准备工作
首先有一个linux虚拟机
$ apt-get install letsencrypt
$ apt-get install python-pip
$ pip install --upgrade pip
$ pip install certbot
$ certbot certonly --manual --preferred-challenges dns --email [email protected] --domains test001.bar.com
执行成功后
Please deploy a DNS TXT record under the name
_acme-challenge.erpnext.xyz with the following value:
J50GNXkhGmKCfn-0LQJcknVGtPEAQ_U_WajcLXgqWqo
产生key-value对,添加dns中(Create TXT record via DNS console and setup key and value):
Record Name: acme-challenge.erpnext.xyz
Record Value: J50GNXkhGmKCfn-0LQJcknVGtPEAQ_U_WajcLXgqWqo
点击继续,出现下面的提示,导出证书成功:
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/nova.moe/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/nova.moe/privkey.pem
创建google Cloud load balancing 谷歌云负载平衡
添加google Cloud load balancing https负载,
后端服务器连接到网页存储的cloud storage中。
前端配置https,导入证书。
如果希望https和hhtp都可用,可以让此ip分别监听80和443两个端口,同时早域名商中,添加域名到ip的链接。
参考资料
使用 Google Cloud Platform 的 Storage 托管静态站点并通过 Google CDN 加速
Generate Wildcard SSL certificate using Let’s Encrypt/Certbot
Letsencrypt how to use preferred-challenges
cloud google load balancing
How to Setup a SSL for Google Cloud Storage hosted Site?
Google Cloud Load Balancer redirect HTTP to HTTPS