{"id":10125,"date":"2023-12-27T13:42:08","date_gmt":"2023-12-27T10:12:08","guid":{"rendered":"https:\/\/rasanegar.com\/blog\/apache-%d8%b1%d8%a7-%d8%a8%d8%a7-lets-encrypt-%d8%b1%d9%88%d8%b4%d9%86-%da%a9%d9%86%db%8c%d8%af-centos-7\/"},"modified":"2023-12-27T13:42:08","modified_gmt":"2023-12-27T10:12:08","slug":"apache-%d8%b1%d8%a7-%d8%a8%d8%a7-lets-encrypt-%d8%b1%d9%88%d8%b4%d9%86-%da%a9%d9%86%db%8c%d8%af-centos-7","status":"publish","type":"post","link":"https:\/\/rasanegaar.com\/blog\/apache-%d8%b1%d8%a7-%d8%a8%d8%a7-lets-encrypt-%d8%b1%d9%88%d8%b4%d9%86-%da%a9%d9%86%db%8c%d8%af-centos-7\/","title":{"rendered":"Apache \u0631\u0627 \u0628\u0627 Let&#8217;s Encrypt \u0631\u0648\u0634\u0646 \u06a9\u0646\u06cc\u062f CentOS 7"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\"><p class=\"ez-toc-title\" style=\"cursor:inherit\">\u0633\u0631\u0641\u0635\u0644\u0647\u0627\u06cc \u0645\u0637\u0644\u0628<\/p>\n<\/div><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/rasanegaar.com\/blog\/apache-%d8%b1%d8%a7-%d8%a8%d8%a7-lets-encrypt-%d8%b1%d9%88%d8%b4%d9%86-%da%a9%d9%86%db%8c%d8%af-centos-7\/#%d9%be%db%8c%d8%b4_%d9%86%db%8c%d8%a7%d8%b2%d9%87%d8%a7\" >\u067e\u06cc\u0634 \u0646\u06cc\u0627\u0632\u0647\u0627<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/rasanegaar.com\/blog\/apache-%d8%b1%d8%a7-%d8%a8%d8%a7-lets-encrypt-%d8%b1%d9%88%d8%b4%d9%86-%da%a9%d9%86%db%8c%d8%af-centos-7\/#certbot_%d8%b1%d8%a7_%d9%86%d8%b5%d8%a8_%da%a9%d9%86%db%8c%d8%af\" >Certbot \u0631\u0627 \u0646\u0635\u0628 \u06a9\u0646\u06cc\u062f<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/rasanegaar.com\/blog\/apache-%d8%b1%d8%a7-%d8%a8%d8%a7-lets-encrypt-%d8%b1%d9%88%d8%b4%d9%86-%da%a9%d9%86%db%8c%d8%af-centos-7\/#%da%af%d8%b1%d9%88%d9%87_strong_dh_diffie-hellman_%d8%b1%d8%a7_%d8%a7%db%8c%d8%ac%d8%a7%d8%af_%da%a9%d9%86%db%8c%d8%af\" >\u06af\u0631\u0648\u0647 Strong Dh (Diffie-Hellman) \u0631\u0627 \u0627\u06cc\u062c\u0627\u062f \u06a9\u0646\u06cc\u062f<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/rasanegaar.com\/blog\/apache-%d8%b1%d8%a7-%d8%a8%d8%a7-lets-encrypt-%d8%b1%d9%88%d8%b4%d9%86-%da%a9%d9%86%db%8c%d8%af-centos-7\/#%d8%af%d8%b1%db%8c%d8%a7%d9%81%d8%aa_%da%af%d9%88%d8%a7%d9%87%db%8c%d9%86%d8%a7%d9%85%d9%87_lets_encrypt_ssl\" >\u062f\u0631\u06cc\u0627\u0641\u062a \u06af\u0648\u0627\u0647\u06cc\u0646\u0627\u0645\u0647 Let&#8217;s Encrypt SSL<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/rasanegaar.com\/blog\/apache-%d8%b1%d8%a7-%d8%a8%d8%a7-lets-encrypt-%d8%b1%d9%88%d8%b4%d9%86-%da%a9%d9%86%db%8c%d8%af-centos-7\/#%d8%aa%d9%85%d8%af%db%8c%d8%af_%d8%ae%d9%88%d8%af%da%a9%d8%a7%d8%b1_%da%af%d9%88%d8%a7%d9%87%db%8c%d9%86%d8%a7%d9%85%d9%87_lets_encrypt_ssl\" >\u062a\u0645\u062f\u06cc\u062f \u062e\u0648\u062f\u06a9\u0627\u0631 \u06af\u0648\u0627\u0647\u06cc\u0646\u0627\u0645\u0647 Let&#8217;s Encrypt SSL<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/rasanegaar.com\/blog\/apache-%d8%b1%d8%a7-%d8%a8%d8%a7-lets-encrypt-%d8%b1%d9%88%d8%b4%d9%86-%da%a9%d9%86%db%8c%d8%af-centos-7\/#%d9%86%d8%aa%db%8c%d8%ac%d9%87\" >\u0646\u062a\u06cc\u062c\u0647<\/a><\/li><\/ul><\/nav><\/div>\n<span class=\"span-reading-time rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\">\u0632\u0645\u0627\u0646 \u0644\u0627\u0632\u0645 \u0628\u0631\u0627\u06cc \u0645\u0637\u0627\u0644\u0639\u0647: <\/span> <span class=\"rt-time\"> 5<\/span> <span class=\"rt-label rt-postfix\">\u062f\u0642\u06cc\u0642\u0647<\/span><\/span><p> <br \/>\n<br \/><\/p>\n<div class=\"markdown\">\n<p>Let&#8217;s Encrypt \u06cc\u06a9 \u0645\u0631\u062c\u0639 \u06af\u0648\u0627\u0647\u06cc \u0631\u0627\u06cc\u06af\u0627\u0646\u060c \u062e\u0648\u062f\u06a9\u0627\u0631 \u0648 \u0628\u0627\u0632 \u0627\u0633\u062a \u06a9\u0647 \u062a\u0648\u0633\u0637 \u06af\u0631\u0648\u0647 \u062a\u062d\u0642\u06cc\u0642\u0627\u062a\u06cc \u0627\u0645\u0646\u06cc\u062a \u0627\u06cc\u0646\u062a\u0631\u0646\u062a (ISRG) \u062a\u0648\u0633\u0639\u0647 \u06cc\u0627\u0641\u062a\u0647 \u0627\u0633\u062a.  \u06af\u0648\u0627\u0647\u06cc\u0646\u0627\u0645\u0647 \u0647\u0627\u06cc \u0635\u0627\u062f\u0631 \u0634\u062f\u0647 \u062a\u0648\u0633\u0637 Let&#8217;s Encrypt \u0628\u0647 \u0645\u062f\u062a 90 \u0631\u0648\u0632 \u0627\u0632 \u062a\u0627\u0631\u06cc\u062e \u0635\u062f\u0648\u0631 \u0645\u0639\u062a\u0628\u0631 \u0647\u0633\u062a\u0646\u062f \u0648 \u0627\u0645\u0631\u0648\u0632\u0647 \u0645\u0648\u0631\u062f \u0627\u0639\u062a\u0645\u0627\u062f \u0647\u0645\u0647 \u0645\u0631\u0648\u0631\u06af\u0631\u0647\u0627\u06cc \u0627\u0635\u0644\u06cc \u0647\u0633\u062a\u0646\u062f.<\/p>\n<p>\u062f\u0631 \u0627\u06cc\u0646 \u0622\u0645\u0648\u0632\u0634\u060c \u0645\u0627 \u0645\u0631\u0627\u062d\u0644 \u0644\u0627\u0632\u0645 \u0628\u0631\u0627\u06cc \u0646\u0635\u0628 \u06cc\u06a9 \u06af\u0648\u0627\u0647\u06cc\u0646\u0627\u0645\u0647 \u0631\u0627\u06cc\u06af\u0627\u0646 Let&#8217;s Encrypt SSL \u0631\u0627 \u062f\u0631 a \u067e\u0648\u0634\u0634 \u062e\u0648\u0627\u0647\u06cc\u0645 \u062f\u0627\u062f CentOS 7 \u0633\u0631\u0648\u0631\u06cc \u06a9\u0647 \u0622\u067e\u0627\u0686\u06cc \u0631\u0627 \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \u0648\u0628 \u0633\u0631\u0648\u0631 \u0627\u062c\u0631\u0627 \u0645\u06cc \u06a9\u0646\u062f.  \u0645\u0627 \u0627\u0632 \u0627\u0628\u0632\u0627\u0631 certbot \u0628\u0631\u0627\u06cc \u062f\u0631\u06cc\u0627\u0641\u062a \u0648 \u062a\u0645\u062f\u06cc\u062f \u06af\u0648\u0627\u0647\u06cc\u0646\u0627\u0645\u0647 \u0647\u0627\u06cc Let&#8217;s Encrypt \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u062e\u0648\u0627\u0647\u06cc\u0645 \u06a9\u0631\u062f.<\/p>\n<h2 id=\"prerequisites\"><span class=\"ez-toc-section\" id=\"%d9%be%db%8c%d8%b4_%d9%86%db%8c%d8%a7%d8%b2%d9%87%d8%a7\"><\/span>\u067e\u06cc\u0634 \u0646\u06cc\u0627\u0632\u0647\u0627 <span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>\u0642\u0628\u0644 \u0627\u0632 \u0627\u062f\u0627\u0645\u0647 \u0627\u06cc\u0646 \u0622\u0645\u0648\u0632\u0634 \u0645\u0637\u0645\u0626\u0646 \u0634\u0648\u06cc\u062f \u06a9\u0647 \u067e\u06cc\u0634 \u0646\u06cc\u0627\u0632\u0647\u0627\u06cc \u0632\u06cc\u0631 \u0631\u0627 \u0628\u0631\u0622\u0648\u0631\u062f\u0647 \u06a9\u0631\u062f\u0647 \u0627\u06cc\u062f:<\/p>\n<ul>\n<li>\u0646\u0627\u0645 \u062f\u0627\u0645\u0646\u0647 \u0627\u06cc \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u06cc\u062f \u06a9\u0647 \u0628\u0647 IP \u0633\u0631\u0648\u0631 \u0639\u0645\u0648\u0645\u06cc \u0634\u0645\u0627 \u0627\u0634\u0627\u0631\u0647 \u062f\u0627\u0631\u062f.  \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u062e\u0648\u0627\u0647\u06cc\u0645 \u06a9\u0631\u062f <code>example.com<\/code>.<\/li>\n<li>\u0622\u067e\u0627\u0686\u06cc \u0628\u0631 \u0631\u0648\u06cc \u0633\u0631\u0648\u0631 \u0634\u0645\u0627 \u0646\u0635\u0628 \u0648 \u0627\u062c\u0631\u0627 \u0645\u06cc \u0634\u0648\u062f.<\/li>\n<li>\u0622\u067e\u0627\u0686\u06cc \u0645\u062c\u0627\u0632\u06cc \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u06cc\u062f host<br \/>\n\u0628\u0631\u0627\u06cc \u062f\u0627\u0645\u0646\u0647 \u0634\u0645\u0627<\/li>\n<li>\u067e\u0648\u0631\u062a \u0647\u0627\u06cc 80 \u0648 443 \u062f\u0631 \u0641\u0627\u06cc\u0631\u0648\u0627\u0644 \u0634\u0645\u0627 \u0628\u0627\u0632 \u0647\u0633\u062a\u0646\u062f.<\/li>\n<\/ul>\n<p>\u0628\u0633\u062a\u0647 \u0647\u0627\u06cc \u0632\u06cc\u0631 \u0631\u0627 \u06a9\u0647 \u0628\u0631\u0627\u06cc \u0633\u0631\u0648\u0631 \u0648\u0628 \u0631\u0645\u0632\u06af\u0630\u0627\u0631\u06cc \u0634\u062f\u0647 SSL \u0645\u0648\u0631\u062f \u0646\u06cc\u0627\u0632 \u0627\u0633\u062a \u0646\u0635\u0628 \u06a9\u0646\u06cc\u062f:<\/p>\n<pre class=\"terminal\"><code class=\"terminal-line\" prefix=\"$\">yum install mod_ssl openssl<\/code><\/pre>\n<h2 id=\"install-certbot\"><span class=\"ez-toc-section\" id=\"certbot_%d8%b1%d8%a7_%d9%86%d8%b5%d8%a8_%da%a9%d9%86%db%8c%d8%af\"><\/span>Certbot \u0631\u0627 \u0646\u0635\u0628 \u06a9\u0646\u06cc\u062f <span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Certbot \u0627\u0628\u0632\u0627\u0631\u06cc \u0627\u0633\u062a \u06a9\u0647 \u06a9\u0627\u0631 \u0631\u0627 \u0633\u0627\u062f\u0647 \u0645\u06cc \u06a9\u0646\u062f process \u0628\u0631\u0627\u06cc \u062f\u0631\u06cc\u0627\u0641\u062a \u06af\u0648\u0627\u0647\u06cc\u0646\u0627\u0645\u0647 \u0647\u0627\u06cc SSL \u0627\u0632 Let&#8217;s Encrypt \u0648 \u0641\u0639\u0627\u0644 \u06a9\u0631\u062f\u0646 \u062e\u0648\u062f\u06a9\u0627\u0631 HTTPS \u062f\u0631 \u0633\u0631\u0648\u0631 \u0634\u0645\u0627.<\/p>\n<p>\u0628\u0633\u062a\u0647 certbot \u0628\u0631\u0627\u06cc \u0646\u0635\u0628 \u0627\u0632 EPEL \u0642\u0627\u0628\u0644 \u062f\u0631\u06cc\u0627\u0641\u062a \u0627\u0633\u062a.  \u0627\u06af\u0631 \u0645\u062e\u0632\u0646 EPEL \u0631\u0648\u06cc \u0633\u06cc\u0633\u062a\u0645 \u0634\u0645\u0627 \u0646\u0635\u0628 \u0646\u06cc\u0633\u062a\u060c \u0645\u06cc \u062a\u0648\u0627\u0646\u06cc\u062f \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u062f\u0633\u062a\u0648\u0631 \u0632\u06cc\u0631 \u0622\u0646 \u0631\u0627 \u0646\u0635\u0628 \u06a9\u0646\u06cc\u062f:<\/p>\n<pre class=\"terminal\"><code class=\"terminal-line\" prefix=\"$\">sudo yum install epel-release<\/code><\/pre>\n<p>\u067e\u0633 \u0627\u0632 \u0641\u0639\u0627\u0644 \u0634\u062f\u0646 \u0645\u062e\u0632\u0646 EPEL\u060c \u0628\u0633\u062a\u0647 certbot \u0631\u0627 \u0628\u0627 \u062a\u0627\u06cc\u067e \u06a9\u0631\u062f\u0646:<\/p>\n<pre class=\"terminal\"><code class=\"terminal-line\" prefix=\"$\">sudo yum install certbot<\/code><\/pre>\n<h2 id=\"generate-strong-dh-diffie-hellman-group\"><span class=\"ez-toc-section\" id=\"%da%af%d8%b1%d9%88%d9%87_strong_dh_diffie-hellman_%d8%b1%d8%a7_%d8%a7%db%8c%d8%ac%d8%a7%d8%af_%da%a9%d9%86%db%8c%d8%af\"><\/span>\u06af\u0631\u0648\u0647 Strong Dh (Diffie-Hellman) \u0631\u0627 \u0627\u06cc\u062c\u0627\u062f \u06a9\u0646\u06cc\u062f <span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>\u062a\u0628\u0627\u062f\u0644 \u06a9\u0644\u06cc\u062f \u062f\u06cc\u0641\u06cc-\u0647\u0644\u0645\u0646 (DH) \u0631\u0648\u0634\u06cc \u0628\u0631\u0627\u06cc \u062a\u0628\u0627\u062f\u0644 \u0627\u0645\u0646 \u06a9\u0644\u06cc\u062f\u0647\u0627\u06cc \u0631\u0645\u0632\u0646\u06af\u0627\u0631\u06cc \u0627\u0632 \u0637\u0631\u06cc\u0642 \u06cc\u06a9 \u06a9\u0627\u0646\u0627\u0644 \u0627\u0631\u062a\u0628\u0627\u0637\u06cc \u0646\u0627\u0627\u0645\u0646 \u0627\u0633\u062a.  \u0645\u062c\u0645\u0648\u0639\u0647 \u062c\u062f\u06cc\u062f\u06cc \u0627\u0632 \u067e\u0627\u0631\u0627\u0645\u062a\u0631\u0647\u0627\u06cc 2048 \u0628\u06cc\u062a\u06cc DH \u0631\u0627 \u0628\u0631\u0627\u06cc \u062a\u0642\u0648\u06cc\u062a \u0627\u0645\u0646\u06cc\u062a \u0627\u06cc\u062c\u0627\u062f \u06a9\u0646\u06cc\u062f:<\/p>\n<pre class=\"terminal\"><code class=\"terminal-line\" prefix=\"$\">sudo openssl dhparam -out \/etc\/ssl\/certs\/dhparam.pem 2048<\/code><\/pre>\n<div class=\"note bg-yellow-100 dark:bg-gray-800 border-l-4 border-yellow-400 dark:text-yellow-200 p-6 my-6\">\n<div class=\"flex\">\n<div class=\"font-sans w-full\">\u0634\u0645\u0627 \u0645\u06cc \u062a\u0648\u0627\u0646\u06cc\u062f \u0627\u0646\u062f\u0627\u0632\u0647 \u0631\u0627 \u062a\u0627 4096 \u0628\u06cc\u062a \u062a\u063a\u06cc\u06cc\u0631 \u062f\u0647\u06cc\u062f\u060c \u0627\u0645\u0627 \u062f\u0631 \u0627\u06cc\u0646 \u0635\u0648\u0631\u062a\u060c \u0628\u0633\u062a\u0647 \u0628\u0647 \u0622\u0646\u062a\u0631\u0648\u067e\u06cc \u0633\u06cc\u0633\u062a\u0645\u060c \u062a\u0648\u0644\u06cc\u062f \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u0628\u06cc\u0634 \u0627\u0632 30 \u062f\u0642\u06cc\u0642\u0647 \u0637\u0648\u0644 \u0628\u06a9\u0634\u062f.<\/div>\n<\/div>\n<\/div>\n<h2 id=\"obtaining-a-lets-encrypt-ssl-certificate\"><span class=\"ez-toc-section\" id=\"%d8%af%d8%b1%db%8c%d8%a7%d9%81%d8%aa_%da%af%d9%88%d8%a7%d9%87%db%8c%d9%86%d8%a7%d9%85%d9%87_lets_encrypt_ssl\"><\/span>\u062f\u0631\u06cc\u0627\u0641\u062a \u06af\u0648\u0627\u0647\u06cc\u0646\u0627\u0645\u0647 Let&#8217;s Encrypt SSL <span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>\u0628\u0631\u0627\u06cc \u062f\u0631\u06cc\u0627\u0641\u062a \u06af\u0648\u0627\u0647\u06cc SSL \u0628\u0631\u0627\u06cc \u062f\u0627\u0645\u0646\u0647 \u062e\u0648\u062f\u060c \u0627\u0632 \u0627\u0641\u0632\u0648\u0646\u0647 Webroot \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc \u06a9\u0646\u06cc\u0645 \u06a9\u0647 \u0628\u0627 \u0627\u06cc\u062c\u0627\u062f \u06cc\u06a9 \u0641\u0627\u06cc\u0644 \u0645\u0648\u0642\u062a \u0628\u0631\u0627\u06cc \u0627\u0639\u062a\u0628\u0627\u0631\u0633\u0646\u062c\u06cc \u062f\u0627\u0645\u0646\u0647 \u062f\u0631\u062e\u0648\u0627\u0633\u062a\u06cc \u062f\u0631 <code>${webroot-path}\/.well-known\/acme-challenge<\/code> \u0641\u0647\u0631\u0633\u062a \u0631\u0627\u0647\u0646\u0645\u0627.  \u0633\u0631\u0648\u0631 Let&#8217;s Encrypt \u062f\u0631\u062e\u0648\u0627\u0633\u062a \u0647\u0627\u06cc HTTP \u0631\u0627 \u0628\u0647 \u0641\u0627\u06cc\u0644 \u0645\u0648\u0642\u062a \u0645\u06cc \u062f\u0647\u062f \u062a\u0627 \u062a\u0623\u06cc\u06cc\u062f \u06a9\u0646\u062f \u06a9\u0647 \u062f\u0627\u0645\u0646\u0647 \u062f\u0631\u062e\u0648\u0627\u0633\u062a\u06cc \u0628\u0647 \u0633\u0631\u0648\u0631\u06cc \u06a9\u0647 \u0631\u0628\u0627\u062a \u062f\u0631 \u0622\u0646 \u0627\u062c\u0631\u0627 \u0645\u06cc \u0634\u0648\u062f \u062d\u0644 \u0645\u06cc \u0634\u0648\u062f.<\/p>\n<p>\u0628\u0631\u0627\u06cc \u0633\u0627\u062f\u0647\u200c\u062a\u0631 \u06a9\u0631\u062f\u0646 \u0622\u0646\u060c \u0645\u06cc\u200c\u062e\u0648\u0627\u0647\u06cc\u0645 \u062a\u0645\u0627\u0645 \u062f\u0631\u062e\u0648\u0627\u0633\u062a\u200c\u0647\u0627\u06cc HTTP \u0631\u0627 \u0628\u0631\u0627\u06cc \u0622\u0646\u0647\u0627 \u062a\u0631\u0633\u06cc\u0645 \u06a9\u0646\u06cc\u0645 <code>.well-known\/acme-challenge<\/code> \u0628\u0647 \u06cc\u06a9 \u062f\u0627\u06cc\u0631\u06a9\u062a\u0648\u0631\u06cc \u0648\u0627\u062d\u062f\u060c <code>\/var\/lib\/letsencrypt<\/code>.<\/p>\n<p>\u062f\u0633\u062a\u0648\u0631\u0627\u062a \u0632\u06cc\u0631 \u0631\u0627 \u0628\u0631\u0627\u06cc \u0627\u06cc\u062c\u0627\u062f \u062f\u0627\u06cc\u0631\u06a9\u062a\u0648\u0631\u06cc \u0648 \u0642\u0627\u0628\u0644 \u0646\u0648\u0634\u062a\u0646 \u0628\u0631\u0627\u06cc \u0633\u0631\u0648\u0631 \u0622\u067e\u0627\u0686\u06cc \u0627\u062c\u0631\u0627 \u06a9\u0646\u06cc\u062f:<\/p>\n<pre class=\"terminal\"><code class=\"terminal-line\" prefix=\"$\">sudo mkdir -p \/var\/lib\/letsencrypt\/.well-known<\/code><code class=\"terminal-line\" prefix=\"$\">sudo chgrp apache \/var\/lib\/letsencrypt<\/code><code class=\"terminal-line\" prefix=\"$\">sudo chmod g+s \/var\/lib\/letsencrypt<\/code><\/pre>\n<p>\u0628\u0631\u0627\u06cc \u062c\u0644\u0648\u06af\u06cc\u0631\u06cc \u0627\u0632 \u062a\u06a9\u0631\u0627\u0631 \u06a9\u062f\u060c \u062f\u0648 \u0642\u0637\u0639\u0647 \u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc \u0632\u06cc\u0631 \u0631\u0627 \u0627\u06cc\u062c\u0627\u062f \u06a9\u0646\u06cc\u062f:<\/p>\n<div class=\"code-label\">\/etc\/httpd\/conf.d\/letsencrypt.conf<\/div>\n<div class=\"highlight\">\n<pre tabindex=\"0\" class=\"chroma\"><code class=\"language-apache\" data-lang=\"apache\"><span class=\"line\"><span class=\"cl\"><span class=\"nb\">Alias<\/span> \/.well-known\/acme-challenge\/ <span class=\"s2\">\"\/var\/lib\/letsencrypt\/.well-known\/acme-challenge\/\"<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"nt\">&lt;Directory<\/span> <span class=\"s\">\"\/var\/lib\/letsencrypt\/\"<\/span><span class=\"nt\">&gt;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">    <span class=\"nb\">AllowOverride<\/span> <span class=\"k\">None<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">    <span class=\"nb\">Options<\/span> MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec\n<\/span><\/span><span class=\"line\"><span class=\"cl\">    <span class=\"nb\">Require<\/span> method GET POST OPTIONS\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"nt\">&lt;\/Directory&gt;<\/span>\n<\/span><\/span><\/code><\/pre>\n<\/div>\n<div class=\"code-label\">\/etc\/httpd\/conf.d\/ssl-params.conf<\/div>\n<div class=\"highlight\">\n<pre tabindex=\"0\" class=\"chroma\"><code class=\"language-apache\" data-lang=\"apache\"><span class=\"line\"><span class=\"cl\"><span class=\"nb\">SSLCipherSuite<\/span> EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"nb\">SSLProtocol<\/span> <span class=\"k\">All<\/span> -SSLv2 -SSLv3 -TLSv1 -TLSv1.1\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"nb\">SSLHonorCipherOrder<\/span> <span class=\"k\">On<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"nb\">Header<\/span> always set Strict-Transport-Security <span class=\"s2\">\"max-age=63072000; includeSubDomains; preload\"<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"nb\">Header<\/span> always set X-Frame-Options SAMEORIGIN\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"nb\">Header<\/span> always set X-Content-Type-Options nosniff\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"c\"># Requires Apache &gt;= 2.4<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"nb\">SSLCompression<\/span> <span class=\"k\">off<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"nb\">SSLUseStapling<\/span> <span class=\"k\">on<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"nb\">SSLStaplingCache<\/span> <span class=\"s2\">\"shmcb:logs\/stapling-cache(150000)\"<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"c\"># Requires Apache &gt;= 2.4.11<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"nb\">SSLSessionTickets<\/span> <span class=\"k\">Off<\/span>\n<\/span><\/span><\/code><\/pre>\n<\/div>\n<p>\u0642\u0637\u0639\u0647 \u0628\u0627\u0644\u0627 \u0634\u0627\u0645\u0644 \u062a\u0631\u0627\u0634\u0647\u200c\u0647\u0627\u06cc \u067e\u06cc\u0634\u0646\u0647\u0627\u062f\u06cc \u0627\u0633\u062a\u060c OCSP Stapling\u060c HTTP Strict Transport Security (HSTS) \u0631\u0627 \u0641\u0639\u0627\u0644 \u0645\u06cc\u200c\u06a9\u0646\u062f \u0648 \u062a\u0639\u062f\u0627\u062f \u06a9\u0645\u06cc \u0647\u062f\u0631 HTTP \u0645\u062a\u0645\u0631\u06a9\u0632 \u0628\u0631 \u0627\u0645\u0646\u06cc\u062a \u0631\u0627 \u0627\u0639\u0645\u0627\u0644 \u0645\u06cc\u200c\u06a9\u0646\u062f.<\/p>\n<p>\u0628\u0631\u0627\u06cc \u0627\u0639\u0645\u0627\u0644 \u062a\u063a\u06cc\u06cc\u0631\u0627\u062a\u060c \u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc \u0622\u067e\u0627\u0686\u06cc \u0631\u0627 \u062f\u0648\u0628\u0627\u0631\u0647 \u0628\u0627\u0631\u06af\u06cc\u0631\u06cc \u06a9\u0646\u06cc\u062f:<\/p>\n<pre class=\"terminal\"><code class=\"terminal-line\" prefix=\"$\">sudo systemctl reload httpd<\/code><\/pre>\n<p>\u0627\u06a9\u0646\u0648\u0646 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u0645 \u0627\u0628\u0632\u0627\u0631 Certbot \u0631\u0627 \u0628\u0627 \u0627\u0641\u0632\u0648\u0646\u0647 webroot \u0627\u062c\u0631\u0627 \u06a9\u0646\u06cc\u0645 \u0648 \u0641\u0627\u06cc\u0644\u200c\u0647\u0627\u06cc \u06af\u0648\u0627\u0647\u06cc SSL \u0631\u0627 \u0628\u0627 \u062a\u0627\u06cc\u067e \u06a9\u0631\u062f\u0646 \u0628\u0647 \u062f\u0633\u062a \u0622\u0648\u0631\u06cc\u0645:<\/p>\n<pre class=\"terminal\"><code class=\"terminal-line\" prefix=\"$\">sudo certbot certonly --agree-tos --email admin@example.com --webroot -w \/var\/lib\/letsencrypt\/ -d example.com -d www.example.com<\/code><\/pre>\n<p>\u0627\u06af\u0631 \u06af\u0648\u0627\u0647\u06cc SSL \u0628\u0627 \u0645\u0648\u0641\u0642\u06cc\u062a \u062f\u0631\u06cc\u0627\u0641\u062a \u0634\u0648\u062f\u060c certbot \u067e\u06cc\u0627\u0645 \u0632\u06cc\u0631 \u0631\u0627 \u0686\u0627\u067e \u0645\u06cc \u06a9\u0646\u062f:<\/p>\n<pre tabindex=\"0\"><code class=\"language-output\" data-lang=\"output\">IMPORTANT NOTES:\n - Congratulations! Your certificate and chain have been saved at:\n   \/etc\/letsencrypt\/live\/example.com\/fullchain.pem\n   Your key file has been saved at:\n   \/etc\/letsencrypt\/live\/example.com\/privkey.pem\n   Your cert will expire on 2018-12-07. To obtain a new or tweaked\n   version of this certificate in the future, simply run certbot\n   again. To non-interactively renew *all* of your certificates, run\n   \"certbot renew\"\n - If you like Certbot, please consider supporting our work by:\n\n   Donating to ISRG \/ Let's Encrypt:   https:\/\/letsencrypt.org\/donate\n   Donating to EFF:                    https:\/\/eff.org\/donate-le\n<\/code><\/pre>\n<p>CentOS  7 \u0628\u0627 \u0622\u067e\u0627\u0686\u06cc \u0646\u0633\u062e\u0647 2.4.6 \u0639\u0631\u0636\u0647 \u0645\u06cc \u0634\u0648\u062f \u06a9\u0647 \u0634\u0627\u0645\u0644 \u0622\u0646 \u0646\u0645\u06cc \u0634\u0648\u062f <code>SSLOpenSSLConfCmd<\/code> \u0628\u062e\u0634\u0646\u0627\u0645\u0647  \u0627\u06cc\u0646 \u062f\u0633\u062a\u0648\u0631\u0627\u0644\u0639\u0645\u0644 \u0641\u0642\u0637 \u062f\u0631 \u0622\u067e\u0627\u0686\u06cc 2.4.8 \u0628\u0639\u062f\u0627\u064b \u0645\u0648\u062c\u0648\u062f \u0627\u0633\u062a \u0648 \u0628\u0631\u0627\u06cc \u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc \u067e\u0627\u0631\u0627\u0645\u062a\u0631\u0647\u0627\u06cc OpenSSL \u0645\u0627\u0646\u0646\u062f \u062a\u0628\u0627\u062f\u0644 \u06a9\u0644\u06cc\u062f Diffie\u2013Hellman (DH) \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u0634\u0648\u062f.<\/p>\n<p>\u0645\u0627 \u0628\u0627\u06cc\u062f \u06cc\u06a9 \u0641\u0627\u06cc\u0644 \u062a\u0631\u06a9\u06cc\u0628\u06cc \u062c\u062f\u06cc\u062f \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u06af\u0648\u0627\u0647\u06cc\u0646\u0627\u0645\u0647 Let&#8217;s Encrypt SSL \u0648 \u0641\u0627\u06cc\u0644 DH \u062a\u0648\u0644\u06cc\u062f \u0634\u062f\u0647 \u0627\u06cc\u062c\u0627\u062f \u06a9\u0646\u06cc\u0645.  \u0628\u0631\u0627\u06cc \u0627\u0646\u062c\u0627\u0645 \u0627\u06cc\u0646 \u06a9\u0627\u0631\u060c \u062a\u0627\u06cc\u067e \u06a9\u0646\u06cc\u062f:<\/p>\n<pre class=\"terminal\"><code class=\"terminal-line\" prefix=\"$\">cat \/etc\/letsencrypt\/live\/example.com\/cert.pem \/etc\/ssl\/certs\/dhparam.pem &gt;\/etc\/letsencrypt\/live\/example.com\/cert.dh.pem<\/code><\/pre>\n<p>\u0627\u06a9\u0646\u0648\u0646 \u06a9\u0647 \u0647\u0645\u0647 \u0686\u06cc\u0632 \u062a\u0646\u0638\u06cc\u0645 \u0634\u062f\u0647 \u0627\u0633\u062a\u060c \u062f\u0627\u0645\u0646\u0647 \u0645\u062c\u0627\u0632\u06cc \u062e\u0648\u062f \u0631\u0627 \u0648\u06cc\u0631\u0627\u06cc\u0634 \u06a9\u0646\u06cc\u062f host \u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc \u0628\u0647 \u0634\u0631\u062d \u0632\u06cc\u0631 \u0627\u0633\u062a:<\/p>\n<div class=\"code-label\">\/etc\/httpd\/conf.d\/example.com.conf<\/div>\n<div class=\"highlight\">\n<pre tabindex=\"0\" class=\"chroma\"><code class=\"language-apache\" data-lang=\"apache\"><span class=\"line\"><span class=\"cl\"><span class=\"nt\">&lt;VirtualHost<\/span> <span class=\"s\">*:80<\/span><span class=\"nt\">&gt;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">  <span class=\"nb\">ServerName<\/span> example.com\n<\/span><\/span><span class=\"line\"><span class=\"cl\">  <span class=\"nb\">ServerAlias<\/span> www.example.com\n<\/span><\/span><span class=\"line\"><span class=\"cl\">\n<\/span><\/span><span class=\"line\"><span class=\"cl\">  <span class=\"nb\">Redirect<\/span> permanent \/ https:\/\/example.com\/\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"nt\">&lt;\/VirtualHost&gt;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"nt\">&lt;VirtualHost<\/span> <span class=\"s\">*:443<\/span><span class=\"nt\">&gt;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">  <span class=\"nb\">ServerName<\/span> example.com\n<\/span><\/span><span class=\"line\"><span class=\"cl\">  <span class=\"nb\">ServerAlias<\/span> www.example.com\n<\/span><\/span><span class=\"line\"><span class=\"cl\">\n<\/span><\/span><span class=\"line\"><span class=\"cl\">  <span class=\"nt\">&lt;If<\/span> <span class=\"s\">\"%{HTTP_HOST} == 'www.example.com'\"<\/span><span class=\"nt\">&gt;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">    <span class=\"nb\">Redirect<\/span> permanent \/ https:\/\/example.com\/\n<\/span><\/span><span class=\"line\"><span class=\"cl\">  <span class=\"nt\">&lt;\/If&gt;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">\n<\/span><\/span><span class=\"line\"><span class=\"cl\">  <span class=\"nb\">DocumentRoot<\/span> <span class=\"sx\">\/var\/www\/example.com\/public_html<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">  <span class=\"nb\">ErrorLog<\/span> <span class=\"sx\">\/var\/log\/httpd\/example.com-error.log<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">  <span class=\"nb\">CustomLog<\/span> <span class=\"sx\">\/var\/log\/httpd\/example.com-access.log<\/span> combined\n<\/span><\/span><span class=\"line\"><span class=\"cl\">\n<\/span><\/span><span class=\"line\"><span class=\"cl\">  <span class=\"nb\">SSLEngine<\/span> <span class=\"k\">On<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">  <span class=\"nb\">SSLCertificateFile<\/span> <span class=\"sx\">\/etc\/letsencrypt\/live\/example.com\/cert.dh.pem<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">  <span class=\"nb\">SSLCertificateKeyFile<\/span> <span class=\"sx\">\/etc\/letsencrypt\/live\/example.com\/privkey.pem<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">  <span class=\"nb\">SSLCertificateChainFile<\/span> <span class=\"sx\">\/etc\/letsencrypt\/live\/example.com\/chain.pem<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">\n<\/span><\/span><span class=\"line\"><span class=\"cl\">  <span class=\"c\"># Other Apache Configuration<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"nt\">&lt;\/VirtualHost&gt;<\/span>\n<\/span><\/span><\/code><\/pre>\n<\/div>\n<p>\u0628\u0627 \u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc \u0628\u0627\u0644\u0627\u060c HTTPS \u0631\u0627 \u0645\u062c\u0628\u0648\u0631 \u0645\u06cc \u06a9\u0646\u06cc\u0645 \u0648 \u0627\u0632 www \u0628\u0647 \u0646\u0633\u062e\u0647 \u063a\u06cc\u0631www \u0647\u062f\u0627\u06cc\u062a \u0645\u06cc \u06a9\u0646\u06cc\u0645.  \u0628\u0647 \u0631\u0627\u062d\u062a\u06cc \u0645\u06cc \u062a\u0648\u0627\u0646\u06cc\u062f \u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc \u0631\u0627 \u0645\u0637\u0627\u0628\u0642 \u0628\u0627 \u0646\u06cc\u0627\u0632 \u062e\u0648\u062f \u062a\u0646\u0638\u06cc\u0645 \u06a9\u0646\u06cc\u062f.<\/p>\n<p>\u0628\u0631\u0627\u06cc \u0627\u0639\u0645\u0627\u0644 \u062a\u063a\u06cc\u06cc\u0631\u0627\u062a\u060c \u0633\u0631\u0648\u06cc\u0633 Apache \u0631\u0627 \u0645\u062c\u062f\u062f\u0627 \u0631\u0627\u0647 \u0627\u0646\u062f\u0627\u0632\u06cc \u06a9\u0646\u06cc\u062f:<\/p>\n<pre class=\"terminal\"><code class=\"terminal-line\" prefix=\"$\">sudo systemctl restart httpd<\/code><\/pre>\n<p>\u0627\u06a9\u0646\u0648\u0646 \u0645\u06cc \u062a\u0648\u0627\u0646\u06cc\u062f \u0648\u0628 \u0633\u0627\u06cc\u062a \u062e\u0648\u062f \u0631\u0627 \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0622\u0646 \u0628\u0627\u0632 \u06a9\u0646\u06cc\u062f <code>https:\/\/<\/code> \u0648 \u0634\u0645\u0627 \u0645\u062a\u0648\u062c\u0647 \u06cc\u06a9 \u0646\u0645\u0627\u062f \u0642\u0641\u0644 \u0633\u0628\u0632 \u062e\u0648\u0627\u0647\u06cc\u062f \u0634\u062f.<\/p>\n<p>\u0627\u06af\u0631 \u062f\u0627\u0645\u0646\u0647 \u062e\u0648\u062f \u0631\u0627 \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 <a href=\"https:\/\/www.ssllabs.com\/ssltest\/\" target=\"_blank\" rel=\"noopener\">\u062a\u0633\u062a \u0633\u0631\u0648\u0631 SSL Labs<\/a><br \/>\n\u060c \u0647\u0645\u0627\u0646\u0637\u0648\u0631 \u06a9\u0647 \u062f\u0631 \u0632\u06cc\u0631 \u0646\u0634\u0627\u0646 \u062f\u0627\u062f\u0647 \u0634\u062f\u0647 \u0627\u0633\u062a \u0646\u0645\u0631\u0647 A+ \u062f\u0631\u06cc\u0627\u0641\u062a \u062e\u0648\u0627\u0647\u06cc\u062f \u06a9\u0631\u062f:<\/p>\n<figure class=\"relative\">\n<div class=\"relative block w-full mx-auto my-0\">\n<div class=\"bg-gray-100 absolute inset-0 w-full h-full m-auto overflow-hidden\"><img decoding=\"async\" class=\"absolute inset-0 w-full h-full m-auto\" loading=\"lazy\" src=\"https:\/\/rasanegar.com\/blog\/wp-content\/uploads\/2023\/12\/1703671928_865_Apache-\u0631\u0627-\u0628\u0627-Lets-Encrypt-\u0631\u0648\u0634\u0646-\u06a9\u0646\u06cc\u062f-CentOS-7.jpg\" alt=\"\u062a\u0633\u062a SSLLABS\" title=\"\"><\/div>\n<\/div>\n<\/figure>\n<h2 id=\"auto-renewing-lets-encrypt-ssl-certificate\"><span class=\"ez-toc-section\" id=\"%d8%aa%d9%85%d8%af%db%8c%d8%af_%d8%ae%d9%88%d8%af%da%a9%d8%a7%d8%b1_%da%af%d9%88%d8%a7%d9%87%db%8c%d9%86%d8%a7%d9%85%d9%87_lets_encrypt_ssl\"><\/span>\u062a\u0645\u062f\u06cc\u062f \u062e\u0648\u062f\u06a9\u0627\u0631 \u06af\u0648\u0627\u0647\u06cc\u0646\u0627\u0645\u0647 Let&#8217;s Encrypt SSL <span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>\u06af\u0648\u0627\u0647\u06cc\u0646\u0627\u0645\u0647 \u0647\u0627\u06cc Let&#8217;s Encrypt \u0628\u0647 \u0645\u062f\u062a 90 \u0631\u0648\u0632 \u0645\u0639\u062a\u0628\u0631 \u0647\u0633\u062a\u0646\u062f.  \u0628\u0631\u0627\u06cc \u062a\u0645\u062f\u06cc\u062f \u062e\u0648\u062f\u06a9\u0627\u0631 \u06af\u0648\u0627\u0647\u06cc\u200c\u0647\u0627 \u0642\u0628\u0644 \u0627\u0632 \u0627\u0646\u0642\u0636\u0627\u060c \u0645\u0627 \u06cc\u06a9 cronjob \u0627\u06cc\u062c\u0627\u062f \u0645\u06cc\u200c\u06a9\u0646\u06cc\u0645 \u06a9\u0647 \u062f\u0648 \u0628\u0627\u0631 \u062f\u0631 \u0631\u0648\u0632 \u0627\u062c\u0631\u0627 \u0645\u06cc\u200c\u0634\u0648\u062f \u0648 \u0628\u0647 \u0637\u0648\u0631 \u062e\u0648\u062f\u06a9\u0627\u0631 \u0647\u0631 \u06af\u0648\u0627\u0647\u06cc \u0631\u0627 30 \u0631\u0648\u0632 \u0642\u0628\u0644 \u0627\u0632 \u0627\u0646\u0642\u0636\u0627 \u062a\u0645\u062f\u06cc\u062f \u0645\u06cc\u200c\u06a9\u0646\u062f.<\/p>\n<p>\u0631\u0627 \u0627\u062c\u0631\u0627 \u06a9\u0646\u06cc\u062f <code>crontab<\/code> \u062f\u0633\u062a\u0648\u0631 \u0627\u06cc\u062c\u0627\u062f \u06cc\u06a9 cronjob \u062c\u062f\u06cc\u062f \u06a9\u0647 \u06af\u0648\u0627\u0647\u06cc \u0631\u0627 \u062a\u0645\u062f\u06cc\u062f \u0645\u06cc \u06a9\u0646\u062f\u060c \u06cc\u06a9 \u0641\u0627\u06cc\u0644 \u062a\u0631\u06a9\u06cc\u0628\u06cc \u062c\u062f\u06cc\u062f \u0634\u0627\u0645\u0644 \u06a9\u0644\u06cc\u062f DH \u0627\u06cc\u062c\u0627\u062f \u0645\u06cc \u06a9\u0646\u062f \u0648 apache \u0631\u0627 \u0645\u062c\u062f\u062f\u0627 \u0631\u0627\u0647 \u0627\u0646\u062f\u0627\u0632\u06cc \u0645\u06cc \u06a9\u0646\u062f:<\/p>\n<pre class=\"terminal\"><code class=\"terminal-line\" prefix=\"$\">sudo crontab -e<\/code><\/pre>\n<div class=\"highlight\">\n<pre tabindex=\"0\" class=\"chroma\"><code class=\"language-sh\" data-lang=\"sh\"><span class=\"line\"><span class=\"cl\"><span class=\"m\">0<\/span> *\/12 * * * root <span class=\"nb\">test<\/span> -x \/usr\/bin\/certbot -a <span class=\"se\">\\!<\/span> -d \/run\/systemd\/system <span class=\"o\">&amp;&amp;<\/span> perl -e <span class=\"s1\">'sleep int(rand(3600))'<\/span> <span class=\"o\">&amp;&amp;<\/span> certbot -q renew --renew-hook <span class=\"s2\">\"systemctl reload httpd\"<\/span>\n<\/span><\/span><\/code><\/pre>\n<\/div>\n<p>\u0630\u062e\u06cc\u0631\u0647 \u06a9\u0646\u06cc\u062f \u0648 \u0641\u0627\u06cc\u0644 \u0631\u0627 \u0628\u0628\u0646\u062f\u06cc\u062f.<\/p>\n<p>\u0628\u0631\u0627\u06cc \u062a\u0633\u062a \u062a\u0645\u062f\u06cc\u062f process\u060c \u0645\u06cc \u062a\u0648\u0627\u0646\u06cc\u062f \u0627\u0632 \u062f\u0633\u062a\u0648\u0631 certbot \u0628\u0647 \u062f\u0646\u0628\u0627\u0644 \u0622\u0646 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u06cc\u062f <code>--dry-run<\/code> \u062a\u0639\u0648\u06cc\u0636:<\/p>\n<pre class=\"terminal\"><code class=\"terminal-line\" prefix=\"$\">sudo certbot renew --dry-run<\/code><\/pre>\n<p>\u0627\u06af\u0631 \u062e\u0637\u0627\u06cc\u06cc \u0648\u062c\u0648\u062f \u0646\u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u062f\u060c \u0628\u0647 \u0627\u06cc\u0646 \u0645\u0639\u0646\u06cc \u0627\u0633\u062a \u06a9\u0647 \u062a\u0645\u062f\u06cc\u062f process \u0645\u0648\u0641\u0642\u06cc\u062a \u0622\u0645\u06cc\u0632 \u0628\u0648\u062f.<\/p>\n<h2 id=\"conclusion\"><span class=\"ez-toc-section\" id=\"%d9%86%d8%aa%db%8c%d8%ac%d9%87\"><\/span>\u0646\u062a\u06cc\u062c\u0647 <span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>\u062f\u0631 \u0627\u06cc\u0646 \u0622\u0645\u0648\u0632\u0634\u060c \u0634\u0645\u0627 \u0627\u0632 certbot \u0645\u0634\u062a\u0631\u06cc Let&#8217;s Encrypt \u0628\u0631\u0627\u06cc \u062f\u0627\u0646\u0644\u0648\u062f \u06af\u0648\u0627\u0647\u06cc\u0646\u0627\u0645\u0647 \u0647\u0627\u06cc SSL \u0628\u0631\u0627\u06cc \u062f\u0627\u0645\u0646\u0647 \u062e\u0648\u062f \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0631\u062f\u06cc\u062f.  \u0634\u0645\u0627 \u0647\u0645\u0686\u0646\u06cc\u0646 \u0642\u0637\u0639\u0647 \u0647\u0627\u06cc \u0622\u067e\u0627\u0686\u06cc \u0631\u0627 \u0628\u0631\u0627\u06cc \u062c\u0644\u0648\u06af\u06cc\u0631\u06cc \u0627\u0632 \u062a\u06a9\u0631\u0627\u0631 \u06a9\u062f \u0627\u06cc\u062c\u0627\u062f \u06a9\u0631\u062f\u0647 \u0627\u06cc\u062f \u0648 \u0622\u067e\u0627\u0686\u06cc \u0631\u0627 \u0628\u0631\u0627\u06cc \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u06af\u0648\u0627\u0647\u06cc \u0647\u0627 \u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc \u06a9\u0631\u062f\u0647 \u0627\u06cc\u062f.  \u062f\u0631 \u067e\u0627\u06cc\u0627\u0646 \u0622\u0645\u0648\u0632\u0634\u060c \u0634\u0645\u0627 \u06cc\u06a9 cronjob \u0628\u0631\u0627\u06cc \u062a\u0645\u062f\u06cc\u062f \u062e\u0648\u062f\u06a9\u0627\u0631 \u06af\u0648\u0627\u0647\u06cc \u0631\u0627\u0647 \u0627\u0646\u062f\u0627\u0632\u06cc \u06a9\u0631\u062f\u0647 \u0627\u06cc\u062f.<\/p>\n<p>\u0627\u06af\u0631 \u0645\u06cc \u062e\u0648\u0627\u0647\u06cc\u062f \u062f\u0631 \u0645\u0648\u0631\u062f \u0631\u0648\u0634 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 Certbot \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0628\u06cc\u0634\u062a\u0631\u06cc \u06a9\u0633\u0628 \u06a9\u0646\u06cc\u062f\u060c <a href=\"https:\/\/certbot.eff.org\/docs\/\" target=\"_blank\" rel=\"noopener\">\u0645\u0633\u062a\u0646\u062f\u0627\u062a \u0622\u0646\u0647\u0627<\/a><br \/>\n\u0646\u0642\u0637\u0647 \u0634\u0631\u0648\u0639 \u062e\u0648\u0628\u06cc \u0627\u0633\u062a<\/p>\n<p>\u0627\u06af\u0631 \u0633\u0648\u0627\u0644 \u06cc\u0627 \u0628\u0627\u0632\u062e\u0648\u0631\u062f\u06cc \u062f\u0627\u0631\u06cc\u062f\u060c \u062f\u0631 \u06a9\u0627\u0645\u0646\u062a \u0628\u06af\u0630\u0627\u0631\u06cc\u062f.<\/p>\n<div class=\"flex flex-wrap my-8\">apache centos \u0628\u06cc\u0627\u06cc\u06cc\u062f certbot ssl \u0631\u0627 \u0631\u0645\u0632\u06af\u0630\u0627\u0631\u06cc \u06a9\u0646\u06cc\u0645<\/div>\n<div class=\"p-6 my-8 bg-teal-100 markdown\">\n<p class=\"text-base\">\u0627\u06cc\u0646 \u067e\u0633\u062a \u0628\u062e\u0634\u06cc \u0627\u0632 <span class=\"font-medium\">LAMP Stack \u0631\u0627 \u0631\u0648\u0634\u0646 \u0646\u0635\u0628 \u06a9\u0646\u06cc\u062f CentOS 7<\/span> \u0633\u0644\u0633\u0644\u0647.<br \/>\u0633\u0627\u06cc\u0631 \u067e\u0633\u062a \u0647\u0627\u06cc \u0627\u06cc\u0646 \u0645\u062c\u0645\u0648\u0639\u0647:<\/p>\n<div class=\"flex justify-between\">\n<div class=\"markdown text-base\"><span class=\"mr-2\">\u2022<\/span><br \/>\n\u0631\u0648\u0634 \u0646\u0635\u0628 \u0622\u067e\u0627\u0686\u06cc \u0631\u0648\u06cc CentOS 7<\/div>\n<div class=\"hidden sm:block\"><time class=\"text-sm\" datetime=\"2018-04-27T02:24:10+01:00\">27 \u0622\u0648\u0631\u06cc\u0644 2018<\/time><\/div>\n<\/div>\n<div class=\"flex justify-between\">\n<div class=\"markdown text-base\"><span class=\"mr-2\">\u2022<\/span><br \/>\nMySQL \u0631\u0627 \u0646\u0635\u0628 \u06a9\u0646\u06cc\u062f CentOS 7<\/div>\n<div class=\"hidden sm:block\"><time class=\"text-sm\" datetime=\"2018-05-23T12:24:10+01:00\">23 \u0645\u0647 2018<\/time><\/div>\n<\/div>\n<div class=\"flex justify-between\">\n<div class=\"markdown text-base\"><span class=\"mr-2\">\u2022<\/span><br \/>\n\u0631\u0648\u0634 \u0631\u0627\u0647 \u0627\u0646\u062f\u0627\u0632\u06cc \u0647\u0627\u0633\u062a \u0645\u062c\u0627\u0632\u06cc \u0622\u067e\u0627\u0686\u06cc CentOS 7<\/div>\n<div class=\"hidden sm:block\"><time class=\"text-sm\" datetime=\"2018-08-17T20:24:10+01:00\">17 \u0622\u06af\u0648\u0633\u062a 2018<\/time><\/div>\n<\/div>\n<div class=\"flex justify-between\">\n<div class=\"markdown text-base\"><span class=\"mr-2\">\u2022<\/span><br \/>\nApache \u0631\u0627 \u0628\u0627 Let&#8217;s Encrypt \u0631\u0648\u0634\u0646 \u06a9\u0646\u06cc\u062f CentOS 7<\/div>\n<div class=\"hidden sm:block\"><time class=\"text-sm\" datetime=\"2018-09-08T23:54:10+01:00\">8 \u0633\u067e\u062a\u0627\u0645\u0628\u0631 2018<\/time><\/div>\n<\/div>\n<\/div>\n<\/div>\n\n<div>\u0628\u0631\u0627\u06cc \u0646\u06af\u0627\u0631\u0634 \u0628\u062e\u0634\u0647\u0627\u06cc\u06cc \u0627\u0632 \u0627\u06cc\u0646 \u0645\u062a\u0646 \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u0627\u0632 \u062a\u0631\u062c\u0645\u0647 \u0645\u0627\u0634\u06cc\u0646\u06cc \u06cc\u0627 \u0647\u0648\u0634 \u0645\u0635\u0646\u0648\u0639\u06cc GPT \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0634\u062f\u0647 \u0628\u0627\u0634\u062f <br \/>\n\u0644\u0637\u0641\u0627 \u062f\u0631 \u0635\u0648\u0631\u062a \u0648\u062c\u0648\u062f \u0645\u0634\u06a9\u0644 \u062f\u0631 \u0645\u062a\u0646 \u06cc\u0627 \u0645\u0641\u0647\u0648\u0645 \u0646\u0628\u0648\u062f\u0646 \u062a\u0648\u0636\u06cc\u062d\u0627\u062a\u060c \u0627\u0632 \u0637\u0631\u06cc\u0642 \u062f\u06a9\u0645\u0647 \u06af\u0632\u0627\u0631\u0634 \u0646\u0648\u0634\u062a\u0627\u0631 \u06cc\u0627 \u062f\u0631\u062c \u0646\u0638\u0631 \u0631\u0648\u06cc \u0627\u06cc\u0646 \u0645\u0637\u0644\u0628 \u0645\u0627 \u0631\u0627 \u0627\u0632 \u062c\u0632\u06cc\u06cc\u0627\u062a \u0645\u0634\u06a9\u0644 \u0645\u0634\u0627\u0647\u062f\u0647 \u0634\u062f\u0647 \u0645\u0637\u0644\u0639 \u06a9\u0646\u06cc\u062f \u062a\u0627 \u0628\u0647 \u0622\u0646 \u0631\u0633\u06cc\u062f\u06af\u06cc \u06a9\u0646\u06cc\u0645\n<\/div>\n<p>\u0632\u0645\u0627\u0646 \u0627\u0646\u062a\u0634\u0627\u0631: 1402-12-27 13:42:03<br \/>\n<\/p>\n\n\n<div class=\"kk-star-ratings kksr-auto kksr-align-center kksr-valign-bottom\"\n    data-payload='{&quot;align&quot;:&quot;center&quot;,&quot;id&quot;:&quot;10125&quot;,&quot;slug&quot;:&quot;default&quot;,&quot;valign&quot;:&quot;bottom&quot;,&quot;ignore&quot;:&quot;&quot;,&quot;reference&quot;:&quot;auto&quot;,&quot;class&quot;:&quot;&quot;,&quot;count&quot;:&quot;0&quot;,&quot;legendonly&quot;:&quot;&quot;,&quot;readonly&quot;:&quot;&quot;,&quot;score&quot;:&quot;0&quot;,&quot;starsonly&quot;:&quot;&quot;,&quot;best&quot;:&quot;5&quot;,&quot;gap&quot;:&quot;5&quot;,&quot;greet&quot;:&quot;\u0627\u0645\u062a\u06cc\u0627\u0632 \u0634\u0645\u0627 \u0628\u0647 \u0627\u06cc\u0646 \u0645\u0637\u0644\u0628&quot;,&quot;legend&quot;:&quot;0\\\/5 (0 \u0631\u0627\u06cc)&quot;,&quot;size&quot;:&quot;30&quot;,&quot;title&quot;:&quot;Apache \u0631\u0627 \u0628\u0627 Let\\u0026#039;s Encrypt \u0631\u0648\u0634\u0646 \u06a9\u0646\u06cc\u062f CentOS 7&quot;,&quot;width&quot;:&quot;0&quot;,&quot;_legend&quot;:&quot;{score}\\\/{best} ({count} \u0631\u0627\u06cc)&quot;,&quot;font_factor&quot;:&quot;1.25&quot;}'>\n            \n<div class=\"kksr-stars\">\n    \n<div class=\"kksr-stars-inactive\">\n            <div class=\"kksr-star\" data-star=\"1\" style=\"padding-left: 5px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 30px; height: 30px;\"><\/div>\n        <\/div>\n            <div class=\"kksr-star\" data-star=\"2\" style=\"padding-left: 5px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 30px; height: 30px;\"><\/div>\n        <\/div>\n            <div class=\"kksr-star\" data-star=\"3\" style=\"padding-left: 5px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 30px; height: 30px;\"><\/div>\n        <\/div>\n            <div class=\"kksr-star\" data-star=\"4\" style=\"padding-left: 5px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 30px; height: 30px;\"><\/div>\n        <\/div>\n            <div class=\"kksr-star\" data-star=\"5\" style=\"padding-left: 5px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 30px; height: 30px;\"><\/div>\n        <\/div>\n    <\/div>\n    \n<div class=\"kksr-stars-active\" style=\"width: 0px;\">\n            <div class=\"kksr-star\" style=\"padding-left: 5px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 30px; height: 30px;\"><\/div>\n        <\/div>\n            <div class=\"kksr-star\" style=\"padding-left: 5px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 30px; height: 30px;\"><\/div>\n        <\/div>\n            <div class=\"kksr-star\" style=\"padding-left: 5px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 30px; height: 30px;\"><\/div>\n        <\/div>\n            <div class=\"kksr-star\" style=\"padding-left: 5px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 30px; height: 30px;\"><\/div>\n        <\/div>\n            <div class=\"kksr-star\" style=\"padding-left: 5px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 30px; height: 30px;\"><\/div>\n        <\/div>\n    <\/div>\n<\/div>\n                \n\n<div class=\"kksr-legend\" style=\"font-size: 24px;\">\n            <span class=\"kksr-muted\">\u0627\u0645\u062a\u06cc\u0627\u0632 \u0634\u0645\u0627 \u0628\u0647 \u0627\u06cc\u0646 \u0645\u0637\u0644\u0628<\/span>\n    <\/div>\n    <\/div>\n","protected":false},"excerpt":{"rendered":"<p><span class=\"span-reading-time rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\">\u0632\u0645\u0627\u0646 \u0644\u0627\u0632\u0645 \u0628\u0631\u0627\u06cc \u0645\u0637\u0627\u0644\u0639\u0647: <\/span> <span class=\"rt-time\"> 5<\/span> <span class=\"rt-label rt-postfix\">\u062f\u0642\u06cc\u0642\u0647<\/span><\/span>Let&#8217;s Encrypt \u06cc\u06a9 \u0645\u0631\u062c\u0639 \u06af\u0648\u0627\u0647\u06cc \u0631\u0627\u06cc\u06af\u0627\u0646\u060c \u062e\u0648\u062f\u06a9\u0627\u0631 \u0648 \u0628\u0627\u0632 \u0627\u0633\u062a \u06a9\u0647 \u062a\u0648\u0633\u0637 \u06af\u0631\u0648\u0647 \u062a\u062d\u0642\u06cc\u0642\u0627\u062a\u06cc \u0627\u0645\u0646\u06cc\u062a \u0627\u06cc\u0646\u062a\u0631\u0646\u062a (ISRG) \u062a\u0648\u0633\u0639\u0647 \u06cc\u0627\u0641\u062a\u0647 \u0627\u0633\u062a. \u06af\u0648\u0627\u0647\u06cc\u0646\u0627\u0645\u0647 \u0647\u0627\u06cc \u0635\u0627\u062f\u0631 \u0634\u062f\u0647 \u062a\u0648\u0633\u0637 Let&#8217;s Encrypt \u0628\u0647 \u0645\u062f\u062a 90 \u0631\u0648\u0632 \u0627\u0632 \u062a\u0627\u0631\u06cc\u062e \u0635\u062f\u0648\u0631 \u0645\u0639\u062a\u0628\u0631 \u0647\u0633\u062a\u0646\u062f \u0648 \u0627\u0645\u0631\u0648\u0632\u0647 \u0645\u0648\u0631\u062f \u0627\u0639\u062a\u0645\u0627\u062f \u0647\u0645\u0647 \u0645\u0631\u0648\u0631\u06af\u0631\u0647\u0627\u06cc \u0627\u0635\u0644\u06cc \u0647\u0633\u062a\u0646\u062f. \u062f\u0631 \u0627\u06cc\u0646 \u0622\u0645\u0648\u0632\u0634\u060c \u0645\u0627 \u0645\u0631\u0627\u062d\u0644 \u0644\u0627\u0632\u0645 \u0628\u0631\u0627\u06cc \u0646\u0635\u0628 \u06cc\u06a9 \u06af\u0648\u0627\u0647\u06cc\u0646\u0627\u0645\u0647 \u0631\u0627\u06cc\u06af\u0627\u0646 [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":10126,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[202,95],"tags":[2608,2638,2640,918,180,2607,2537,2533,2539,2641,2639,1870,1868],"class_list":["post-10125","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-os","category-linux","tag-certbot","tag-lamp-stack-----centos-7","tag-mysql----centos-7","tag-ssl","tag-180","tag-2607","tag--linux","tag-2533","tag-2539","tag-------centos-7","tag-----centos-7"],"acf":[],"_links":{"self":[{"href":"https:\/\/rasanegaar.com\/blog\/wp-json\/wp\/v2\/posts\/10125","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rasanegaar.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rasanegaar.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rasanegaar.com\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/rasanegaar.com\/blog\/wp-json\/wp\/v2\/comments?post=10125"}],"version-history":[{"count":0,"href":"https:\/\/rasanegaar.com\/blog\/wp-json\/wp\/v2\/posts\/10125\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/rasanegaar.com\/blog\/wp-json\/wp\/v2\/media\/10126"}],"wp:attachment":[{"href":"https:\/\/rasanegaar.com\/blog\/wp-json\/wp\/v2\/media?parent=10125"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rasanegaar.com\/blog\/wp-json\/wp\/v2\/categories?post=10125"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rasanegaar.com\/blog\/wp-json\/wp\/v2\/tags?post=10125"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}