让我们加密吧!letsencrypt

第三次公测http://letsencrypt.org

Thank you for your interest in our beta program! We’re excited to let you know that your domains (below) have been whitelisted, and you can now utilize an ACME client to obtain a certificate for them.

Quick Start

To use Let’s Encrypt’s official client to obtain your real certificates, you will need to provide the production API URL on the command line:

https://acme-v01.api.letsencrypt.org/directory
When running the Python client (installation directions [1]), be sure to specify the –server argument as shown below:

git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto –server \
https://acme-v01.api.letsencrypt.org/directory –help
How to use the client

The Let’s Encrypt client supports a number of different “plugins” that can be used to obtain and/or install certificates. A few examples of the options are included below.

If you’re running Apache on a recent Debian-based OS, you can try the Apache plugin, which automates both obtaining and installing certs:

./letsencrypt-auto –apache –server https://acme-v01.api.letsencrypt.org/directory –agree-dev-preview
To obtain a cert using a “standalone” webserver (you may need to temporarily stop your exising webserver) for example.com and www.example.com:

./letsencrypt-auto certonly -a standalone \
-d example.com -d www.example.com \
–server https://acme-v01.api.letsencrypt.org/directory –agree-dev-preview
To obtain a cert using the “webroot” plugin, which can work with the webroot of any webserver software:

./letsencrypt-auto certonly -a webroot –webroot-path /var/www/example \
-d example.com -d www.example.com \
-server https://acme-v01.api.letsencrypt.org/directory –agree-dev-preview
Note: Currently the webroot plugin can only obtain certs for several domains simultaneously if they share a webroot.

To receive instructions for the (fairly complex) process of obtaining a cert from Let’s Encrypt by manually providing proof you control a domain:

./letsencrypt-auto certonly -a manual -d example.com \
–server https://acme-v01.api.letsencrypt.org/directory –agree-dev-preview
If you are using a different ACME client, be sure to configure it to use the production URL in order to get valid certificates. Many clients will default to the staging URL.

Help and Known Issues

You can get help with the client and Let’s Encrypt at:

https://community.letsencrypt.org/
Known issues with the Python client can be tracked here:

https://github.com/letsencrypt/letsencrypt/issues
Please search thoroughly for existing issues before filing a new report!

Renewals and Lifetimes

Certificates from Let’s Encrypt are valid for 90 days. We recommend renewing them every 60 days to provide a nice margin of error. As a beta participant, you should be prepared to manually renew your certificates at that time. As we get closer to General Availability, we hope to have automatic renewal tested and working on more platforms, but for now, please play it safe and keep track.

Rate Limiting

During this beta test we have very tight rate-limiting in place. We plan to loosen these limits as the beta proceeds.

There are two rate limits in play: Registrations/IP address, and Certificates/Domain.

Registrations/IP address limits the number of registrations you can make in a given day; currently 10. This means you should avoid deleting the /etc/letsencrypt/accounts folder, or you may not be able to re-register.

Certificates/Domain you could run into through repeated re-issuance. This limit measures certificates issued for a given combination of Top Level Domain + Domain. This means if you issue certificates for the following domains, at the end you would have what we consider 4 certificates for the domain example.com.

www.example.com
example.com www.example.com
webmail.example.com ldap.example.com
example.com www.example.com
The limit on Certificates/Domain has a window of 60 days, to give 30 days for renewals. We know it’s restrictive at present; thank you for your patience in helping us ensure Let’s Encrypt is ready for the whole world.
Certificate Transparency

Part of our transparency mission includes publicly disclosing the certificates we issue via Certificate Transparency. Your email address is not publicly disclosed.

Helpful Information

Let’s Encrypt maintainence events are posted on https://letsencrypt.status.io/ and Twitter (@letsencrypt_ops). If you need help, both the Let’s Encrypt community at https://community.letsencrypt.org/ and #letsencrypt on irc.freenode.org are excellent sources of assistance.

If there are updates for Beta program participants, they will be posted at the community site at https://community.letsencrypt.org/t/beta-program-announcements/1631.

可以看出目前他提供的只有六十天的使用时间,在附加三十天的恢复时间,要整合起来有90天。时间方面官方语在强调只有九十天但是可以通过其他手段,官方提供的自动续期工具,但是每六十天执行一次自动恢复你尽量对我来说,可能后期我们还会想其他办法利用利用crontab来完成相关繁琐操作,减少浪费时间的操作。

最后修改日期:2015年11月20日

作者

留言

撰写回覆或留言

发布留言必须填写的电子邮件地址不会公开。