示您下载免费的SSL生成的两个文件,然后将其上传到您的网络托管服务器。 点击手动验证 。 ( 注意:请勿关闭此标签/页面!)
Step 2: Below, you’ll be prompted to download two files generated by SSL For Free. Download both files, saving them on your local computer.
步骤2:在下方,系统将提示您下载SSL Free(免费)生成的两个文件。 下载两个文件,然后将它们保存在本地计算机上。
Step 3: In accordance with the instructions of this SSL For Free page, create a new folder/directory called .well-known. (If you’re in a Windows environment, name it .well-known. — that is, with an extra dot at the end.) Inside that directory, create a new directory called acme-challenge. Copy-paste the two downloaded files into the acme-challenge directory.
步骤3:按照此“免费SSL”页面的说明,创建一个名为.well-known的新文件夹/目录。 (如果您在Windows环境中,则将其命名为.well-known.即在末尾加一个小圆点。)在该目录中,创建一个名为acme-challenge的新目录。 将两个下载的文件复制并粘贴到acme-challenge目录中。
Step 4: Now upload both files to your web hosting server using your preferred FTP application (such as FileZilla).
步骤4:现在,使用首选的FTP应用程序(例如FileZilla )将这两个文件上传到您的Web托管服务器。
Step 5: Upload the .well-known directory from your local computer to the root directory of your web hosting server (its directory, not the contents in it).
步骤5:将.well-known目录从本地计算机上载到Web托管服务器的根目录(其目录,而不是其中的内容)。
Step 6: Now open a new tab/page in your browser and enter your domain URL, along with the location of the two files. Make sure you see the random numbers and letters:
步骤6:现在,在浏览器中打开一个新的选项卡/页面,然后输入域URL以及两个文件的位置。 确保您看到随机数字和字母:
Step 7: Go back to the SSL For Free tab/page (page at Step 1) and click Download SSL Certificate. Make sure you don’t get a reply like this:
步骤7:返回“免费SSL”标签/页面(位于步骤1的页面),然后点击下载SSL证书 。 确保您不会收到这样的回复:
Step 8: If you get an error reply, please repeat Step 1 above, until SSL For Free loads the Loading SSL Certificate Account page. It will then proceed to the Generating SSL Certificate Securely page:
步骤8:如果收到错误回复,请重复上述步骤1 ,直到SSL For Free加载“ 正在加载SSL证书帐户”页面。 然后它将进入“ 安全地生成SSL证书”页面:
In this last verification method option, you’ll be prompted to create a new TXT record in your web hosting control panel.
在最后一个验证方法选项中,系统将提示您在网络托管控制面板中创建新的TXT记录。
Here’s what the steps look like in cPanel:
这是cPanel中的步骤:
Step 1: Click the Manual Verification (DNS) button on the SSL For Free site.
步骤1:在“免费SSL”网站上单击“ 手动验证(DNS)”按钮。
Step 2: You’ll then be prompted to create a new TXT record according to the data on that page:
第2步:然后会提示您根据该页面上的数据创建新的TXT记录:
Step 3: Open a new tab/page in your browser and log in to CPanel on your server. Go to Zone Editor, and add a record with the following data:
步骤3:在浏览器中打开一个新标签页/页面,然后登录到服务器上的CPanel。 转到“ 区域编辑器” ,并添加包含以下数据的记录:
Type: TXT
类型: TXT
Name: _acme-challenge.yourdomain.com.
名称: _acme-challenge.yourdomain.com。
TTL: 14400
TTL: 14400
TXT Data: [corresponding to the first TXT Record data in Step 2]
TXT数据: [对应于步骤2中的第一个TXT记录数据]
Click Add Record:
点击添加记录 :
Step 4: Then add the second new TXT record with the following data:
步骤4:然后添加第二个新TXT记录,并添加以下数据:
Type: TXT
类型: TXT
Name: _acme-challenge.www.yourdomain.com.
名称: _acme-challenge.www.yourdomain.com。
TTL: 14400
TTL: 14400
TXT Data: [corresponding to the second TXT Record data in Step 2]
TXT数据: [对应于步骤2中的第二个TXT记录数据]
Once again, click Add Record.
再一次点击添加记录 。
Step 5: The final result will look something like this:
步骤5:最终结果将如下所示:
Step 6: Go back to the SSL For Free tab/page (page at Step 1) and click the Download SSL Certificate. If you’ve set up the TXT records correctly, you should get a couple of results like this:
步骤6:返回“免费使用SSL”标签/页面(位于步骤1的页面),然后点击下载SSL证书 。 如果正确设置了TXT记录,则应获得如下所示的结果:
Step 7: You’ll be taken to the Loading SSL Certificate Account page, and then to the Generating SSL Certificate Securely page:
步骤7:您将转到“ 正在加载SSL证书帐户”页面,然后进入“ 安全生成SSL证书”页面:
Once SSL For Free successfully creates an SSL certificate, you’ll be prompted to input your email address and password to receive an email notification one week before your certificate expires (optional).
免费的SSL成功创建SSL证书后,系统会提示您输入电子邮件地址和密码,以在证书到期前一周收到电子邮件通知(可选)。
If you fill it in, or are already logged in, you’ll be shown a list of SSL certificates from the domain(s) you’ve registered in the SSL For Free service:
如果您填写或已经登录,则会显示一个列表,其中列出了您在免费SSL服务中注册的域中的SSL证书:
On the same page, you’ll be shown data for the Certificate, Private Key, and CA Bundle for your domain. You can download those three certificates, or input them one-by-one into your cPanel web hosting server:
在同一页面上,将显示您域的Certificate , Private Key和CA Bundle的数据。 您可以下载这三个证书,或将它们一个一输入到cPanel Web托管服务器中:
SSL For Free provides links to various guides for installing SSL certificates, but here I’m just showing how to install SSL certificates on a cPanel web hosting server.
“免费SSL”提供了指向各种安装SSL证书的指南的链接,但这里我仅展示如何在cPanel Web托管服务器上安装SSL证书。
Step 1: Access to your web hosting server cPanel. Click on the SSL/TLS icon (under “Security”).
第1步:访问您的网络托管服务器cPanel。 单击SSL / TLS图标(在“安全”下)。
Step 2: In the Install and Manage SSL for your site option at the bottom, click the Manage SSL Certificate link.
步骤2:在底部的“ 为您的站点安装和管理SSL”选项中,单击“ 管理SSL证书”链接。
Step 3: Select your domain that’s been registered for SSL through SSL For Free.
第3步:选择通过免费SSL为SSL注册的域。
Step 4: Copy and paste the certificate data that SSL For Free has generated to each input box (Certificate, Private Key, and CA Bundle data).
步骤4:将SSL For Free生成的证书数据复制并粘贴到每个输入框( 证书 , 私钥和CA捆绑包数据)。
Step 5: At the bottom of this page, click Install Certificate. Click OK in the notification confirming your certificate was successfully installed on your web server. Next, you’ll be shown a list of domains that have SSL certificates installed.
步骤5:在此页面底部,点击安装证书 。 在通知中单击“ 确定” ,以确认您的证书已成功安装在Web服务器上。 接下来,将显示一个已安装SSL证书的域的列表。
You can confirm once again that your SSL certificate is already installed correctly. Go to the Namecheap SSL Checker, then input your domain address, or you can go directly to https://decoder.link/sslchecker/yourdomain.com/443.
您可以再次确认您的SSL证书已正确安装。 转到Namecheap SSL Checker ,然后输入您的域名,或者您可以直接转到https://decoder.link/sslchecker/yourdomain.com/443 。
You should get reports similar to this:
您应该获得类似于以下内容的报告:
You can also do the checking at Qualys SSL Labs at https://www.ssllabs.com/ssltest/analyze.html?d=yourdomain.com.
您也可以在Qualys SSL Labs上进行检查, https://www.ssllabs.com/ssltest/analyze.html?d=yourdomain.com为https://www.ssllabs.com/ssltest/analyze.html?d=yourdomain.com 。
NOTE: once your SSL certificate has been successfully installed, in order for HTTPS to run perfectly, don’t forget to change your default site address from http://yourdomain.com to https://yourdomain.com. You can do this by using an .htaccess file (there are plenty of tutorials on this out there) or if you use WordPress, you can directly assign HTTPS address via the WordPress Admin Dashboard.
注意:成功安装SSL证书后,为了使HTTPS正常运行,请不要忘记将默认站点地址从http://yourdomain.com更改为https://yourdomain.com 。 您可以通过使用.htaccess文件(此处有很多教程)来完成此操作,或者,如果您使用WordPress,则可以通过WordPress Admin Dashboard直接分配HTTPS地址。
I hope this tutorial has shown you how easy it is to use Let’s Encrypt to secure your website on shared hosting. Admittedly, having to use a third-paty intermediary isn’t ideal, but it’s not a big downside when you consider the money you can save. There’s no need to go out and buy a certificate again.
我希望本教程向您展示了使用“让我们加密”在共享主机上保护您的网站有多么容易。 诚然,使用第三手中介并不理想,但考虑到您可以省下的钱时,这并不是一个很大的缺点。 无需外出再次购买证书。
One thing to remember with Let’s Encrypt certificates is that they only last for 90 days, rather than a year (like many paid certificates). A common way to automate reinstallation is via a cron job, although these aren’t always allowed on shared hosting. I recommend you talk to your web host to see what’s available from them in this regard.
让我们加密证书要记住的一件事是,它们只能持续90天,而不是一年(就像许多付费证书一样)。 自动重新安装的常见方法是通过cron作业,尽管在共享主机上并不总是允许这些作业。 我建议您与您的虚拟主机交谈,以了解他们在这方面可以提供的服务。
翻译自: https://www.sitepoint.com/a-guide-to-setting-up-lets-encrypt-ssl-on-shared-hosting/
相关资源:jdk-8u281-windows-x64.exe