{"id":10076,"date":"2023-12-27T11:18:06","date_gmt":"2023-12-27T07:48:06","guid":{"rendered":"https:\/\/rasanegar.com\/blog\/nginx-%d8%b1%d8%a7-%d8%a8%d8%a7-lets-encrypt-%d8%af%d8%b1-centos-8-%d8%a7%db%8c%d9%85%d9%86-%da%a9%d9%86%db%8c%d8%af\/"},"modified":"2023-12-27T11:18:06","modified_gmt":"2023-12-27T07:48:06","slug":"nginx-%d8%b1%d8%a7-%d8%a8%d8%a7-lets-encrypt-%d8%af%d8%b1-centos-8-%d8%a7%db%8c%d9%85%d9%86-%da%a9%d9%86%db%8c%d8%af","status":"publish","type":"post","link":"https:\/\/rasanegaar.com\/blog\/nginx-%d8%b1%d8%a7-%d8%a8%d8%a7-lets-encrypt-%d8%af%d8%b1-centos-8-%d8%a7%db%8c%d9%85%d9%86-%da%a9%d9%86%db%8c%d8%af\/","title":{"rendered":"Nginx \u0631\u0627 \u0628\u0627 Let&#8217;s Encrypt \u062f\u0631 CentOS 8 \u0627\u06cc\u0645\u0646 \u06a9\u0646\u06cc\u062f"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\"><p class=\"ez-toc-title\" style=\"cursor:inherit\">\u0633\u0631\u0641\u0635\u0644\u0647\u0627\u06cc \u0645\u0637\u0644\u0628<\/p>\n<\/div><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/rasanegaar.com\/blog\/nginx-%d8%b1%d8%a7-%d8%a8%d8%a7-lets-encrypt-%d8%af%d8%b1-centos-8-%d8%a7%db%8c%d9%85%d9%86-%da%a9%d9%86%db%8c%d8%af\/#%d9%be%db%8c%d8%b4_%d9%86%db%8c%d8%a7%d8%b2%d9%87%d8%a7\" >\u067e\u06cc\u0634 \u0646\u06cc\u0627\u0632\u0647\u0627<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/rasanegaar.com\/blog\/nginx-%d8%b1%d8%a7-%d8%a8%d8%a7-lets-encrypt-%d8%af%d8%b1-centos-8-%d8%a7%db%8c%d9%85%d9%86-%da%a9%d9%86%db%8c%d8%af\/#%d9%86%d8%b5%d8%a8_certbot\" >\u0646\u0635\u0628 Certbot<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/rasanegaar.com\/blog\/nginx-%d8%b1%d8%a7-%d8%a8%d8%a7-lets-encrypt-%d8%af%d8%b1-centos-8-%d8%a7%db%8c%d9%85%d9%86-%da%a9%d9%86%db%8c%d8%af\/#%d8%aa%d9%88%d9%84%db%8c%d8%af_%da%af%d8%b1%d9%88%d9%87_strong_dh_diffie-hellman\" >\u062a\u0648\u0644\u06cc\u062f \u06af\u0631\u0648\u0647 Strong Dh (Diffie-Hellman).<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/rasanegaar.com\/blog\/nginx-%d8%b1%d8%a7-%d8%a8%d8%a7-lets-encrypt-%d8%af%d8%b1-centos-8-%d8%a7%db%8c%d9%85%d9%86-%da%a9%d9%86%db%8c%d8%af\/#%d8%af%d8%b1%db%8c%d8%a7%d9%81%d8%aa_%da%af%d9%88%d8%a7%d9%87%db%8c%d9%86%d8%a7%d9%85%d9%87_lets_encrypt_ssl\" >\u062f\u0631\u06cc\u0627\u0641\u062a \u06af\u0648\u0627\u0647\u06cc\u0646\u0627\u0645\u0647 Let&#8217;s Encrypt SSL<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/rasanegaar.com\/blog\/nginx-%d8%b1%d8%a7-%d8%a8%d8%a7-lets-encrypt-%d8%af%d8%b1-centos-8-%d8%a7%db%8c%d9%85%d9%86-%da%a9%d9%86%db%8c%d8%af\/#%d8%aa%d9%85%d8%af%db%8c%d8%af_%d8%ae%d9%88%d8%af%da%a9%d8%a7%d8%b1_%da%af%d9%88%d8%a7%d9%87%db%8c%d9%86%d8%a7%d9%85%d9%87_lets_encrypt_ssl\" >\u062a\u0645\u062f\u06cc\u062f \u062e\u0648\u062f\u06a9\u0627\u0631 \u06af\u0648\u0627\u0647\u06cc\u0646\u0627\u0645\u0647 Let&#8217;s Encrypt SSL<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/rasanegaar.com\/blog\/nginx-%d8%b1%d8%a7-%d8%a8%d8%a7-lets-encrypt-%d8%af%d8%b1-centos-8-%d8%a7%db%8c%d9%85%d9%86-%da%a9%d9%86%db%8c%d8%af\/#%d9%86%d8%aa%db%8c%d8%ac%d9%87\" >\u0646\u062a\u06cc\u062c\u0647<\/a><\/li><\/ul><\/nav><\/div>\n<span class=\"span-reading-time rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\">\u0632\u0645\u0627\u0646 \u0644\u0627\u0632\u0645 \u0628\u0631\u0627\u06cc \u0645\u0637\u0627\u0644\u0639\u0647: <\/span> <span class=\"rt-time\"> 4<\/span> <span class=\"rt-label rt-postfix\">\u062f\u0642\u06cc\u0642\u0647<\/span><\/span><p> <br \/>\n<br \/><\/p>\n<div class=\"markdown\">\n<p>Let&#8217;s Encrypt \u06cc\u06a9 \u0645\u0631\u062c\u0639 \u06af\u0648\u0627\u0647\u06cc \u0631\u0627\u06cc\u06af\u0627\u0646\u060c \u062e\u0648\u062f\u06a9\u0627\u0631 \u0648 \u0628\u0627\u0632 \u0627\u0633\u062a \u06a9\u0647 \u062a\u0648\u0633\u0637 \u06af\u0631\u0648\u0647 \u062a\u062d\u0642\u06cc\u0642\u0627\u062a\u06cc \u0627\u0645\u0646\u06cc\u062a \u0627\u06cc\u0646\u062a\u0631\u0646\u062a (ISRG) \u062a\u0648\u0633\u0639\u0647 \u06cc\u0627\u0641\u062a\u0647 \u0648 \u06af\u0648\u0627\u0647\u06cc\u0646\u0627\u0645\u0647 \u0647\u0627\u06cc SSL \u0631\u0627\u06cc\u06af\u0627\u0646 \u0627\u0631\u0627\u0626\u0647 \u0645\u06cc \u062f\u0647\u062f.<\/p>\n<p>\u06af\u0648\u0627\u0647\u06cc\u200c\u0647\u0627\u06cc \u0635\u0627\u062f\u0631 \u0634\u062f\u0647 \u062a\u0648\u0633\u0637 Let&#8217;s Encrypt \u0645\u0648\u0631\u062f \u0627\u0639\u062a\u0645\u0627\u062f \u0647\u0645\u0647 \u0645\u0631\u0648\u0631\u06af\u0631\u0647\u0627\u06cc \u0627\u0635\u0644\u06cc \u0647\u0633\u062a\u0646\u062f \u0648 90 \u0631\u0648\u0632 \u0627\u0632 \u062a\u0627\u0631\u06cc\u062e \u0635\u062f\u0648\u0631 \u0627\u0639\u062a\u0628\u0627\u0631 \u062f\u0627\u0631\u0646\u062f.<\/p>\n<p>\u062f\u0631 \u0627\u06cc\u0646 \u0622\u0645\u0648\u0632\u0634\u060c \u062f\u0633\u062a\u0648\u0631\u0627\u0644\u0639\u0645\u0644 \u0647\u0627\u06cc \u06af\u0627\u0645 \u0628\u0647 \u06af\u0627\u0645 \u062f\u0631 \u0645\u0648\u0631\u062f \u0631\u0648\u0634 \u0646\u0635\u0628 \u06af\u0648\u0627\u0647\u06cc\u0646\u0627\u0645\u0647 \u0631\u0627\u06cc\u06af\u0627\u0646 Let&#8217;s Encrypt SSL \u0628\u0631 \u0631\u0648\u06cc CentOS 8 \u06a9\u0647 Nginx \u0631\u0627 \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \u06cc\u06a9 \u0648\u0628 \u0633\u0631\u0648\u0631 \u0627\u062c\u0631\u0627 \u0645\u06cc \u06a9\u0646\u062f\u060c \u0627\u0631\u0627\u0626\u0647 \u062e\u0648\u0627\u0647\u06cc\u0645 \u062f\u0627\u062f.  \u0647\u0645\u0686\u0646\u06cc\u0646 \u0631\u0648\u0634 \u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc Nginx \u0628\u0631\u0627\u06cc \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u06af\u0648\u0627\u0647\u06cc SSL \u0648 \u0641\u0639\u0627\u0644 \u06a9\u0631\u062f\u0646 HTTP\/2 \u0631\u0627 \u0646\u0634\u0627\u0646 \u062e\u0648\u0627\u0647\u06cc\u0645 \u062f\u0627\u062f.<\/p>\n<h2 id=\"prerequisites\"><span class=\"ez-toc-section\" id=\"%d9%be%db%8c%d8%b4_%d9%86%db%8c%d8%a7%d8%b2%d9%87%d8%a7\"><\/span>\u067e\u06cc\u0634 \u0646\u06cc\u0627\u0632\u0647\u0627 <span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>\u0642\u0628\u0644 \u0627\u0632 \u0627\u062f\u0627\u0645\u0647\u060c \u0645\u0637\u0645\u0626\u0646 \u0634\u0648\u06cc\u062f \u06a9\u0647 \u067e\u06cc\u0634 \u0646\u06cc\u0627\u0632\u0647\u0627\u06cc \u0632\u06cc\u0631 \u0631\u0627 \u0628\u0631\u0622\u0648\u0631\u062f\u0647 \u06a9\u0631\u062f\u0647 \u0627\u06cc\u062f:<\/p>\n<ul>\n<li>\u0634\u0645\u0627 \u06cc\u06a9 \u0646\u0627\u0645 \u062f\u0627\u0645\u0646\u0647 \u062f\u0627\u0631\u06cc\u062f \u06a9\u0647 \u0628\u0647 IP \u0639\u0645\u0648\u0645\u06cc \u0634\u0645\u0627 \u0627\u0634\u0627\u0631\u0647 \u062f\u0627\u0631\u062f.  \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u062e\u0648\u0627\u0647\u06cc\u0645 \u06a9\u0631\u062f <code>example.com<\/code>.<\/li>\n<li>\u0634\u0645\u0627 Nginx \u0631\u0627 \u0631\u0648\u06cc \u0633\u0631\u0648\u0631 CentOS \u062e\u0648\u062f \u0646\u0635\u0628 \u06a9\u0631\u062f\u0647 \u0627\u06cc\u062f.<\/li>\n<li>\u0641\u0627\u06cc\u0631\u0648\u0627\u0644 \u0634\u0645\u0627 \u0628\u0631\u0627\u06cc \u067e\u0630\u06cc\u0631\u0634 \u0627\u062a\u0635\u0627\u0644\u0627\u062a \u062f\u0631 \u067e\u0648\u0631\u062a \u0647\u0627\u06cc 80 \u0648 443 \u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc \u0634\u062f\u0647 \u0627\u0633\u062a.<\/li>\n<\/ul>\n<h2 id=\"installing-certbot\"><span class=\"ez-toc-section\" id=\"%d9%86%d8%b5%d8%a8_certbot\"><\/span>\u0646\u0635\u0628 Certbot <span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Certbot \u0631\u0627\u06cc\u06af\u0627\u0646 \u0627\u0633\u062a command-line \u0627\u0628\u0632\u0627\u0631\u06cc \u06a9\u0647 \u06a9\u0627\u0631 \u0631\u0627 \u0633\u0627\u062f\u0647 \u0645\u06cc \u06a9\u0646\u062f process \u0628\u0631\u0627\u06cc \u0628\u0647 \u062f\u0633\u062a \u0622\u0648\u0631\u062f\u0646 \u0648 \u062a\u0645\u062f\u06cc\u062f \u06af\u0648\u0627\u0647\u06cc\u0646\u0627\u0645\u0647 \u0647\u0627\u06cc SSL \u0627\u0632 \u0648 \u0641\u0639\u0627\u0644 \u06a9\u0631\u062f\u0646 \u062e\u0648\u062f\u06a9\u0627\u0631 HTTPS \u062f\u0631 \u0633\u0631\u0648\u0631 \u0634\u0645\u0627.<\/p>\n<p>\u0628\u0633\u062a\u0647 certbot \u062f\u0631 \u0645\u062e\u0627\u0632\u0646 \u0627\u0633\u062a\u0627\u0646\u062f\u0627\u0631\u062f CentOS 8 \u0645\u0648\u062c\u0648\u062f \u0646\u06cc\u0633\u062a\u060c \u0627\u0645\u0627 \u0645\u06cc \u062a\u0648\u0627\u0646 \u0622\u0646 \u0631\u0627 \u0627\u0632 \u0648\u0628 \u0633\u0627\u06cc\u062a \u0641\u0631\u0648\u0634\u0646\u062f\u0647 \u062f\u0627\u0646\u0644\u0648\u062f \u06a9\u0631\u062f.<\/p>\n<p>\u0632\u06cc\u0631 \u0631\u0627 \u0627\u062c\u0631\u0627 \u06a9\u0646\u06cc\u062f <code>wget<\/code><br \/>\n\u062f\u0633\u062a\u0648\u0631 \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \u06a9\u0627\u0631\u0628\u0631 root \u06cc\u0627 sudo \u0628\u0631\u0627\u06cc \u062f\u0627\u0646\u0644\u0648\u062f \u0627\u0633\u06a9\u0631\u06cc\u067e\u062a certbot \u062f\u0631 <code>\/usr\/local\/bin<\/code> \u0641\u0647\u0631\u0633\u062a \u0631\u0627\u0647\u0646\u0645\u0627:<\/p>\n<pre class=\"terminal\"><code class=\"terminal-line\" prefix=\"$\">sudo wget -P \/usr\/local\/bin https:\/\/dl.eff.org\/certbot-auto<\/code><\/pre>\n<p>\u067e\u0633 \u0627\u0632 \u0627\u062a\u0645\u0627\u0645 \u062f\u0627\u0646\u0644\u0648\u062f\u060c \u0641\u0627\u06cc\u0644 \u0631\u0627 \u0642\u0627\u0628\u0644 \u0627\u062c\u0631\u0627 \u06a9\u0646\u06cc\u062f:<\/p>\n<pre class=\"terminal\"><code class=\"terminal-line\" prefix=\"$\">sudo chmod +x \/usr\/local\/bin\/certbot-auto<\/code><\/pre>\n<h2 id=\"generating-strong-dh-diffie-hellman-group\"><span class=\"ez-toc-section\" id=\"%d8%aa%d9%88%d9%84%db%8c%d8%af_%da%af%d8%b1%d9%88%d9%87_strong_dh_diffie-hellman\"><\/span>\u062a\u0648\u0644\u06cc\u062f \u06af\u0631\u0648\u0647 Strong Dh (Diffie-Hellman). <span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>\u062a\u0628\u0627\u062f\u0644 \u06a9\u0644\u06cc\u062f \u062f\u06cc\u0641\u06cc-\u0647\u0644\u0645\u0646 (DH) \u0631\u0648\u0634\u06cc \u0628\u0631\u0627\u06cc \u062a\u0628\u0627\u062f\u0644 \u0627\u0645\u0646 \u06a9\u0644\u06cc\u062f\u0647\u0627\u06cc \u0631\u0645\u0632\u0646\u06af\u0627\u0631\u06cc \u0627\u0632 \u0637\u0631\u06cc\u0642 \u06cc\u06a9 \u06a9\u0627\u0646\u0627\u0644 \u0627\u0631\u062a\u0628\u0627\u0637\u06cc \u0646\u0627\u0627\u0645\u0646 \u0627\u0633\u062a.<\/p>\n<p>\u0628\u0627 \u062a\u0627\u06cc\u067e \u062f\u0633\u062a\u0648\u0631 \u0632\u06cc\u0631 \u0645\u062c\u0645\u0648\u0639\u0647 \u062c\u062f\u06cc\u062f\u06cc \u0627\u0632 \u067e\u0627\u0631\u0627\u0645\u062a\u0631\u0647\u0627\u06cc DH 2048 \u0628\u06cc\u062a\u06cc \u0627\u06cc\u062c\u0627\u062f \u06a9\u0646\u06cc\u062f:<\/p>\n<pre class=\"terminal\"><code class=\"terminal-line\" prefix=\"$\">sudo openssl dhparam -out \/etc\/ssl\/certs\/dhparam.pem 2048<\/code><\/pre>\n<p>\u0627\u06af\u0631 \u0628\u062e\u0648\u0627\u0647\u06cc\u062f \u0645\u06cc \u062a\u0648\u0627\u0646\u06cc\u062f \u0637\u0648\u0644 \u06a9\u0644\u06cc\u062f \u0631\u0627 \u062a\u0627 4096 \u0628\u06cc\u062a \u062a\u063a\u06cc\u06cc\u0631 \u062f\u0647\u06cc\u062f\u060c \u0627\u0645\u0627 \u062a\u0648\u0644\u06cc\u062f \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u0628\u06cc\u0634 \u0627\u0632 30 \u062f\u0642\u06cc\u0642\u0647 \u0637\u0648\u0644 \u0628\u06a9\u0634\u062f\u060c \u0628\u0633\u062a\u0647 \u0628\u0647 \u0622\u0646\u062a\u0631\u0648\u067e\u06cc \u0633\u06cc\u0633\u062a\u0645.<\/p>\n<h2 id=\"obtaining-a-lets-encrypt-ssl-certificate\"><span class=\"ez-toc-section\" id=\"%d8%af%d8%b1%db%8c%d8%a7%d9%81%d8%aa_%da%af%d9%88%d8%a7%d9%87%db%8c%d9%86%d8%a7%d9%85%d9%87_lets_encrypt_ssl\"><\/span>\u062f\u0631\u06cc\u0627\u0641\u062a \u06af\u0648\u0627\u0647\u06cc\u0646\u0627\u0645\u0647 Let&#8217;s Encrypt SSL <span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>\u0628\u0631\u0627\u06cc \u062f\u0631\u06cc\u0627\u0641\u062a \u06af\u0648\u0627\u0647\u06cc SSL \u0628\u0631\u0627\u06cc \u062f\u0627\u0645\u0646\u0647\u060c \u0627\u0632 \u0627\u0641\u0632\u0648\u0646\u0647 Webroot \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc \u06a9\u0646\u06cc\u0645 \u06a9\u0647 \u0628\u0627 \u0627\u06cc\u062c\u0627\u062f \u06cc\u06a9 \u0641\u0627\u06cc\u0644 \u0645\u0648\u0642\u062a \u0628\u0631\u0627\u06cc \u0627\u0639\u062a\u0628\u0627\u0631\u0633\u0646\u062c\u06cc \u062f\u0627\u0645\u0646\u0647 \u062f\u0631\u062e\u0648\u0627\u0633\u062a\u06cc \u062f\u0631 <code>${webroot-path}\/.well-known\/acme-challenge<\/code> \u0641\u0647\u0631\u0633\u062a \u0631\u0627\u0647\u0646\u0645\u0627.  \u0633\u0631\u0648\u0631 Let&#8217;s Encrypt \u062f\u0631\u062e\u0648\u0627\u0633\u062a \u0647\u0627\u06cc HTTP \u0631\u0627 \u0628\u0647 \u0641\u0627\u06cc\u0644 \u0645\u0648\u0642\u062a \u0645\u06cc \u062f\u0647\u062f \u062a\u0627 \u062a\u0623\u06cc\u06cc\u062f \u06a9\u0646\u062f \u06a9\u0647 \u062f\u0627\u0645\u0646\u0647 \u062f\u0631\u062e\u0648\u0627\u0633\u062a\u06cc \u0628\u0647 \u0633\u0631\u0648\u0631\u06cc \u06a9\u0647 \u0631\u0628\u0627\u062a \u062f\u0631 \u0622\u0646 \u0627\u062c\u0631\u0627 \u0645\u06cc \u0634\u0648\u062f \u062d\u0644 \u0645\u06cc \u0634\u0648\u062f.<\/p>\n<p>\u0628\u0631\u0627\u06cc \u0633\u0627\u062f\u0647\u200c\u062a\u0631 \u06a9\u0631\u062f\u0646 \u0622\u0646\u060c \u0645\u06cc\u200c\u062e\u0648\u0627\u0647\u06cc\u0645 \u062a\u0645\u0627\u0645 \u062f\u0631\u062e\u0648\u0627\u0633\u062a\u200c\u0647\u0627\u06cc HTTP \u0631\u0627 \u0628\u0631\u0627\u06cc \u0622\u0646\u0647\u0627 \u062a\u0631\u0633\u06cc\u0645 \u06a9\u0646\u06cc\u0645 <code>.well-known\/acme-challenge<\/code> \u0628\u0647 \u06cc\u06a9 \u062f\u0627\u06cc\u0631\u06a9\u062a\u0648\u0631\u06cc \u0648\u0627\u062d\u062f\u060c <code>\/var\/lib\/letsencrypt<\/code>.<\/p>\n<p>\u062f\u0633\u062a\u0648\u0631\u0627\u062a \u0632\u06cc\u0631 \u062f\u0627\u06cc\u0631\u06a9\u062a\u0648\u0631\u06cc \u0631\u0627 \u0627\u06cc\u062c\u0627\u062f \u06a9\u0631\u062f\u0647 \u0648 \u0622\u0646 \u0631\u0627 \u0628\u0631\u0627\u06cc \u0633\u0631\u0648\u0631 Nginx \u0642\u0627\u0628\u0644 \u0646\u0648\u0634\u062a\u0646 \u0645\u06cc \u06a9\u0646\u062f.<\/p>\n<pre class=\"terminal\"><code class=\"terminal-line\" prefix=\"$\">sudo mkdir -p \/var\/lib\/letsencrypt\/.well-known<\/code><code class=\"terminal-line\" prefix=\"$\">sudo chgrp nginx \/var\/lib\/letsencrypt<\/code><code class=\"terminal-line\" prefix=\"$\">sudo chmod g+s \/var\/lib\/letsencrypt<\/code><\/pre>\n<p>\u0628\u0631\u0627\u06cc \u062c\u0644\u0648\u06af\u06cc\u0631\u06cc \u0627\u0632 \u062a\u06a9\u0631\u0627\u0631 \u06a9\u062f\u060c \u062f\u0648 \u0642\u0637\u0639\u0647 \u0632\u06cc\u0631 \u0631\u0627 \u0627\u06cc\u062c\u0627\u062f \u06a9\u0646\u06cc\u062f \u06a9\u0647 \u062f\u0631 \u062a\u0645\u0627\u0645 \u0641\u0627\u06cc\u0644 \u0647\u0627\u06cc \u0628\u0644\u0648\u06a9 \u0633\u0631\u0648\u0631 Nginx \u06af\u0646\u062c\u0627\u0646\u062f\u0647 \u0645\u06cc \u0634\u0648\u062f:<\/p>\n<pre class=\"terminal\"><code class=\"terminal-line\" prefix=\"$\">sudo mkdir \/etc\/nginx\/snippets<\/code><\/pre>\n<div class=\"code-label\">\/etc\/nginx\/snippets\/letsencrypt.conf<\/div>\n<div class=\"highlight\">\n<pre tabindex=\"0\" class=\"chroma\"><code class=\"language-nginx\" data-lang=\"nginx\"><span class=\"line\"><span class=\"cl\"><span class=\"k\">location<\/span> <span class=\"s\">^~<\/span> <span class=\"s\">\/.well-known\/acme-challenge\/<\/span> <span class=\"p\">{<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">  <span class=\"kn\">allow<\/span> <span class=\"s\">all<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">  <span class=\"kn\">root<\/span> <span class=\"s\">\/var\/lib\/letsencrypt\/<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">  <span class=\"kn\">default_type<\/span> <span class=\"s\">\"text\/plain\"<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">  <span class=\"kn\">try_files<\/span> <span class=\"nv\">$uri<\/span> <span class=\"p\">=<\/span><span class=\"mi\">404<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"p\">}<\/span>\n<\/span><\/span><\/code><\/pre>\n<\/div>\n<div class=\"code-label\">\/etc\/nginx\/snippets\/ssl.conf<\/div>\n<div class=\"highlight\">\n<pre tabindex=\"0\" class=\"chroma\"><code class=\"language-nginx\" data-lang=\"nginx\"><span class=\"line\"><span class=\"cl\"><span class=\"k\">ssl_dhparam<\/span> <span class=\"s\">\/etc\/ssl\/certs\/dhparam.pem<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"k\">ssl_session_timeout<\/span> <span class=\"s\">1d<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"k\">ssl_session_cache<\/span> <span class=\"s\">shared:SSL:10m<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"k\">ssl_session_tickets<\/span> <span class=\"no\">off<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"k\">ssl_protocols<\/span> <span class=\"s\">TLSv1.2<\/span> <span class=\"s\">TLSv1.3<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"k\">ssl_ciphers<\/span> <span class=\"s\">ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"k\">ssl_prefer_server_ciphers<\/span> <span class=\"no\">off<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"k\">ssl_stapling<\/span> <span class=\"no\">on<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"k\">ssl_stapling_verify<\/span> <span class=\"no\">on<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"k\">resolver<\/span> <span class=\"mi\">8<\/span><span class=\"s\">.8.8.8<\/span> <span class=\"mi\">8<\/span><span class=\"s\">.8.4.4<\/span> <span class=\"s\">valid=300s<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"k\">resolver_timeout<\/span> <span class=\"s\">30s<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"k\">add_header<\/span> <span class=\"s\">Strict-Transport-Security<\/span> <span class=\"s\">\"max-age=63072000\"<\/span> <span class=\"s\">always<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"k\">add_header<\/span> <span class=\"s\">X-Frame-Options<\/span> <span class=\"s\">SAMEORIGIN<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"k\">add_header<\/span> <span class=\"s\">X-Content-Type-Options<\/span> <span class=\"s\">nosniff<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><\/code><\/pre>\n<\/div>\n<p>\u0642\u0637\u0639\u0647 \u0628\u0627\u0644\u0627 \u0634\u0627\u0645\u0644 \u062a\u0631\u0627\u0634\u0647 \u0647\u0627\u06cc \u062a\u0648\u0635\u06cc\u0647 \u0634\u062f\u0647 \u062a\u0648\u0633\u0637 <a href=\"https:\/\/mozilla.github.io\/server-side-tls\/ssl-config-generator\/\" target=\"_blank\" rel=\"noopener\">\u0645\u0648\u0632\u06cc\u0644\u0627<\/a><br \/>\n\u060c OCSP Stapling\u060c HTTP Strict Transport Security (HSTS) \u0631\u0627 \u0641\u0639\u0627\u0644 \u0645\u06cc \u06a9\u0646\u062f \u0648 \u062a\u0639\u062f\u0627\u062f \u06a9\u0645\u06cc \u0647\u062f\u0631 HTTP \u0645\u062a\u0645\u0631\u06a9\u0632 \u0628\u0631 \u0627\u0645\u0646\u06cc\u062a \u0631\u0627 \u0627\u0639\u0645\u0627\u0644 \u0645\u06cc \u06a9\u0646\u062f.<\/p>\n<p>\u067e\u0633 \u0627\u0632 \u0627\u06cc\u062c\u0627\u062f \u0627\u0633\u0646\u06cc\u067e\u062a \u0647\u0627\u060c \u0628\u0644\u0648\u06a9 \u0633\u0631\u0648\u0631 \u062f\u0627\u0645\u0646\u0647 \u0631\u0627 \u0628\u0627\u0632 \u06a9\u0646\u06cc\u062f \u0648 \u0622\u0646 \u0631\u0627 \u0648\u0627\u0631\u062f \u06a9\u0646\u06cc\u062f <code>letsencrypt.conf<\/code> \u0642\u0637\u0639\u0647\u060c \u0647\u0645\u0627\u0646\u0637\u0648\u0631 \u06a9\u0647 \u062f\u0631 \u0632\u06cc\u0631 \u0646\u0634\u0627\u0646 \u062f\u0627\u062f\u0647 \u0634\u062f\u0647 \u0627\u0633\u062a:<\/p>\n<div class=\"code-label\">\/etc\/nginx\/conf.d\/example.com.conf<\/div>\n<div class=\"highlight\">\n<pre tabindex=\"0\" class=\"chroma\"><code class=\"language-nginx\" data-lang=\"nginx\"><span class=\"line\"><span class=\"cl\"><span class=\"k\">server<\/span> <span class=\"p\">{<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">  <span class=\"kn\">listen<\/span> <span class=\"mi\">80<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">  <span class=\"kn\">server_name<\/span> <span class=\"s\">example.com<\/span> <span class=\"s\">www.example.com<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">\n<\/span><\/span><span class=\"line hl\"><span class=\"cl\">  <span class=\"kn\">include<\/span> <span class=\"s\">snippets\/letsencrypt.conf<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"p\">}<\/span><\/span><\/span><\/code><\/pre>\n<\/div>\n<p>\u0628\u0631\u0627\u06cc \u0627\u0639\u0645\u0627\u0644 \u062a\u063a\u06cc\u06cc\u0631\u0627\u062a\u060c \u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc Nginx \u0631\u0627 \u062f\u0648\u0628\u0627\u0631\u0647 \u0628\u0627\u0631\u06af\u06cc\u0631\u06cc \u06a9\u0646\u06cc\u062f:<\/p>\n<pre class=\"terminal\"><code class=\"terminal-line\" prefix=\"$\">sudo systemctl reload nginx<\/code><\/pre>\n<p>\u0627\u0628\u0632\u0627\u0631 certbot \u0631\u0627 \u0628\u0627 \u0627\u0641\u0632\u0648\u0646\u0647 webroot \u0627\u062c\u0631\u0627 \u06a9\u0646\u06cc\u062f \u062a\u0627 \u0641\u0627\u06cc\u0644 \u0647\u0627\u06cc \u06af\u0648\u0627\u0647\u06cc SSL \u0631\u0627 \u0628\u0631\u0627\u06cc \u062f\u0627\u0645\u0646\u0647 \u062e\u0648\u062f \u062f\u0631\u06cc\u0627\u0641\u062a \u06a9\u0646\u06cc\u062f:<\/p>\n<pre class=\"terminal\"><code class=\"terminal-line\" prefix=\"$\">sudo \/usr\/local\/bin\/certbot-auto certonly --agree-tos --email admin@example.com --webroot -w \/var\/lib\/letsencrypt\/ -d example.com -d www.example.com<\/code><\/pre>\n<p>\u0627\u06af\u0631 \u0627\u06cc\u0646 \u0627\u0648\u0644\u06cc\u0646 \u0628\u0627\u0631 \u0627\u0633\u062a \u06a9\u0647 \u0641\u0631\u0627\u062e\u0648\u0627\u0646\u06cc \u0645\u06cc \u06a9\u0646\u06cc\u062f <code>certbot<\/code>\u060c \u0627\u0628\u0632\u0627\u0631 \u0648\u0627\u0628\u0633\u062a\u06af\u06cc \u0647\u0627\u06cc \u0627\u0632 \u062f\u0633\u062a \u0631\u0641\u062a\u0647 \u0631\u0627 \u0646\u0635\u0628 \u0645\u06cc \u06a9\u0646\u062f.<\/p>\n<p>\u0647\u0646\u06af\u0627\u0645\u06cc \u06a9\u0647 \u06af\u0648\u0627\u0647\u06cc SSL \u0628\u0627 \u0645\u0648\u0641\u0642\u06cc\u062a \u0628\u0647 \u062f\u0633\u062a \u0622\u0645\u062f\u060c certbot \u067e\u06cc\u0627\u0645 \u0632\u06cc\u0631 \u0631\u0627 \u0686\u0627\u067e \u0645\u06cc \u06a9\u0646\u062f:<\/p>\n<pre tabindex=\"0\"><code class=\"language-output\" data-lang=\"output\">IMPORTANT NOTES:\n - Congratulations! Your certificate and chain have been saved at:\n   \/etc\/letsencrypt\/live\/example.com\/fullchain.pem\n   Your key file has been saved at:\n   \/etc\/letsencrypt\/live\/example.com\/privkey.pem\n   Your cert will expire on 2020-03-12. To obtain a new or tweaked\n   version of this certificate in the future, simply run certbot-auto\n   again. To non-interactively renew *all* of your certificates, run\n   \"certbot-auto renew\"\n - If you like Certbot, please consider supporting our work by:\n\n   Donating to ISRG \/ Let's Encrypt:   https:\/\/letsencrypt.org\/donate\n   Donating to EFF:                    https:\/\/eff.org\/donate-le\n<\/code><\/pre>\n<p>\u0627\u06a9\u0646\u0648\u0646 \u06a9\u0647 \u0641\u0627\u06cc\u0644 \u0647\u0627\u06cc \u06af\u0648\u0627\u0647\u06cc \u0631\u0627 \u062f\u0627\u0631\u06cc\u062f\u060c \u0645\u06cc \u062a\u0648\u0627\u0646\u06cc\u062f \u0628\u0644\u0648\u06a9 \u0633\u0631\u0648\u0631 \u062f\u0627\u0645\u0646\u0647 \u062e\u0648\u062f \u0631\u0627 \u0628\u0647 \u0635\u0648\u0631\u062a \u0632\u06cc\u0631 \u0648\u06cc\u0631\u0627\u06cc\u0634 \u06a9\u0646\u06cc\u062f:<\/p>\n<div class=\"code-label\">\/etc\/nginx\/conf.d\/example.com.conf<\/div>\n<div class=\"highlight\">\n<pre tabindex=\"0\" class=\"chroma\"><code class=\"language-nginx\" data-lang=\"nginx\"><span class=\"line\"><span class=\"cl\"><span class=\"k\">server<\/span> <span class=\"p\">{<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">    <span class=\"kn\">listen<\/span> <span class=\"mi\">80<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">    <span class=\"kn\">server_name<\/span> <span class=\"s\">www.example.com<\/span> <span class=\"s\">example.com<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">\n<\/span><\/span><span class=\"line\"><span class=\"cl\">    <span class=\"kn\">include<\/span> <span class=\"s\">snippets\/letsencrypt.conf<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">    <span class=\"kn\">return<\/span> <span class=\"mi\">301<\/span> <span class=\"s\">https:\/\/<\/span><span class=\"nv\">$host$request_uri<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"p\">}<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"k\">server<\/span> <span class=\"p\">{<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">    <span class=\"kn\">listen<\/span> <span class=\"mi\">443<\/span> <span class=\"s\">ssl<\/span> <span class=\"s\">http2<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">    <span class=\"kn\">server_name<\/span> <span class=\"s\">www.example.com<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">\n<\/span><\/span><span class=\"line\"><span class=\"cl\">    <span class=\"kn\">ssl_certificate<\/span> <span class=\"s\">\/etc\/letsencrypt\/live\/example.com\/fullchain.pem<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">    <span class=\"kn\">ssl_certificate_key<\/span> <span class=\"s\">\/etc\/letsencrypt\/live\/example.com\/privkey.pem<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">    <span class=\"kn\">ssl_trusted_certificate<\/span> <span class=\"s\">\/etc\/letsencrypt\/live\/example.com\/chain.pem<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">    <span class=\"kn\">include<\/span> <span class=\"s\">snippets\/ssl.conf<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">    <span class=\"kn\">include<\/span> <span class=\"s\">snippets\/letsencrypt.conf<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">\n<\/span><\/span><span class=\"line\"><span class=\"cl\">    <span class=\"kn\">return<\/span> <span class=\"mi\">301<\/span> <span class=\"s\">https:\/\/example.com<\/span><span class=\"nv\">$request_uri<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"p\">}<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"k\">server<\/span> <span class=\"p\">{<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">    <span class=\"kn\">listen<\/span> <span class=\"mi\">443<\/span> <span class=\"s\">ssl<\/span> <span class=\"s\">http2<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">    <span class=\"kn\">server_name<\/span> <span class=\"s\">example.com<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">\n<\/span><\/span><span class=\"line\"><span class=\"cl\">    <span class=\"kn\">ssl_certificate<\/span> <span class=\"s\">\/etc\/letsencrypt\/live\/example.com\/fullchain.pem<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">    <span class=\"kn\">ssl_certificate_key<\/span> <span class=\"s\">\/etc\/letsencrypt\/live\/example.com\/privkey.pem<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">    <span class=\"kn\">ssl_trusted_certificate<\/span> <span class=\"s\">\/etc\/letsencrypt\/live\/example.com\/chain.pem<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">    <span class=\"kn\">include<\/span> <span class=\"s\">snippets\/ssl.conf<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">    <span class=\"kn\">include<\/span> <span class=\"s\">snippets\/letsencrypt.conf<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">\n<\/span><\/span><span class=\"line\"><span class=\"cl\">    <span class=\"c1\"># . . . other code\n<\/span><\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"c1\"><\/span><span class=\"p\">}<\/span>\n<\/span><\/span><\/code><\/pre>\n<\/div>\n<p>\u0628\u0627 \u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc \u0628\u0627\u0644\u0627\u060c HTTPS \u0631\u0627 \u0645\u062c\u0628\u0648\u0631 \u0645\u06cc \u06a9\u0646\u06cc\u0645 \u0648 www \u0631\u0627 \u0628\u0647 \u0646\u0633\u062e\u0647 \u063a\u06cc\u0631 www \u0647\u062f\u0627\u06cc\u062a \u0645\u06cc \u06a9\u0646\u06cc\u0645.<\/p>\n<p>\u062f\u0631 \u0646\u0647\u0627\u06cc\u062a\u060c \u0628\u0631\u0627\u06cc \u0627\u0639\u0645\u0627\u0644 \u062a\u063a\u06cc\u06cc\u0631\u0627\u062a\u060c \u0633\u0631\u0648\u06cc\u0633 Nginx \u0631\u0627 \u062f\u0648\u0628\u0627\u0631\u0647 \u0628\u0627\u0631\u06af\u06cc\u0631\u06cc \u06a9\u0646\u06cc\u062f:<\/p>\n<pre class=\"terminal\"><code class=\"terminal-line\" prefix=\"$\">sudo systemctl reload nginx<\/code><\/pre>\n<p>\u0627\u06a9\u0646\u0648\u0646\u060c \u0648\u0628 \u0633\u0627\u06cc\u062a \u062e\u0648\u062f \u0631\u0627 \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0622\u0646 \u0628\u0627\u0632 \u06a9\u0646\u06cc\u062f <code>https:\/\/<\/code>\u0648 \u06cc\u06a9 \u0646\u0645\u0627\u062f \u0642\u0641\u0644 \u0633\u0628\u0632 \u0631\u0646\u06af \u0631\u0627 \u0645\u0634\u0627\u0647\u062f\u0647 \u062e\u0648\u0627\u0647\u06cc\u062f \u06a9\u0631\u062f.<\/p>\n<p>\u0627\u06af\u0631 \u062f\u0627\u0645\u0646\u0647 \u062e\u0648\u062f \u0631\u0627 \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 <a href=\"https:\/\/www.ssllabs.com\/ssltest\/\" target=\"_blank\" rel=\"noopener\">\u062a\u0633\u062a \u0633\u0631\u0648\u0631 SSL Labs<\/a><br \/>\n\u060c \u0634\u0645\u0627 \u06cc\u06a9 \u062f\u0631\u06cc\u0627\u0641\u062a \u062e\u0648\u0627\u0647\u06cc\u062f \u06a9\u0631\u062f <code>A+<\/code> \u0646\u0645\u0631\u0647\u060c \u0647\u0645\u0627\u0646\u0637\u0648\u0631 \u06a9\u0647 \u062f\u0631 \u062a\u0635\u0648\u06cc\u0631 \u0632\u06cc\u0631 \u0646\u0634\u0627\u0646 \u062f\u0627\u062f\u0647 \u0634\u062f\u0647 \u0627\u0633\u062a:<\/p>\n<figure class=\"relative\">\n<div class=\"relative block w-full mx-auto my-0\">\n<div class=\"bg-gray-100 absolute inset-0 w-full h-full m-auto overflow-hidden\"><img decoding=\"async\" class=\"absolute inset-0 w-full h-full m-auto\" loading=\"lazy\" src=\"https:\/\/rasanegar.com\/blog\/wp-content\/uploads\/2023\/12\/1703663286_79_Nginx-\u0631\u0627-\u0628\u0627-Lets-Encrypt-\u062f\u0631-CentOS-8-\u0627\u06cc\u0645\u0646-\u06a9\u0646\u06cc\u062f.jpg\" alt=\"\u062a\u0633\u062a SSLLABS\" title=\"\"><\/div>\n<\/div>\n<\/figure>\n<h2 id=\"auto-renewing-lets-encrypt-ssl-certificate\"><span class=\"ez-toc-section\" id=\"%d8%aa%d9%85%d8%af%db%8c%d8%af_%d8%ae%d9%88%d8%af%da%a9%d8%a7%d8%b1_%da%af%d9%88%d8%a7%d9%87%db%8c%d9%86%d8%a7%d9%85%d9%87_lets_encrypt_ssl\"><\/span>\u062a\u0645\u062f\u06cc\u062f \u062e\u0648\u062f\u06a9\u0627\u0631 \u06af\u0648\u0627\u0647\u06cc\u0646\u0627\u0645\u0647 Let&#8217;s Encrypt SSL <span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>\u06af\u0648\u0627\u0647\u06cc\u0646\u0627\u0645\u0647 \u0647\u0627\u06cc Let&#8217;s Encrypt \u0628\u0647 \u0645\u062f\u062a 90 \u0631\u0648\u0632 \u0645\u0639\u062a\u0628\u0631 \u0647\u0633\u062a\u0646\u062f.  \u0628\u0631\u0627\u06cc \u062a\u0645\u062f\u06cc\u062f \u062e\u0648\u062f\u06a9\u0627\u0631 \u06af\u0648\u0627\u0647\u06cc \u0647\u0627 \u0642\u0628\u0644 \u0627\u0632 \u0627\u0646\u0642\u0636\u0627\u060c \u06cc\u06a9 cronjob \u0627\u06cc\u062c\u0627\u062f \u06a9\u0646\u06cc\u062f \u06a9\u0647 \u062f\u0648 \u0628\u0627\u0631 \u062f\u0631 \u0631\u0648\u0632 \u0627\u062c\u0631\u0627 \u0645\u06cc \u0634\u0648\u062f \u0648 \u0628\u0647 \u0637\u0648\u0631 \u062e\u0648\u062f\u06a9\u0627\u0631 \u0647\u0631 \u06af\u0648\u0627\u0647\u06cc \u0631\u0627 30 \u0631\u0648\u0632 \u0642\u0628\u0644 \u0627\u0632 \u0627\u0646\u0642\u0636\u0627 \u062a\u0645\u062f\u06cc\u062f \u0645\u06cc \u06a9\u0646\u062f.<\/p>\n<p>\u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u06cc\u062f <code>crontab<\/code> \u062f\u0633\u062a\u0648\u0631 \u0627\u06cc\u062c\u0627\u062f \u06cc\u06a9 cronjob \u062c\u062f\u06cc\u062f:<\/p>\n<pre class=\"terminal\"><code class=\"terminal-line\" prefix=\"$\">sudo crontab -e<\/code><\/pre>\n<p>\u062e\u0637 \u0632\u06cc\u0631 \u0631\u0627 \u0628\u0686\u0633\u0628\u0627\u0646\u06cc\u062f:<\/p>\n<div class=\"highlight\">\n<pre tabindex=\"0\" class=\"chroma\"><code class=\"language-sh\" data-lang=\"sh\"><span class=\"line\"><span class=\"cl\"><span class=\"m\">0<\/span> *\/12 * * * root <span class=\"nb\">test<\/span> -x \/usr\/local\/bin\/certbot-auto -a <span class=\"se\">\\!<\/span> -d \/run\/systemd\/system <span class=\"o\">&amp;&amp;<\/span> perl -e <span class=\"s1\">'sleep int(rand(3600))'<\/span> <span class=\"o\">&amp;&amp;<\/span> \/usr\/local\/bin\/certbot-auto -q renew --renew-hook <span class=\"s2\">\"systemctl reload nginx\"<\/span>\n<\/span><\/span><\/code><\/pre>\n<\/div>\n<p>\u0630\u062e\u06cc\u0631\u0647 \u06a9\u0646\u06cc\u062f \u0648 \u0641\u0627\u06cc\u0644 \u0631\u0627 \u0628\u0628\u0646\u062f\u06cc\u062f.<\/p>\n<p>\u0628\u0631\u0627\u06cc \u062a\u0633\u062a \u062a\u0645\u062f\u06cc\u062f process\u060c \u0645\u06cc \u062a\u0648\u0627\u0646\u06cc\u062f \u0627\u0632 \u062f\u0633\u062a\u0648\u0631 certbot \u0628\u0647 \u062f\u0646\u0628\u0627\u0644 \u0622\u0646 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u06cc\u062f <code>--dry-run<\/code> \u062a\u0639\u0648\u06cc\u0636:<\/p>\n<pre class=\"terminal\"><code class=\"terminal-line\" prefix=\"$\">sudo .\/certbot-auto renew --dry-run<\/code><\/pre>\n<p>\u0627\u06af\u0631 \u062e\u0637\u0627\u06cc\u06cc \u0648\u062c\u0648\u062f \u0646\u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u062f\u060c \u0628\u0647 \u0627\u06cc\u0646 \u0645\u0639\u0646\u06cc \u0627\u0633\u062a \u06a9\u0647 \u0622\u0632\u0645\u0648\u0646 \u062a\u0645\u062f\u06cc\u062f \u0645\u06cc \u0634\u0648\u062f process \u0645\u0648\u0641\u0642\u06cc\u062a \u0622\u0645\u06cc\u0632 \u0628\u0648\u062f.<\/p>\n<h2 id=\"conclusion\"><span class=\"ez-toc-section\" id=\"%d9%86%d8%aa%db%8c%d8%ac%d9%87\"><\/span>\u0646\u062a\u06cc\u062c\u0647 <span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>\u062f\u0631 \u0627\u06cc\u0646 \u0622\u0645\u0648\u0632\u0634\u060c \u0645\u0627 \u0628\u0647 \u0634\u0645\u0627 \u0646\u0634\u0627\u0646 \u062f\u0627\u062f\u06cc\u0645 \u06a9\u0647 \u0686\u06af\u0648\u0646\u0647 \u0627\u0632 \u0633\u0631\u0648\u06cc\u0633 \u06af\u06cc\u0631\u0646\u062f\u0647 Let&#8217;s Encrypt\u060c certbot \u0628\u0631\u0627\u06cc \u062f\u0627\u0646\u0644\u0648\u062f \u06af\u0648\u0627\u0647\u06cc\u0646\u0627\u0645\u0647 \u0647\u0627\u06cc SSL \u0628\u0631\u0627\u06cc \u062f\u0627\u0645\u0646\u0647 \u062e\u0648\u062f \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u06cc\u062f.  \u0645\u0627 \u0647\u0645\u0686\u0646\u06cc\u0646 \u0642\u0637\u0639\u0647\u200c\u0647\u0627\u06cc Nginx \u0631\u0627 \u0628\u0631\u0627\u06cc \u062c\u0644\u0648\u06af\u06cc\u0631\u06cc \u0627\u0632 \u062a\u06a9\u0631\u0627\u0631 \u06a9\u062f \u0627\u06cc\u062c\u0627\u062f \u06a9\u0631\u062f\u0647\u200c\u0627\u06cc\u0645 \u0648 Nginx \u0631\u0627 \u0628\u0631\u0627\u06cc \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u06af\u0648\u0627\u0647\u06cc\u200c\u0647\u0627 \u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc \u06a9\u0631\u062f\u0647\u200c\u0627\u06cc\u0645.  \u062f\u0631 \u067e\u0627\u06cc\u0627\u0646 \u0622\u0645\u0648\u0632\u0634\u060c \u0645\u0627 \u06cc\u06a9 cronjob \u0628\u0631\u0627\u06cc \u062a\u0645\u062f\u06cc\u062f \u062e\u0648\u062f\u06a9\u0627\u0631 \u06af\u0648\u0627\u0647\u06cc \u0631\u0627\u0647 \u0627\u0646\u062f\u0627\u0632\u06cc \u06a9\u0631\u062f\u0647 \u0627\u06cc\u0645.<\/p>\n<p>\u0628\u0631\u0627\u06cc \u06a9\u0633\u0628 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0628\u06cc\u0634\u062a\u0631 \u062f\u0631 \u0645\u0648\u0631\u062f Certbot\u060c \u0645\u0631\u0627\u062c\u0639\u0647 \u06a9\u0646\u06cc\u062f <a href=\"https:\/\/certbot.eff.org\/docs\/\" target=\"_blank\" rel=\"noopener\">\u0645\u0633\u062a\u0646\u062f\u0627\u062a \u0622\u0646\u0647\u0627<\/a><br \/>\npage.<\/p>\n<p>\u0627\u06af\u0631 \u0633\u0648\u0627\u0644 \u06cc\u0627 \u0628\u0627\u0632\u062e\u0648\u0631\u062f\u06cc \u062f\u0627\u0631\u06cc\u062f\u060c \u062f\u0631 \u06a9\u0627\u0645\u0646\u062a \u0628\u06af\u0630\u0627\u0631\u06cc\u062f.<\/p>\n<div class=\"flex flex-wrap my-8\">nginx centos \u0628\u06cc\u0627\u06cc\u06cc\u062f certbot ssl \u0631\u0627 \u0631\u0645\u0632\u06af\u0630\u0627\u0631\u06cc \u06a9\u0646\u06cc\u0645<\/div>\n<\/div>\n\n<div>\u0628\u0631\u0627\u06cc \u0646\u06af\u0627\u0631\u0634 \u0628\u062e\u0634\u0647\u0627\u06cc\u06cc \u0627\u0632 \u0627\u06cc\u0646 \u0645\u062a\u0646 \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u0627\u0632 \u062a\u0631\u062c\u0645\u0647 \u0645\u0627\u0634\u06cc\u0646\u06cc \u06cc\u0627 \u0647\u0648\u0634 \u0645\u0635\u0646\u0648\u0639\u06cc GPT \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0634\u062f\u0647 \u0628\u0627\u0634\u062f <br \/>\n\u0644\u0637\u0641\u0627 \u062f\u0631 \u0635\u0648\u0631\u062a \u0648\u062c\u0648\u062f \u0645\u0634\u06a9\u0644 \u062f\u0631 \u0645\u062a\u0646 \u06cc\u0627 \u0645\u0641\u0647\u0648\u0645 \u0646\u0628\u0648\u062f\u0646 \u062a\u0648\u0636\u06cc\u062d\u0627\u062a\u060c \u0627\u0632 \u0637\u0631\u06cc\u0642 \u062f\u06a9\u0645\u0647 \u06af\u0632\u0627\u0631\u0634 \u0646\u0648\u0634\u062a\u0627\u0631 \u06cc\u0627 \u062f\u0631\u062c \u0646\u0638\u0631 \u0631\u0648\u06cc \u0627\u06cc\u0646 \u0645\u0637\u0644\u0628 \u0645\u0627 \u0631\u0627 \u0627\u0632 \u062c\u0632\u06cc\u06cc\u0627\u062a \u0645\u0634\u06a9\u0644 \u0645\u0634\u0627\u0647\u062f\u0647 \u0634\u062f\u0647 \u0645\u0637\u0644\u0639 \u06a9\u0646\u06cc\u062f \u062a\u0627 \u0628\u0647 \u0622\u0646 \u0631\u0633\u06cc\u062f\u06af\u06cc \u06a9\u0646\u06cc\u0645\n<\/div>\n<p>\u0632\u0645\u0627\u0646 \u0627\u0646\u062a\u0634\u0627\u0631: 1402-12-27 11:18:02<br \/>\n<\/p>\n\n\n<div class=\"kk-star-ratings kksr-auto kksr-align-center kksr-valign-bottom\"\n    data-payload='{&quot;align&quot;:&quot;center&quot;,&quot;id&quot;:&quot;10076&quot;,&quot;slug&quot;:&quot;default&quot;,&quot;valign&quot;:&quot;bottom&quot;,&quot;ignore&quot;:&quot;&quot;,&quot;reference&quot;:&quot;auto&quot;,&quot;class&quot;:&quot;&quot;,&quot;count&quot;:&quot;0&quot;,&quot;legendonly&quot;:&quot;&quot;,&quot;readonly&quot;:&quot;&quot;,&quot;score&quot;:&quot;0&quot;,&quot;starsonly&quot;:&quot;&quot;,&quot;best&quot;:&quot;5&quot;,&quot;gap&quot;:&quot;5&quot;,&quot;greet&quot;:&quot;\u0627\u0645\u062a\u06cc\u0627\u0632 \u0634\u0645\u0627 \u0628\u0647 \u0627\u06cc\u0646 \u0645\u0637\u0644\u0628&quot;,&quot;legend&quot;:&quot;0\\\/5 (0 \u0631\u0627\u06cc)&quot;,&quot;size&quot;:&quot;30&quot;,&quot;title&quot;:&quot;Nginx \u0631\u0627 \u0628\u0627 Let\\u0026#039;s Encrypt \u062f\u0631 CentOS 8 \u0627\u06cc\u0645\u0646 \u06a9\u0646\u06cc\u062f&quot;,&quot;width&quot;:&quot;0&quot;,&quot;_legend&quot;:&quot;{score}\\\/{best} ({count} \u0631\u0627\u06cc)&quot;,&quot;font_factor&quot;:&quot;1.25&quot;}'>\n            \n<div class=\"kksr-stars\">\n    \n<div class=\"kksr-stars-inactive\">\n            <div class=\"kksr-star\" data-star=\"1\" style=\"padding-left: 5px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 30px; height: 30px;\"><\/div>\n        <\/div>\n            <div class=\"kksr-star\" data-star=\"2\" style=\"padding-left: 5px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 30px; height: 30px;\"><\/div>\n        <\/div>\n            <div class=\"kksr-star\" data-star=\"3\" style=\"padding-left: 5px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 30px; height: 30px;\"><\/div>\n        <\/div>\n            <div class=\"kksr-star\" data-star=\"4\" style=\"padding-left: 5px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 30px; height: 30px;\"><\/div>\n        <\/div>\n            <div class=\"kksr-star\" data-star=\"5\" style=\"padding-left: 5px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 30px; height: 30px;\"><\/div>\n        <\/div>\n    <\/div>\n    \n<div class=\"kksr-stars-active\" style=\"width: 0px;\">\n            <div class=\"kksr-star\" style=\"padding-left: 5px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 30px; height: 30px;\"><\/div>\n        <\/div>\n            <div class=\"kksr-star\" style=\"padding-left: 5px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 30px; height: 30px;\"><\/div>\n        <\/div>\n            <div class=\"kksr-star\" style=\"padding-left: 5px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 30px; height: 30px;\"><\/div>\n        <\/div>\n            <div class=\"kksr-star\" style=\"padding-left: 5px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 30px; height: 30px;\"><\/div>\n        <\/div>\n            <div class=\"kksr-star\" style=\"padding-left: 5px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 30px; height: 30px;\"><\/div>\n        <\/div>\n    <\/div>\n<\/div>\n                \n\n<div class=\"kksr-legend\" style=\"font-size: 24px;\">\n            <span class=\"kksr-muted\">\u0627\u0645\u062a\u06cc\u0627\u0632 \u0634\u0645\u0627 \u0628\u0647 \u0627\u06cc\u0646 \u0645\u0637\u0644\u0628<\/span>\n    <\/div>\n    <\/div>\n","protected":false},"excerpt":{"rendered":"<p><span class=\"span-reading-time rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\">\u0632\u0645\u0627\u0646 \u0644\u0627\u0632\u0645 \u0628\u0631\u0627\u06cc \u0645\u0637\u0627\u0644\u0639\u0647: <\/span> <span class=\"rt-time\"> 4<\/span> <span class=\"rt-label rt-postfix\">\u062f\u0642\u06cc\u0642\u0647<\/span><\/span>Let&#8217;s Encrypt \u06cc\u06a9 \u0645\u0631\u062c\u0639 \u06af\u0648\u0627\u0647\u06cc \u0631\u0627\u06cc\u06af\u0627\u0646\u060c \u062e\u0648\u062f\u06a9\u0627\u0631 \u0648 \u0628\u0627\u0632 \u0627\u0633\u062a \u06a9\u0647 \u062a\u0648\u0633\u0637 \u06af\u0631\u0648\u0647 \u062a\u062d\u0642\u06cc\u0642\u0627\u062a\u06cc \u0627\u0645\u0646\u06cc\u062a \u0627\u06cc\u0646\u062a\u0631\u0646\u062a (ISRG) \u062a\u0648\u0633\u0639\u0647 \u06cc\u0627\u0641\u062a\u0647 \u0648 \u06af\u0648\u0627\u0647\u06cc\u0646\u0627\u0645\u0647 \u0647\u0627\u06cc SSL \u0631\u0627\u06cc\u06af\u0627\u0646 \u0627\u0631\u0627\u0626\u0647 \u0645\u06cc \u062f\u0647\u062f. \u06af\u0648\u0627\u0647\u06cc\u200c\u0647\u0627\u06cc \u0635\u0627\u062f\u0631 \u0634\u062f\u0647 \u062a\u0648\u0633\u0637 Let&#8217;s Encrypt \u0645\u0648\u0631\u062f \u0627\u0639\u062a\u0645\u0627\u062f \u0647\u0645\u0647 \u0645\u0631\u0648\u0631\u06af\u0631\u0647\u0627\u06cc \u0627\u0635\u0644\u06cc \u0647\u0633\u062a\u0646\u062f \u0648 90 \u0631\u0648\u0632 \u0627\u0632 \u062a\u0627\u0631\u06cc\u062e \u0635\u062f\u0648\u0631 \u0627\u0639\u062a\u0628\u0627\u0631 \u062f\u0627\u0631\u0646\u062f. \u062f\u0631 \u0627\u06cc\u0646 \u0622\u0645\u0648\u0632\u0634\u060c \u062f\u0633\u062a\u0648\u0631\u0627\u0644\u0639\u0645\u0644 \u0647\u0627\u06cc \u06af\u0627\u0645 \u0628\u0647 \u06af\u0627\u0645 [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":10077,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[202,95,1686],"tags":[2608,369,910,918,2607,2531,2533,2539,1868],"class_list":["post-10076","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-os","category-linux","category-ai","tag-certbot","tag-linux","tag-nginx","tag-ssl","tag-2607","tag--linux","tag-2533","tag-2539"],"acf":[],"_links":{"self":[{"href":"https:\/\/rasanegaar.com\/blog\/wp-json\/wp\/v2\/posts\/10076","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rasanegaar.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rasanegaar.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rasanegaar.com\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/rasanegaar.com\/blog\/wp-json\/wp\/v2\/comments?post=10076"}],"version-history":[{"count":0,"href":"https:\/\/rasanegaar.com\/blog\/wp-json\/wp\/v2\/posts\/10076\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/rasanegaar.com\/blog\/wp-json\/wp\/v2\/media\/10077"}],"wp:attachment":[{"href":"https:\/\/rasanegaar.com\/blog\/wp-json\/wp\/v2\/media?parent=10076"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rasanegaar.com\/blog\/wp-json\/wp\/v2\/categories?post=10076"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rasanegaar.com\/blog\/wp-json\/wp\/v2\/tags?post=10076"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}