2025 latest tvbox interface, TVBOX latest version download, TVBOX configuration private line
How to add native CloudFlare DDNS functionality to Synology
Free Office full version download - Use Microsoft Office software forever
MyTV Android: The most powerful Android TV live broadcast software in 2025, HD free live broadcast APP

Apply for SSL certificate online for free

There are two types of SSL certificates, one is ECC certificate (built-in ECDSA public key), and the other is RSA certificate (built-in RSA public key). ECC is more secure than RSA of the same length, which means that under the same security conditions, the key length of ECC is much shorter than that of RSA, and encryption and decryption will be faster. The following is how to apply for a TSL/SSL certificate on a Linux server using the acme.sh script.

Apply for a free SSL certificate on a Linux server

No matter what type of website you make, the first step is to apply for If there is no valid, you can only access it via HTTP port 80. Now the mainstream website access method is HTTPS access.Domain name certificate is imperative! Here is how to, and several different ways to apply for domain name certificates.

First, let’s understand what TSL/SSL is

Apply for a free SSL certificate SSL is the abbreviation of "Secure Sockets Layer". It was designed by Netscape in the mid-1990s. (By the way, Netscape not only invented SSL, but also invented a lot of Web infrastructure - such as "CSS style sheets" and "JS scripts")
Why was the SSL protocol invented? Because the HTTP protocol originally used on the Internet was plain text, which had many shortcomings - for example, the transmitted content could be sniffed and tampered with. The SSL protocol was invented to solve these problems.
By 1999, SSL had become the de facto standard on the Internet due to its widespread use. The IETF standardized SSL that year. The name after standardization was changed to TLS (abbreviation for "Transport Layer Security"), which is called "Transport Layer Security Protocol" in Chinese.
Many related articles refer to the two in parallel (SSL/TLS), because the two can be regarded as different stages of the same thing. How to make a domain name support TSL? Simply put, it is to apply for an SSL/TSL certificate for the domain name!
To apply for SSL/TSL certificate, please refer to:

Free SSL certificate for Linux server

Apply for TSL/SSL certificate for free

There are two types of SSL certificates, one is ECC certificate (built-in public key is ECDSA public key), the other is RSA certificate (built-in RSA public key). Simply put, ECC is more secure than RSA of the same length, that is, under the same security conditions, the key length of ECC is much shorter than RSA (encryption and decryption will be faster). But the problem is that ECC has poor compatibility, and is not supported by Android 4.x and below and Windows XP. As long as your device is not a very old antique, it is strongly recommended to use ECC certificates.
Use below Script, how to apply for TSL/SSL certificate on Linux server:

curl https://get.acme.sh | sh

Apply for SSL certificate online for freeIt prompts that SOCAT needs to be installed first. After installing socat, restart the server and then run the script to apply for the certificate. Centos8 prompts that port 80 is occupied. After uninstalling SOCAT, it prompts that SOCAT needs to be installed again when applying for the certificate. It's an endless loop! Reboot to solve the problem!

dnf -y install socat reboot

Apply for SSL certificate online for freeGenerate the certificate below. If you have installed a web server such as nginx or apache on your server, you need to temporarily shut it down. Port 80 will be occupied during the certificate application process. Please make sure that port 80 on your server is not occupied.
A few small commands about ports:

netstat -tln # Check the port usage on the server. netstat -tln | grep 80 # Check whether port 80 is occupied. If the command line does not respond, the port is not occupied. If it is occupied, the corresponding port will be displayed. lsof -i :80 # Check which program the port belongs to? Which process occupies the port kill -9 process number # Kill the process occupying the port

Let's get startedIf an error occurs, you can add the --debug parameter to view the detailed error.

acme.sh --issue -d gogobox.tk --standalone -k ec-256

If nothing unexpected happens, the TSL/SSL certificate has been generated successfully!
Apply for SSL certificate online for freeThe validity period of the TSL/SSL free certificate is 90 days, and the certificate needs to be renewed within 90 days. The script will update it every 60 days. In theory, the free certificate can be renewed and used indefinitely. Of course, you can also manually update it through the following command.

acme.sh --renew -d gogobox.tk --force --ecc

If you need to generate a domain name starting with www or a second-level domain name, please add the -d parameter in front of the domain name. The --force parameter is to force the certificate to be updated! For example:

acme.sh --issue -d gogobox.tk -d www.gogobox.tk -d m.gogobox.tk --standalone -k ec-256 --force

Install the certificate. After applying for the SSL certificate, it is saved in the root directory by default. If you need to install the certificate, install it in the specified location.

acme.sh --installcert -d gogobox.tk --ecc --key-file /home/ssl/gogobox.tk.key --fullchain-file /home/ssl/fullchain.cer --reloadcmd "systemctl force-reload nginx"

Here is another way to apply for an SSL certificate:
Install socat first

dnf install socat

Install acme.sh

curl https://get.acme.sh | sh

后reboot,在nginx里设置好域名后,再进行证书申请

acme.sh --issue -d gogobox.tk -d www.gogobox.tk --webroot /var/wwwroot/

You can also use the command to read the nginx configuration, provided that the path to the domain name has been set in nginx.

acme.sh --issue -d gogobox.tk --nginx

After the certificate application is successful, you need to install the certificate:

After the certificate application is successful, install the certificate. acme.sh --installcert -d gogobox.tk --key-file /home/ssl/gogobox.tk.key --fullchain-file /home/ssl/fullchain.cer --reloadcmd "systemctl force-reload nginx"

What is the difference between certificates with extensions cer and crt?

Certificates with the extension CRT are DER encoded or PEM encoded. The extensions CER and CRT are almost synonymous. This is common in various Unix/Linux systems.

CER is the Microsoft format of the CRT certificate. You can use Microsoft tools to convert CRT files to CER files (CRT and CER must be encoded in the same format, DER or PEM). Files with the extension CER can be recognized by IE and used as commands to call Microsoft's crypto API.

There are several certificate extensions in Windows, such as .cer and .crt. Generally speaking, .cer files are binary data, while .crt files contain ASCII data.

The cer file contains certificate data encoded according to the Distinguished Encoding Rules (DER), which is the encoding format specified in the x.690 standard.

X.509 is the most basic public key format standard, which specifies the various information that a certificate needs to contain. Usually, the certificates we mention are in this format, which contains the public key, the digital signature of the issuer, the validity period, etc. It should be emphasized that it does not contain the private key. The relevant formats are: DER, PEM, CER, CRT.

The SSL domain name certificate has been applied for!

Apply for SSL certificate online for free

FreeSSL: FreeSSL is a website that provides free HTTPS certificate application, HTTPS certificate management and HTTPS certificate expiration reminder services. It aims to promote the popularization and application of HTTPS certificates and simplify the certificate application process.

SSL certificate application website:https://freessl.org

FreeSSL is a free HTTPS certificate application

certbot: certbot is a script-based Let's Encrypt certificate application client. It requires some experience in command line usage. If you need automatic updates, you need to add plug-ins, which makes it difficult to use. If you need automatic updates and automatic deployment, we recommend using acme.sh and ohttps described below.

SSL certificate application website:https://certbot.eff.org

Apply for SSL certificate online for free

acme.sh: is a well-known open source project for applying for Let's Encrypt certificates. It is also a script type with detailed documentation and supports automated updates and deployments. The only drawback is that acme.sh cannot meet the need for automatic deployment to multiple nodes after updates. If you have some experience in using the command line, acme.sh is still very convenient to use and is highly recommended! Regarding the need for automatic deployment to multiple nodes after updates, it is recommended to use ohttps described below.

Apply for SSL certificate online for free

SSL certificate application website:https://github.com/acmesh-official/acme.sh

It provides functions similar to acme.sh, but provides a friendly management interface, can apply for Let's Encrypt free wildcard type certificates, and also provides certificate revocation, pre-expiration reminders, automatic updates, and automatic deployment functions. In addition, it adds some very practical functions compared to acme.sh, mainly including automatic deployment to Alibaba Cloud, Tencent Cloud, Qiniu Cloud's load balancing, content distribution CDN, SSL certificate list, etc., and can be automatically deployed to multiple nginx containers. If you need to automatically deploy to multiple different nodes after the certificate is updated, use http://ohttps.com. Here we strongly recommend that you use http://ohttps.com to apply for and manage free HTTPS certificates issued by Let's Encrypt.

Apply for SSL certificate online for free

SSL certificate application website:http://ohttps.com

score

Leave a Reply

Your email address will not be published. Required fields are marked *