{"id":10279,"date":"2023-12-27T21:34:07","date_gmt":"2023-12-27T18:04:07","guid":{"rendered":"https:\/\/rasanegar.com\/blog\/nginx-%d8%b1%d8%a7-%d8%a8%d8%a7-lets-encrypt-%d8%b1%d9%88%d8%b4%d9%86-%da%a9%d9%86%db%8c%d8%af-centos-7\/"},"modified":"2023-12-27T21:34:07","modified_gmt":"2023-12-27T18:04:07","slug":"nginx-%d8%b1%d8%a7-%d8%a8%d8%a7-lets-encrypt-%d8%b1%d9%88%d8%b4%d9%86-%da%a9%d9%86%db%8c%d8%af-centos-7","status":"publish","type":"post","link":"https:\/\/rasanegaar.com\/blog\/nginx-%d8%b1%d8%a7-%d8%a8%d8%a7-lets-encrypt-%d8%b1%d9%88%d8%b4%d9%86-%da%a9%d9%86%db%8c%d8%af-centos-7\/","title":{"rendered":"Nginx \u0631\u0627 \u0628\u0627 Let&#8217;s Encrypt \u0631\u0648\u0634\u0646 \u06a9\u0646\u06cc\u062f CentOS 7"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\"><p class=\"ez-toc-title\" style=\"cursor:inherit\">\u0633\u0631\u0641\u0635\u0644\u0647\u0627\u06cc \u0645\u0637\u0644\u0628<\/p>\n<\/div><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/rasanegaar.com\/blog\/nginx-%d8%b1%d8%a7-%d8%a8%d8%a7-lets-encrypt-%d8%b1%d9%88%d8%b4%d9%86-%da%a9%d9%86%db%8c%d8%af-centos-7\/#%d9%be%db%8c%d8%b4_%d9%86%db%8c%d8%a7%d8%b2%d9%87%d8%a7\" >\u067e\u06cc\u0634 \u0646\u06cc\u0627\u0632\u0647\u0627<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/rasanegaar.com\/blog\/nginx-%d8%b1%d8%a7-%d8%a8%d8%a7-lets-encrypt-%d8%b1%d9%88%d8%b4%d9%86-%da%a9%d9%86%db%8c%d8%af-centos-7\/#certbot_%d8%b1%d8%a7_%d9%86%d8%b5%d8%a8_%da%a9%d9%86%db%8c%d8%af\" >Certbot \u0631\u0627 \u0646\u0635\u0628 \u06a9\u0646\u06cc\u062f<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/rasanegaar.com\/blog\/nginx-%d8%b1%d8%a7-%d8%a8%d8%a7-lets-encrypt-%d8%b1%d9%88%d8%b4%d9%86-%da%a9%d9%86%db%8c%d8%af-centos-7\/#%da%af%d8%b1%d9%88%d9%87_strong_dh_diffie-hellman_%d8%b1%d8%a7_%d8%a7%db%8c%d8%ac%d8%a7%d8%af_%da%a9%d9%86%db%8c%d8%af\" >\u06af\u0631\u0648\u0647 Strong Dh (Diffie-Hellman) \u0631\u0627 \u0627\u06cc\u062c\u0627\u062f \u06a9\u0646\u06cc\u062f<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/rasanegaar.com\/blog\/nginx-%d8%b1%d8%a7-%d8%a8%d8%a7-lets-encrypt-%d8%b1%d9%88%d8%b4%d9%86-%da%a9%d9%86%db%8c%d8%af-centos-7\/#%d8%af%d8%b1%db%8c%d8%a7%d9%81%d8%aa_%da%af%d9%88%d8%a7%d9%87%db%8c%d9%86%d8%a7%d9%85%d9%87_lets_encrypt_ssl\" >\u062f\u0631\u06cc\u0627\u0641\u062a \u06af\u0648\u0627\u0647\u06cc\u0646\u0627\u0645\u0647 Let&#8217;s Encrypt SSL<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/rasanegaar.com\/blog\/nginx-%d8%b1%d8%a7-%d8%a8%d8%a7-lets-encrypt-%d8%b1%d9%88%d8%b4%d9%86-%da%a9%d9%86%db%8c%d8%af-centos-7\/#%d8%aa%d9%85%d8%af%db%8c%d8%af_%d8%ae%d9%88%d8%af%da%a9%d8%a7%d8%b1_%da%af%d9%88%d8%a7%d9%87%db%8c%d9%86%d8%a7%d9%85%d9%87_lets_encrypt_ssl\" >\u062a\u0645\u062f\u06cc\u062f \u062e\u0648\u062f\u06a9\u0627\u0631 \u06af\u0648\u0627\u0647\u06cc\u0646\u0627\u0645\u0647 Let&#8217;s Encrypt SSL<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/rasanegaar.com\/blog\/nginx-%d8%b1%d8%a7-%d8%a8%d8%a7-lets-encrypt-%d8%b1%d9%88%d8%b4%d9%86-%da%a9%d9%86%db%8c%d8%af-centos-7\/#%d9%86%d8%aa%db%8c%d8%ac%d9%87\" >\u0646\u062a\u06cc\u062c\u0647<\/a><\/li><\/ul><\/nav><\/div>\n<span class=\"span-reading-time rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\">\u0632\u0645\u0627\u0646 \u0644\u0627\u0632\u0645 \u0628\u0631\u0627\u06cc \u0645\u0637\u0627\u0644\u0639\u0647: <\/span> <span class=\"rt-time\"> 4<\/span> <span class=\"rt-label rt-postfix\">\u062f\u0642\u06cc\u0642\u0647<\/span><\/span><p> <br \/>\n<br \/><\/p>\n<div class=\"markdown\">\n<p>Let&#8217;s Encrypt \u06cc\u06a9 \u0645\u0631\u062c\u0639 \u06af\u0648\u0627\u0647\u06cc \u0631\u0627\u06cc\u06af\u0627\u0646 \u0648 \u0628\u0627\u0632 \u0627\u0633\u062a \u06a9\u0647 \u062a\u0648\u0633\u0637 \u06af\u0631\u0648\u0647 \u062a\u062d\u0642\u06cc\u0642\u0627\u062a\u06cc \u0627\u0645\u0646\u06cc\u062a \u0627\u06cc\u0646\u062a\u0631\u0646\u062a (ISRG) \u062a\u0648\u0633\u0639\u0647 \u06cc\u0627\u0641\u062a\u0647 \u0627\u0633\u062a.  \u0627\u0645\u0631\u0648\u0632\u0647 \u062a\u0642\u0631\u06cc\u0628\u0627\u064b \u0647\u0645\u0647 \u0645\u0631\u0648\u0631\u06af\u0631\u0647\u0627 \u0628\u0647 \u06af\u0648\u0627\u0647\u06cc\u200c\u0647\u0627\u06cc \u0635\u0627\u062f\u0631 \u0634\u062f\u0647 \u062a\u0648\u0633\u0637 Let&#8217;s Encrypt \u0627\u0639\u062a\u0645\u0627\u062f \u062f\u0627\u0631\u0646\u062f.<\/p>\n<p>\u062f\u0631 \u0627\u06cc\u0646 \u0622\u0645\u0648\u0632\u0634\u060c \u062f\u0633\u062a\u0648\u0631\u0627\u0644\u0639\u0645\u0644 \u0647\u0627\u06cc \u06af\u0627\u0645 \u0628\u0647 \u06af\u0627\u0645 \u062f\u0631 \u0645\u0648\u0631\u062f \u0631\u0648\u0634 \u0627\u06cc\u0645\u0646 \u0633\u0627\u0632\u06cc Nginx \u062e\u0648\u062f \u0628\u0627 Let&#8217;s Encrypt \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0627\u0628\u0632\u0627\u0631 certbot \u062f\u0631 CentOS 7.<\/p>\n<h2 id=\"prerequisites\"><span class=\"ez-toc-section\" id=\"%d9%be%db%8c%d8%b4_%d9%86%db%8c%d8%a7%d8%b2%d9%87%d8%a7\"><\/span>\u067e\u06cc\u0634 \u0646\u06cc\u0627\u0632\u0647\u0627 <span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>\u0642\u0628\u0644 \u0627\u0632 \u0627\u062f\u0627\u0645\u0647 \u0627\u06cc\u0646 \u0622\u0645\u0648\u0632\u0634 \u0645\u0637\u0645\u0626\u0646 \u0634\u0648\u06cc\u062f \u06a9\u0647 \u067e\u06cc\u0634 \u0646\u06cc\u0627\u0632\u0647\u0627\u06cc \u0632\u06cc\u0631 \u0631\u0627 \u0628\u0631\u0622\u0648\u0631\u062f\u0647 \u06a9\u0631\u062f\u0647 \u0627\u06cc\u062f:<\/p>\n<ul>\n<li>\u0634\u0645\u0627 \u06cc\u06a9 \u0646\u0627\u0645 \u062f\u0627\u0645\u0646\u0647 \u062f\u0627\u0631\u06cc\u062f \u06a9\u0647 \u0628\u0647 IP \u0633\u0631\u0648\u0631 \u0639\u0645\u0648\u0645\u06cc \u0634\u0645\u0627 \u0627\u0634\u0627\u0631\u0647 \u062f\u0627\u0631\u062f.  \u062f\u0631 \u0627\u06cc\u0646 \u0622\u0645\u0648\u0632\u0634 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u062e\u0648\u0627\u0647\u06cc\u0645 \u06a9\u0631\u062f <code>example.com<\/code>.<\/li>\n<li>\u0634\u0645\u0627 \u0645\u062e\u0632\u0646 EPEL \u0631\u0627 \u0641\u0639\u0627\u0644 \u06a9\u0631\u062f\u0647 \u0627\u06cc\u062f \u0648 Nginx \u0631\u0627 \u0628\u0627 \u062f\u0646\u0628\u0627\u0644 \u06a9\u0631\u062f\u0646 \u0631\u0648\u0634 \u0646\u0635\u0628 Nginx \u062f\u0631 CentOS 7 .<\/li>\n<\/ul>\n<h2 id=\"install-certbot\"><span class=\"ez-toc-section\" id=\"certbot_%d8%b1%d8%a7_%d9%86%d8%b5%d8%a8_%da%a9%d9%86%db%8c%d8%af\"><\/span>Certbot \u0631\u0627 \u0646\u0635\u0628 \u06a9\u0646\u06cc\u062f <span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Certbot \u0627\u0628\u0632\u0627\u0631\u06cc \u0622\u0633\u0627\u0646 \u0628\u0631\u0627\u06cc \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0633\u062a \u06a9\u0647 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0648\u0638\u0627\u06cc\u0641 \u0645\u0631\u0628\u0648\u0637 \u0628\u0647 \u062f\u0631\u06cc\u0627\u0641\u062a \u0648 \u062a\u0645\u062f\u06cc\u062f \u06af\u0648\u0627\u0647\u06cc\u0646\u0627\u0645\u0647\u200c\u0647\u0627\u06cc Let&#8217;s Encrypt SSL \u0648 \u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc \u0633\u0631\u0648\u0631\u0647\u0627\u06cc \u0648\u0628 \u0631\u0627 \u062e\u0648\u062f\u06a9\u0627\u0631 \u06a9\u0646\u062f.<\/p>\n<p>\u0628\u0631\u0627\u06cc \u0646\u0635\u0628 \u0628\u0633\u062a\u0647 certbot \u0627\u0632 \u0645\u062e\u0632\u0646 EPEL \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u06cc\u062f:<\/p>\n<pre class=\"terminal\"><code class=\"terminal-line\" prefix=\"$\">sudo yum install certbot<\/code><\/pre>\n<h2 id=\"generate-strong-dh-diffie-hellman-group\"><span class=\"ez-toc-section\" id=\"%da%af%d8%b1%d9%88%d9%87_strong_dh_diffie-hellman_%d8%b1%d8%a7_%d8%a7%db%8c%d8%ac%d8%a7%d8%af_%da%a9%d9%86%db%8c%d8%af\"><\/span>\u06af\u0631\u0648\u0647 Strong Dh (Diffie-Hellman) \u0631\u0627 \u0627\u06cc\u062c\u0627\u062f \u06a9\u0646\u06cc\u062f <span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>\u062a\u0628\u0627\u062f\u0644 \u06a9\u0644\u06cc\u062f \u062f\u06cc\u0641\u06cc-\u0647\u0644\u0645\u0646 (DH) \u0631\u0648\u0634\u06cc \u0628\u0631\u0627\u06cc \u062a\u0628\u0627\u062f\u0644 \u0627\u0645\u0646 \u06a9\u0644\u06cc\u062f\u0647\u0627\u06cc \u0631\u0645\u0632\u0646\u06af\u0627\u0631\u06cc \u0627\u0632 \u0637\u0631\u06cc\u0642 \u06cc\u06a9 \u06a9\u0627\u0646\u0627\u0644 \u0627\u0631\u062a\u0628\u0627\u0637\u06cc \u0646\u0627\u0627\u0645\u0646 \u0627\u0633\u062a.<\/p>\n<p>\u0628\u0627 \u062a\u0627\u06cc\u067e \u062f\u0633\u062a\u0648\u0631 \u0632\u06cc\u0631 \u0645\u062c\u0645\u0648\u0639\u0647 \u062c\u062f\u06cc\u062f\u06cc \u0627\u0632 \u067e\u0627\u0631\u0627\u0645\u062a\u0631\u0647\u0627\u06cc DH 2048 \u0628\u06cc\u062a\u06cc \u0627\u06cc\u062c\u0627\u062f \u06a9\u0646\u06cc\u062f:<\/p>\n<pre class=\"terminal\"><code class=\"terminal-line\" prefix=\"$\">sudo openssl dhparam -out \/etc\/ssl\/certs\/dhparam.pem 2048<\/code><\/pre>\n<div class=\"note bg-yellow-100 dark:bg-gray-800 border-l-4 border-yellow-400 dark:text-yellow-200 p-6 my-6\">\n<div class=\"flex\">\n<div class=\"font-sans w-full\">\u0627\u06af\u0631 \u062f\u0648\u0633\u062a \u062f\u0627\u0631\u06cc\u062f \u0645\u06cc \u062a\u0648\u0627\u0646\u06cc\u062f \u0627\u0646\u062f\u0627\u0632\u0647 \u0631\u0627 \u062a\u0627 4096 \u0628\u06cc\u062a \u062a\u063a\u06cc\u06cc\u0631 \u062f\u0647\u06cc\u062f\u060c \u0627\u0645\u0627 \u062f\u0631 \u0627\u06cc\u0646 \u0635\u0648\u0631\u062a\u060c \u0628\u0633\u062a\u0647 \u0628\u0647 \u0622\u0646\u062a\u0631\u0648\u067e\u06cc \u0633\u06cc\u0633\u062a\u0645\u060c \u062a\u0648\u0644\u06cc\u062f \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u0628\u06cc\u0634 \u0627\u0632 30 \u062f\u0642\u06cc\u0642\u0647 \u0637\u0648\u0644 \u0628\u06a9\u0634\u062f.<\/div>\n<\/div>\n<\/div>\n<h2 id=\"obtaining-a-lets-encrypt-ssl-certificate\"><span class=\"ez-toc-section\" id=\"%d8%af%d8%b1%db%8c%d8%a7%d9%81%d8%aa_%da%af%d9%88%d8%a7%d9%87%db%8c%d9%86%d8%a7%d9%85%d9%87_lets_encrypt_ssl\"><\/span>\u062f\u0631\u06cc\u0627\u0641\u062a \u06af\u0648\u0627\u0647\u06cc\u0646\u0627\u0645\u0647 Let&#8217;s Encrypt SSL <span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>\u0628\u0631\u0627\u06cc \u062f\u0631\u06cc\u0627\u0641\u062a \u06af\u0648\u0627\u0647\u06cc SSL \u0628\u0631\u0627\u06cc \u062f\u0627\u0645\u0646\u0647 \u062e\u0648\u062f\u060c \u0627\u0632 \u0627\u0641\u0632\u0648\u0646\u0647 Webroot \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc \u06a9\u0646\u06cc\u0645 \u06a9\u0647 \u0628\u0627 \u0627\u06cc\u062c\u0627\u062f \u06cc\u06a9 \u0641\u0627\u06cc\u0644 \u0645\u0648\u0642\u062a \u0628\u0631\u0627\u06cc \u0627\u0639\u062a\u0628\u0627\u0631\u0633\u0646\u062c\u06cc \u062f\u0627\u0645\u0646\u0647 \u062f\u0631\u062e\u0648\u0627\u0633\u062a\u06cc \u062f\u0631 <code>${webroot-path}\/.well-known\/acme-challenge<\/code> \u0641\u0647\u0631\u0633\u062a \u0631\u0627\u0647\u0646\u0645\u0627.  \u0633\u0631\u0648\u0631 Let&#8217;s Encrypt \u062f\u0631\u062e\u0648\u0627\u0633\u062a \u0647\u0627\u06cc HTTP \u0631\u0627 \u0628\u0647 \u0641\u0627\u06cc\u0644 \u0645\u0648\u0642\u062a \u0645\u06cc \u062f\u0647\u062f \u062a\u0627 \u062a\u0623\u06cc\u06cc\u062f \u06a9\u0646\u062f \u06a9\u0647 \u062f\u0627\u0645\u0646\u0647 \u062f\u0631\u062e\u0648\u0627\u0633\u062a\u06cc \u0628\u0647 \u0633\u0631\u0648\u0631\u06cc \u06a9\u0647 \u0631\u0628\u0627\u062a \u062f\u0631 \u0622\u0646 \u0627\u062c\u0631\u0627 \u0645\u06cc \u0634\u0648\u062f \u062d\u0644 \u0645\u06cc \u0634\u0648\u062f.<\/p>\n<p>\u0628\u0631\u0627\u06cc \u0633\u0627\u062f\u0647\u200c\u062a\u0631 \u06a9\u0631\u062f\u0646 \u0622\u0646\u060c \u0645\u06cc\u200c\u062e\u0648\u0627\u0647\u06cc\u0645 \u062a\u0645\u0627\u0645 \u062f\u0631\u062e\u0648\u0627\u0633\u062a\u200c\u0647\u0627\u06cc HTTP \u0631\u0627 \u0628\u0631\u0627\u06cc \u0622\u0646\u0647\u0627 \u062a\u0631\u0633\u06cc\u0645 \u06a9\u0646\u06cc\u0645 <code>.well-known\/acme-challenge<\/code> \u0628\u0647 \u06cc\u06a9 \u062f\u0627\u06cc\u0631\u06a9\u062a\u0648\u0631\u06cc \u0648\u0627\u062d\u062f\u060c <code>\/var\/lib\/letsencrypt<\/code>.<\/p>\n<p>\u062f\u0633\u062a\u0648\u0631\u0627\u062a \u0632\u06cc\u0631 \u062f\u0627\u06cc\u0631\u06a9\u062a\u0648\u0631\u06cc \u0631\u0627 \u0627\u06cc\u062c\u0627\u062f \u06a9\u0631\u062f\u0647 \u0648 \u0622\u0646 \u0631\u0627 \u0628\u0631\u0627\u06cc \u0633\u0631\u0648\u0631 Nginx \u0642\u0627\u0628\u0644 \u0646\u0648\u0634\u062a\u0646 \u0645\u06cc \u06a9\u0646\u062f.<\/p>\n<pre class=\"terminal\"><code class=\"terminal-line\" prefix=\"$\">sudo mkdir -p \/var\/lib\/letsencrypt\/.well-known<\/code><code class=\"terminal-line\" prefix=\"$\">sudo chgrp nginx \/var\/lib\/letsencrypt<\/code><code class=\"terminal-line\" prefix=\"$\">sudo chmod g+s \/var\/lib\/letsencrypt<\/code><\/pre>\n<p>\u0628\u0631\u0627\u06cc \u062c\u0644\u0648\u06af\u06cc\u0631\u06cc \u0627\u0632 \u062a\u06a9\u0631\u0627\u0631 \u06a9\u062f\u060c \u062f\u0648 \u0642\u0637\u0639\u0647 \u0632\u06cc\u0631 \u0631\u0627 \u0627\u06cc\u062c\u0627\u062f \u06a9\u0646\u06cc\u062f \u06a9\u0647 \u062f\u0631 \u062a\u0645\u0627\u0645 \u0641\u0627\u06cc\u0644 \u0647\u0627\u06cc \u0628\u0644\u0648\u06a9 \u0633\u0631\u0648\u0631 Nginx \u062e\u0648\u062f \u0642\u0631\u0627\u0631 \u0645\u06cc \u062f\u0647\u06cc\u0645:<\/p>\n<pre class=\"terminal\"><code class=\"terminal-line\" prefix=\"$\">sudo mkdir \/etc\/nginx\/snippets<\/code><\/pre>\n<div class=\"code-label\">\/etc\/nginx\/snippets\/letsencrypt.conf<\/div>\n<div class=\"highlight\">\n<pre tabindex=\"0\" class=\"chroma\"><code class=\"language-nginx\" data-lang=\"nginx\"><span class=\"line\"><span class=\"cl\"><span class=\"k\">location<\/span> <span class=\"s\">^~<\/span> <span class=\"s\">\/.well-known\/acme-challenge\/<\/span> <span class=\"p\">{<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">  <span class=\"kn\">allow<\/span> <span class=\"s\">all<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">  <span class=\"kn\">root<\/span> <span class=\"s\">\/var\/lib\/letsencrypt\/<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">  <span class=\"kn\">default_type<\/span> <span class=\"s\">\"text\/plain\"<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">  <span class=\"kn\">try_files<\/span> <span class=\"nv\">$uri<\/span> <span class=\"p\">=<\/span><span class=\"mi\">404<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"p\">}<\/span>\n<\/span><\/span><\/code><\/pre>\n<\/div>\n<div class=\"code-label\">\/etc\/nginx\/snippets\/ssl.conf<\/div>\n<div class=\"highlight\">\n<pre tabindex=\"0\" class=\"chroma\"><code class=\"language-nginx\" data-lang=\"nginx\"><span class=\"line\"><span class=\"cl\"><span class=\"k\">ssl_dhparam<\/span> <span class=\"s\">\/etc\/ssl\/certs\/dhparam.pem<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"k\">ssl_session_timeout<\/span> <span class=\"s\">1d<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"k\">ssl_session_cache<\/span> <span class=\"s\">shared:SSL:50m<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"k\">ssl_session_tickets<\/span> <span class=\"no\">off<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"k\">ssl_protocols<\/span> <span class=\"s\">TLSv1<\/span> <span class=\"s\">TLSv1.1<\/span> <span class=\"s\">TLSv1.2<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"k\">ssl_ciphers<\/span> <span class=\"s\">'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS'<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"k\">ssl_prefer_server_ciphers<\/span> <span class=\"no\">on<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"k\">ssl_stapling<\/span> <span class=\"no\">on<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"k\">ssl_stapling_verify<\/span> <span class=\"no\">on<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"k\">resolver<\/span> <span class=\"mi\">8<\/span><span class=\"s\">.8.8.8<\/span> <span class=\"mi\">8<\/span><span class=\"s\">.8.4.4<\/span> <span class=\"s\">valid=300s<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"k\">resolver_timeout<\/span> <span class=\"s\">30s<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"k\">add_header<\/span> <span class=\"s\">Strict-Transport-Security<\/span> <span class=\"s\">\"max-age=15768000<\/span><span class=\"p\">;<\/span> <span class=\"k\">includeSubdomains<\/span><span class=\"p\">;<\/span> <span class=\"k\">preload\"<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"k\">add_header<\/span> <span class=\"s\">X-Frame-Options<\/span> <span class=\"s\">SAMEORIGIN<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"k\">add_header<\/span> <span class=\"s\">X-Content-Type-Options<\/span> <span class=\"s\">nosniff<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><\/code><\/pre>\n<\/div>\n<p>\u0642\u0637\u0639\u0647 \u0628\u0627\u0644\u0627 \u0634\u0627\u0645\u0644 \u062a\u0631\u0627\u0634\u0647 \u0647\u0627\u06cc \u062a\u0648\u0635\u06cc\u0647 \u0634\u062f\u0647 \u062a\u0648\u0633\u0637 <a href=\"https:\/\/mozilla.github.io\/server-side-tls\/ssl-config-generator\/\" target=\"_blank\" rel=\"noopener\">\u0645\u0648\u0632\u06cc\u0644\u0627<\/a><br \/>\n\u060c OCSP Stapling\u060c HTTP Strict Transport Security (HSTS) \u0631\u0627 \u0641\u0639\u0627\u0644 \u0645\u06cc \u06a9\u0646\u062f \u0648 \u062a\u0639\u062f\u0627\u062f \u06a9\u0645\u06cc \u0647\u062f\u0631 HTTP \u0645\u062a\u0645\u0631\u06a9\u0632 \u0628\u0631 \u0627\u0645\u0646\u06cc\u062a \u0631\u0627 \u0627\u0639\u0645\u0627\u0644 \u0645\u06cc \u06a9\u0646\u062f.<\/p>\n<p>\u067e\u0633 \u0627\u0632 \u0627\u06cc\u062c\u0627\u062f \u0627\u0633\u0646\u06cc\u067e\u062a \u0647\u0627\u060c \u0628\u0644\u0648\u06a9 \u0633\u0631\u0648\u0631 \u062f\u0627\u0645\u0646\u0647 \u0631\u0627 \u0628\u0627\u0632 \u06a9\u0646\u06cc\u062f \u0648 \u0622\u0646 \u0631\u0627 \u0648\u0627\u0631\u062f \u06a9\u0646\u06cc\u062f <code>letsencrypt.conf<\/code> \u0627\u0633\u0646\u06cc\u067e\u062a \u0645\u0637\u0627\u0628\u0642 \u0634\u06a9\u0644 \u0632\u06cc\u0631:<\/p>\n<div class=\"code-label\">\/etc\/nginx\/conf.d\/example.com.conf<\/div>\n<div class=\"highlight\">\n<pre tabindex=\"0\" class=\"chroma\"><code class=\"language-nginx\" data-lang=\"nginx\"><span class=\"line\"><span class=\"cl\"><span class=\"k\">server<\/span> <span class=\"p\">{<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">  <span class=\"kn\">listen<\/span> <span class=\"mi\">80<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">  <span class=\"kn\">server_name<\/span> <span class=\"s\">example.com<\/span> <span class=\"s\">www.example.com<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">\n<\/span><\/span><span class=\"line hl\"><span class=\"cl\">  <span class=\"kn\">include<\/span> <span class=\"s\">snippets\/letsencrypt.conf<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"p\">}<\/span><\/span><\/span><\/code><\/pre>\n<\/div>\n<p>\u0628\u0631\u0627\u06cc \u0627\u0639\u0645\u0627\u0644 \u062a\u063a\u06cc\u06cc\u0631\u0627\u062a\u060c \u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc Nginx \u0631\u0627 \u062f\u0648\u0628\u0627\u0631\u0647 \u0628\u0627\u0631\u06af\u06cc\u0631\u06cc \u06a9\u0646\u06cc\u062f:<\/p>\n<pre class=\"terminal\"><code class=\"terminal-line\" prefix=\"$\">sudo systemctl reload nginx<\/code><\/pre>\n<p>\u0627\u06a9\u0646\u0648\u0646 \u0645\u06cc \u062a\u0648\u0627\u0646\u06cc\u062f Certbot \u0631\u0627 \u0628\u0627 \u0627\u0641\u0632\u0648\u0646\u0647 webroot \u0627\u062c\u0631\u0627 \u06a9\u0646\u06cc\u062f \u0648 \u0641\u0627\u06cc\u0644 \u0647\u0627\u06cc \u06af\u0648\u0627\u0647\u06cc SSL \u0631\u0627 \u0628\u0631\u0627\u06cc \u062f\u0627\u0645\u0646\u0647 \u062e\u0648\u062f \u0628\u0627 \u0635\u062f\u0648\u0631:<\/p>\n<pre class=\"terminal\"><code class=\"terminal-line\" prefix=\"$\">sudo certbot certonly --agree-tos --email admin@example.com --webroot -w \/var\/lib\/letsencrypt\/ -d example.com -d www.example.com<\/code><\/pre>\n<p>\u0627\u06af\u0631 \u06af\u0648\u0627\u0647\u06cc SSL \u0628\u0627 \u0645\u0648\u0641\u0642\u06cc\u062a \u062f\u0631\u06cc\u0627\u0641\u062a \u0634\u0648\u062f\u060c certbot \u067e\u06cc\u0627\u0645 \u0632\u06cc\u0631 \u0631\u0627 \u0686\u0627\u067e \u0645\u06cc \u06a9\u0646\u062f:<\/p>\n<pre tabindex=\"0\"><code class=\"language-output\" data-lang=\"output\">IMPORTANT NOTES:\n - Congratulations! Your certificate and chain have been saved at:\n   \/etc\/letsencrypt\/live\/example.com\/fullchain.pem\n   Your key file has been saved at:\n   \/etc\/letsencrypt\/live\/example.com\/privkey.pem\n   Your cert will expire on 2018-06-11. To obtain a new or tweaked\n   version of this certificate in the future, simply run certbot\n   again. To non-interactively renew *all* of your certificates, run\n   \"certbot renew\"\n - If you like Certbot, please consider supporting our work by:\n\n   Donating to ISRG \/ Let's Encrypt:   https:\/\/letsencrypt.org\/donate\n   Donating to EFF:                    https:\/\/eff.org\/donate-le\n<\/code><\/pre>\n<p>\u0627\u06a9\u0646\u0648\u0646 \u06a9\u0647 \u0641\u0627\u06cc\u0644 \u0647\u0627\u06cc \u06af\u0648\u0627\u0647\u06cc \u0631\u0627 \u062f\u0627\u0631\u06cc\u062f\u060c \u0645\u06cc \u062a\u0648\u0627\u0646\u06cc\u062f \u0628\u0644\u0648\u06a9 \u0633\u0631\u0648\u0631 \u062f\u0627\u0645\u0646\u0647 \u062e\u0648\u062f \u0631\u0627 \u0628\u0647 \u0635\u0648\u0631\u062a \u0632\u06cc\u0631 \u0648\u06cc\u0631\u0627\u06cc\u0634 \u06a9\u0646\u06cc\u062f:<\/p>\n<div class=\"code-label\">\/etc\/nginx\/conf.d\/example.com.conf<\/div>\n<div class=\"highlight\">\n<pre tabindex=\"0\" class=\"chroma\"><code class=\"language-nginx\" data-lang=\"nginx\"><span class=\"line\"><span class=\"cl\"><span class=\"k\">server<\/span> <span class=\"p\">{<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">    <span class=\"kn\">listen<\/span> <span class=\"mi\">80<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">    <span class=\"kn\">server_name<\/span> <span class=\"s\">www.example.com<\/span> <span class=\"s\">example.com<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">\n<\/span><\/span><span class=\"line\"><span class=\"cl\">    <span class=\"kn\">include<\/span> <span class=\"s\">snippets\/letsencrypt.conf<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">    <span class=\"kn\">return<\/span> <span class=\"mi\">301<\/span> <span class=\"s\">https:\/\/<\/span><span class=\"nv\">$host$request_uri<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"p\">}<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"k\">server<\/span> <span class=\"p\">{<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">    <span class=\"kn\">listen<\/span> <span class=\"mi\">443<\/span> <span class=\"s\">ssl<\/span> <span class=\"s\">http2<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">    <span class=\"kn\">server_name<\/span> <span class=\"s\">www.example.com<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">\n<\/span><\/span><span class=\"line\"><span class=\"cl\">    <span class=\"kn\">ssl_certificate<\/span> <span class=\"s\">\/etc\/letsencrypt\/live\/example.com\/fullchain.pem<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">    <span class=\"kn\">ssl_certificate_key<\/span> <span class=\"s\">\/etc\/letsencrypt\/live\/example.com\/privkey.pem<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">    <span class=\"kn\">ssl_trusted_certificate<\/span> <span class=\"s\">\/etc\/letsencrypt\/live\/example.com\/chain.pem<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">    <span class=\"kn\">include<\/span> <span class=\"s\">snippets\/ssl.conf<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">    <span class=\"kn\">include<\/span> <span class=\"s\">snippets\/letsencrypt.conf<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">\n<\/span><\/span><span class=\"line\"><span class=\"cl\">    <span class=\"kn\">return<\/span> <span class=\"mi\">301<\/span> <span class=\"s\">https:\/\/example.com<\/span><span class=\"nv\">$request_uri<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"p\">}<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"k\">server<\/span> <span class=\"p\">{<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">    <span class=\"kn\">listen<\/span> <span class=\"mi\">443<\/span> <span class=\"s\">ssl<\/span> <span class=\"s\">http2<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">    <span class=\"kn\">server_name<\/span> <span class=\"s\">example.com<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">\n<\/span><\/span><span class=\"line\"><span class=\"cl\">    <span class=\"kn\">ssl_certificate<\/span> <span class=\"s\">\/etc\/letsencrypt\/live\/example.com\/fullchain.pem<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">    <span class=\"kn\">ssl_certificate_key<\/span> <span class=\"s\">\/etc\/letsencrypt\/live\/example.com\/privkey.pem<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">    <span class=\"kn\">ssl_trusted_certificate<\/span> <span class=\"s\">\/etc\/letsencrypt\/live\/example.com\/chain.pem<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">    <span class=\"kn\">include<\/span> <span class=\"s\">snippets\/ssl.conf<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">    <span class=\"kn\">include<\/span> <span class=\"s\">snippets\/letsencrypt.conf<\/span><span class=\"p\">;<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\">\n<\/span><\/span><span class=\"line\"><span class=\"cl\">    <span class=\"c1\"># . . . other code\n<\/span><\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"c1\"><\/span><span class=\"p\">}<\/span>\n<\/span><\/span><\/code><\/pre>\n<\/div>\n<p>\u0628\u0627 \u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc \u0628\u0627\u0644\u0627\u060c HTTPS \u0631\u0627 \u0645\u062c\u0628\u0648\u0631 \u0645\u06cc \u06a9\u0646\u06cc\u0645 \u0648 www \u0631\u0627 \u0628\u0647 \u0646\u0633\u062e\u0647 \u063a\u06cc\u0631 www \u0647\u062f\u0627\u06cc\u062a \u0645\u06cc \u06a9\u0646\u06cc\u0645.<\/p>\n<p>\u062f\u0631 \u0646\u0647\u0627\u06cc\u062a\u060c \u0628\u0631\u0627\u06cc \u0627\u0639\u0645\u0627\u0644 \u062a\u063a\u06cc\u06cc\u0631\u0627\u062a\u060c \u0633\u0631\u0648\u06cc\u0633 Nginx \u0631\u0627 \u062f\u0648\u0628\u0627\u0631\u0647 \u0628\u0627\u0631\u06af\u06cc\u0631\u06cc \u06a9\u0646\u06cc\u062f:<\/p>\n<pre class=\"terminal\"><code class=\"terminal-line\" prefix=\"$\">sudo systemctl reload nginx<\/code><\/pre>\n<h2 id=\"auto-renewing-lets-encrypt-ssl-certificate\"><span class=\"ez-toc-section\" id=\"%d8%aa%d9%85%d8%af%db%8c%d8%af_%d8%ae%d9%88%d8%af%da%a9%d8%a7%d8%b1_%da%af%d9%88%d8%a7%d9%87%db%8c%d9%86%d8%a7%d9%85%d9%87_lets_encrypt_ssl\"><\/span>\u062a\u0645\u062f\u06cc\u062f \u062e\u0648\u062f\u06a9\u0627\u0631 \u06af\u0648\u0627\u0647\u06cc\u0646\u0627\u0645\u0647 Let&#8217;s Encrypt SSL <span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>\u06af\u0648\u0627\u0647\u06cc\u0646\u0627\u0645\u0647 \u0647\u0627\u06cc Let&#8217;s Encrypt \u0628\u0647 \u0645\u062f\u062a 90 \u0631\u0648\u0632 \u0645\u0639\u062a\u0628\u0631 \u0647\u0633\u062a\u0646\u062f.  \u0628\u0631\u0627\u06cc \u062a\u0645\u062f\u06cc\u062f \u062e\u0648\u062f\u06a9\u0627\u0631 \u06af\u0648\u0627\u0647\u06cc\u200c\u0647\u0627 \u0642\u0628\u0644 \u0627\u0632 \u0627\u0646\u0642\u0636\u0627\u060c \u0645\u0627 \u06cc\u06a9 cronjob \u0627\u06cc\u062c\u0627\u062f \u0645\u06cc\u200c\u06a9\u0646\u06cc\u0645 \u06a9\u0647 \u062f\u0648 \u0628\u0627\u0631 \u062f\u0631 \u0631\u0648\u0632 \u0627\u062c\u0631\u0627 \u0645\u06cc\u200c\u0634\u0648\u062f \u0648 \u0647\u0631 \u06af\u0648\u0627\u0647\u06cc \u0631\u0627 30 \u0631\u0648\u0632 \u0642\u0628\u0644 \u0627\u0632 \u0627\u0646\u0642\u0636\u0627 \u0628\u0647 \u0637\u0648\u0631 \u062e\u0648\u062f\u06a9\u0627\u0631 \u062a\u0645\u062f\u06cc\u062f \u0645\u06cc\u200c\u06a9\u0646\u062f.<\/p>\n<p>\u0631\u0627 \u0627\u062c\u0631\u0627 \u06a9\u0646\u06cc\u062f <code>crontab<\/code> \u062f\u0633\u062a\u0648\u0631 \u0627\u06cc\u062c\u0627\u062f \u06cc\u06a9 cronjob \u062c\u062f\u06cc\u062f:<\/p>\n<pre class=\"terminal\"><code class=\"terminal-line\" prefix=\"$\">sudo crontab -e<\/code><\/pre>\n<p>\u062e\u0637\u0648\u0637 \u0632\u06cc\u0631 \u0631\u0627 \u0628\u0686\u0633\u0628\u0627\u0646\u06cc\u062f:<\/p>\n<div class=\"highlight\">\n<pre tabindex=\"0\" class=\"chroma\"><code class=\"language-sh\" data-lang=\"sh\"><span class=\"line\"><span class=\"cl\"><span class=\"m\">0<\/span> *\/12 * * * root <span class=\"nb\">test<\/span> -x \/usr\/bin\/certbot -a <span class=\"se\">\\!<\/span> -d \/run\/systemd\/system <span class=\"o\">&amp;&amp;<\/span> perl -e <span class=\"s1\">'sleep int(rand(3600))'<\/span> <span class=\"o\">&amp;&amp;<\/span> certbot -q renew --renew-hook <span class=\"s2\">\"systemctl reload nginx\"<\/span>\n<\/span><\/span><\/code><\/pre>\n<\/div>\n<p>\u0630\u062e\u06cc\u0631\u0647 \u06a9\u0646\u06cc\u062f \u0648 \u0641\u0627\u06cc\u0644 \u0631\u0627 \u0628\u0628\u0646\u062f\u06cc\u062f.<\/p>\n<p>\u0628\u0631\u0627\u06cc \u062a\u0633\u062a \u062a\u0645\u062f\u06cc\u062f process\u060c \u0645\u06cc \u062a\u0648\u0627\u0646\u06cc\u062f \u0627\u0632 \u062f\u0633\u062a\u0648\u0631 certbot \u0628\u0647 \u062f\u0646\u0628\u0627\u0644 \u0622\u0646 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u06cc\u062f <code>--dry-run<\/code> \u062a\u0639\u0648\u06cc\u0636:<\/p>\n<pre class=\"terminal\"><code class=\"terminal-line\" prefix=\"$\">sudo certbot renew --dry-run<\/code><\/pre>\n<p>\u0627\u06af\u0631 \u062e\u0637\u0627\u06cc\u06cc \u0648\u062c\u0648\u062f \u0646\u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u062f\u060c \u0628\u0647 \u0627\u06cc\u0646 \u0645\u0639\u0646\u06cc \u0627\u0633\u062a \u06a9\u0647 \u0622\u0632\u0645\u0648\u0646 \u062a\u0645\u062f\u06cc\u062f \u0645\u06cc \u0634\u0648\u062f process \u0645\u0648\u0641\u0642\u06cc\u062a \u0622\u0645\u06cc\u0632 \u0628\u0648\u062f.<\/p>\n<h2 id=\"conclusion\"><span class=\"ez-toc-section\" id=\"%d9%86%d8%aa%db%8c%d8%ac%d9%87\"><\/span>\u0646\u062a\u06cc\u062c\u0647 <span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>\u062f\u0631 \u0627\u06cc\u0646 \u0622\u0645\u0648\u0632\u0634\u060c \u0634\u0645\u0627 \u0627\u0632 certbot Let&#8217;s Encrypt \u0628\u0631\u0627\u06cc \u062f\u0627\u0646\u0644\u0648\u062f \u06af\u0648\u0627\u0647\u06cc\u0646\u0627\u0645\u0647 \u0647\u0627\u06cc SSL \u0628\u0631\u0627\u06cc \u062f\u0627\u0645\u0646\u0647 \u062e\u0648\u062f \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0631\u062f\u0647 \u0627\u06cc\u062f.  \u0634\u0645\u0627 \u0647\u0645\u0686\u0646\u06cc\u0646 \u0642\u0637\u0639\u0647 \u0647\u0627\u06cc Nginx \u0631\u0627 \u0628\u0631\u0627\u06cc \u062c\u0644\u0648\u06af\u06cc\u0631\u06cc \u0627\u0632 \u062a\u06a9\u0631\u0627\u0631 \u06a9\u062f \u0627\u06cc\u062c\u0627\u062f \u06a9\u0631\u062f\u0647 \u0627\u06cc\u062f \u0648 Nginx \u0631\u0627 \u0628\u0631\u0627\u06cc \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u06af\u0648\u0627\u0647\u06cc \u0647\u0627 \u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc \u06a9\u0631\u062f\u0647 \u0627\u06cc\u062f.  \u062f\u0631 \u067e\u0627\u06cc\u0627\u0646 \u0622\u0645\u0648\u0632\u0634 \u0634\u0645\u0627 \u06cc\u06a9 cronjob \u0628\u0631\u0627\u06cc \u062a\u0645\u062f\u06cc\u062f \u062e\u0648\u062f\u06a9\u0627\u0631 \u06af\u0648\u0627\u0647\u06cc \u0631\u0627\u0647 \u0627\u0646\u062f\u0627\u0632\u06cc \u06a9\u0631\u062f\u0647 \u0627\u06cc\u062f.<\/p>\n<p>\u0627\u06af\u0631 \u0645\u06cc \u062e\u0648\u0627\u0647\u06cc\u062f \u062f\u0631 \u0645\u0648\u0631\u062f \u0631\u0648\u0634 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 Certbot \u0628\u06cc\u0634\u062a\u0631 \u0628\u062f\u0627\u0646\u06cc\u062f\u060c <a href=\"https:\/\/certbot.eff.org\/docs\/\" target=\"_blank\" rel=\"noopener\">\u0645\u0633\u062a\u0646\u062f\u0627\u062a \u0622\u0646\u0647\u0627<\/a><br \/>\n\u0646\u0642\u0637\u0647 \u0634\u0631\u0648\u0639 \u062e\u0648\u0628\u06cc \u0627\u0633\u062a<\/p>\n<div class=\"flex flex-wrap my-8\">nginx centos \u0628\u06cc\u0627\u06cc\u06cc\u062f certbot ssl \u0631\u0627 \u0631\u0645\u0632\u06af\u0630\u0627\u0631\u06cc \u06a9\u0646\u06cc\u0645<\/div>\n<div class=\"p-6 my-8 bg-teal-100 markdown\">\n<p class=\"text-base\">\u0627\u06cc\u0646 \u067e\u0633\u062a \u0628\u062e\u0634\u06cc \u0627\u0632 <span class=\"font-medium\">LEMP Stack \u0631\u0627 \u0646\u0635\u0628 \u06a9\u0646\u06cc\u062f CentOS 7<\/span> \u0633\u0644\u0633\u0644\u0647.<br \/>\u0633\u0627\u06cc\u0631 \u067e\u0633\u062a \u0647\u0627\u06cc \u0627\u06cc\u0646 \u0645\u062c\u0645\u0648\u0639\u0647:<\/p>\n<div class=\"flex justify-between\">\n<div class=\"markdown text-base\"><span class=\"mr-2\">\u2022<\/span><br \/>\n\u0631\u0648\u0634 \u0646\u0635\u0628 Nginx \u0631\u0648\u06cc CentOS 7<\/div>\n<div class=\"hidden sm:block\"><time class=\"text-sm\" datetime=\"2018-03-13T02:24:10+01:00\">13 \u0645\u0627\u0631\u0633 2018<\/time><\/div>\n<\/div>\n<div class=\"flex justify-between\">\n<div class=\"markdown text-base\"><span class=\"mr-2\">\u2022<\/span><br \/>\nNginx \u0631\u0627 \u0628\u0627 Let&#8217;s Encrypt \u0631\u0648\u0634\u0646 \u06a9\u0646\u06cc\u062f CentOS 7<\/div>\n<div class=\"hidden sm:block\"><time class=\"text-sm\" datetime=\"2018-03-13T22:24:10+01:00\">13 \u0645\u0627\u0631\u0633 2018<\/time><\/div>\n<\/div>\n<div class=\"flex justify-between\">\n<div class=\"markdown text-base\"><span class=\"mr-2\">\u2022<\/span><br \/>\nMariaDB \u0631\u0627 \u0646\u0635\u0628 \u06a9\u0646\u06cc\u062f CentOS 7<\/div>\n<div class=\"hidden sm:block\"><time class=\"text-sm\" datetime=\"2018-03-14T22:24:10+01:00\">14 \u0645\u0627\u0631\u0633 2018<\/time><\/div>\n<\/div>\n<div class=\"flex justify-between\">\n<div class=\"markdown text-base\"><span class=\"mr-2\">\u2022<\/span><br \/>\nPHP 7 \u0631\u0627 \u0631\u0648\u06cc \u0622\u0646 \u0646\u0635\u0628 \u06a9\u0646\u06cc\u062f CentOS 7<\/div>\n<div class=\"hidden sm:block\"><time class=\"text-sm\" datetime=\"2018-03-15T12:04:10+01:00\">15 \u0645\u0627\u0631\u0633 2018<\/time><\/div>\n<\/div>\n<div class=\"flex justify-between\">\n<div class=\"markdown text-base\"><span class=\"mr-2\">\u2022<\/span><br \/>\n\u0631\u0648\u0634 \u0631\u0627\u0647 \u0627\u0646\u062f\u0627\u0632\u06cc \u0628\u0644\u0648\u06a9 \u0647\u0627\u06cc \u0633\u0631\u0648\u0631 Nginx CentOS 7<\/div>\n<div class=\"hidden sm:block\"><time class=\"text-sm\" datetime=\"2018-09-24T10:24:10+01:00\">24 \u0633\u067e\u062a\u0627\u0645\u0628\u0631 2018<\/time><\/div>\n<\/div>\n<\/div>\n<\/div>\n\n<div>\u0628\u0631\u0627\u06cc \u0646\u06af\u0627\u0631\u0634 \u0628\u062e\u0634\u0647\u0627\u06cc\u06cc \u0627\u0632 \u0627\u06cc\u0646 \u0645\u062a\u0646 \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u0627\u0632 \u062a\u0631\u062c\u0645\u0647 \u0645\u0627\u0634\u06cc\u0646\u06cc \u06cc\u0627 \u0647\u0648\u0634 \u0645\u0635\u0646\u0648\u0639\u06cc GPT \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0634\u062f\u0647 \u0628\u0627\u0634\u062f <br \/>\n\u0644\u0637\u0641\u0627 \u062f\u0631 \u0635\u0648\u0631\u062a \u0648\u062c\u0648\u062f \u0645\u0634\u06a9\u0644 \u062f\u0631 \u0645\u062a\u0646 \u06cc\u0627 \u0645\u0641\u0647\u0648\u0645 \u0646\u0628\u0648\u062f\u0646 \u062a\u0648\u0636\u06cc\u062d\u0627\u062a\u060c \u0627\u0632 \u0637\u0631\u06cc\u0642 \u062f\u06a9\u0645\u0647 \u06af\u0632\u0627\u0631\u0634 \u0646\u0648\u0634\u062a\u0627\u0631 \u06cc\u0627 \u062f\u0631\u062c \u0646\u0638\u0631 \u0631\u0648\u06cc \u0627\u06cc\u0646 \u0645\u0637\u0644\u0628 \u0645\u0627 \u0631\u0627 \u0627\u0632 \u062c\u0632\u06cc\u06cc\u0627\u062a \u0645\u0634\u06a9\u0644 \u0645\u0634\u0627\u0647\u062f\u0647 \u0634\u062f\u0647 \u0645\u0637\u0644\u0639 \u06a9\u0646\u06cc\u062f \u062a\u0627 \u0628\u0647 \u0622\u0646 \u0631\u0633\u06cc\u062f\u06af\u06cc \u06a9\u0646\u06cc\u0645\n<\/div>\n<p>\u0632\u0645\u0627\u0646 \u0627\u0646\u062a\u0634\u0627\u0631: 1402-12-27 21:34:03<br \/>\n<\/p>\n\n\n<div class=\"kk-star-ratings kksr-auto kksr-align-center kksr-valign-bottom\"\n    data-payload='{&quot;align&quot;:&quot;center&quot;,&quot;id&quot;:&quot;10279&quot;,&quot;slug&quot;:&quot;default&quot;,&quot;valign&quot;:&quot;bottom&quot;,&quot;ignore&quot;:&quot;&quot;,&quot;reference&quot;:&quot;auto&quot;,&quot;class&quot;:&quot;&quot;,&quot;count&quot;:&quot;0&quot;,&quot;legendonly&quot;:&quot;&quot;,&quot;readonly&quot;:&quot;&quot;,&quot;score&quot;:&quot;0&quot;,&quot;starsonly&quot;:&quot;&quot;,&quot;best&quot;:&quot;5&quot;,&quot;gap&quot;:&quot;5&quot;,&quot;greet&quot;:&quot;\u0627\u0645\u062a\u06cc\u0627\u0632 \u0634\u0645\u0627 \u0628\u0647 \u0627\u06cc\u0646 \u0645\u0637\u0644\u0628&quot;,&quot;legend&quot;:&quot;0\\\/5 (0 \u0631\u0627\u06cc)&quot;,&quot;size&quot;:&quot;30&quot;,&quot;title&quot;:&quot;Nginx \u0631\u0627 \u0628\u0627 Let\\u0026#039;s Encrypt \u0631\u0648\u0634\u0646 \u06a9\u0646\u06cc\u062f CentOS 7&quot;,&quot;width&quot;:&quot;0&quot;,&quot;_legend&quot;:&quot;{score}\\\/{best} ({count} \u0631\u0627\u06cc)&quot;,&quot;font_factor&quot;:&quot;1.25&quot;}'>\n            \n<div class=\"kksr-stars\">\n    \n<div class=\"kksr-stars-inactive\">\n            <div class=\"kksr-star\" data-star=\"1\" style=\"padding-left: 5px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 30px; height: 30px;\"><\/div>\n        <\/div>\n            <div class=\"kksr-star\" data-star=\"2\" style=\"padding-left: 5px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 30px; height: 30px;\"><\/div>\n        <\/div>\n            <div class=\"kksr-star\" data-star=\"3\" style=\"padding-left: 5px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 30px; height: 30px;\"><\/div>\n        <\/div>\n            <div class=\"kksr-star\" data-star=\"4\" style=\"padding-left: 5px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 30px; height: 30px;\"><\/div>\n        <\/div>\n            <div class=\"kksr-star\" data-star=\"5\" style=\"padding-left: 5px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 30px; height: 30px;\"><\/div>\n        <\/div>\n    <\/div>\n    \n<div class=\"kksr-stars-active\" style=\"width: 0px;\">\n            <div class=\"kksr-star\" style=\"padding-left: 5px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 30px; height: 30px;\"><\/div>\n        <\/div>\n            <div class=\"kksr-star\" style=\"padding-left: 5px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 30px; height: 30px;\"><\/div>\n        <\/div>\n            <div class=\"kksr-star\" style=\"padding-left: 5px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 30px; height: 30px;\"><\/div>\n        <\/div>\n            <div class=\"kksr-star\" style=\"padding-left: 5px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 30px; height: 30px;\"><\/div>\n        <\/div>\n            <div class=\"kksr-star\" style=\"padding-left: 5px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 30px; height: 30px;\"><\/div>\n        <\/div>\n    <\/div>\n<\/div>\n                \n\n<div class=\"kksr-legend\" style=\"font-size: 24px;\">\n            <span class=\"kksr-muted\">\u0627\u0645\u062a\u06cc\u0627\u0632 \u0634\u0645\u0627 \u0628\u0647 \u0627\u06cc\u0646 \u0645\u0637\u0644\u0628<\/span>\n    <\/div>\n    <\/div>\n","protected":false},"excerpt":{"rendered":"<p><span class=\"span-reading-time rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\">\u0632\u0645\u0627\u0646 \u0644\u0627\u0632\u0645 \u0628\u0631\u0627\u06cc \u0645\u0637\u0627\u0644\u0639\u0647: <\/span> <span class=\"rt-time\"> 4<\/span> <span class=\"rt-label rt-postfix\">\u062f\u0642\u06cc\u0642\u0647<\/span><\/span>Let&#8217;s Encrypt \u06cc\u06a9 \u0645\u0631\u062c\u0639 \u06af\u0648\u0627\u0647\u06cc \u0631\u0627\u06cc\u06af\u0627\u0646 \u0648 \u0628\u0627\u0632 \u0627\u0633\u062a \u06a9\u0647 \u062a\u0648\u0633\u0637 \u06af\u0631\u0648\u0647 \u062a\u062d\u0642\u06cc\u0642\u0627\u062a\u06cc \u0627\u0645\u0646\u06cc\u062a \u0627\u06cc\u0646\u062a\u0631\u0646\u062a (ISRG) \u062a\u0648\u0633\u0639\u0647 \u06cc\u0627\u0641\u062a\u0647 \u0627\u0633\u062a. \u0627\u0645\u0631\u0648\u0632\u0647 \u062a\u0642\u0631\u06cc\u0628\u0627\u064b \u0647\u0645\u0647 \u0645\u0631\u0648\u0631\u06af\u0631\u0647\u0627 \u0628\u0647 \u06af\u0648\u0627\u0647\u06cc\u200c\u0647\u0627\u06cc \u0635\u0627\u062f\u0631 \u0634\u062f\u0647 \u062a\u0648\u0633\u0637 Let&#8217;s Encrypt \u0627\u0639\u062a\u0645\u0627\u062f \u062f\u0627\u0631\u0646\u062f. \u062f\u0631 \u0627\u06cc\u0646 \u0622\u0645\u0648\u0632\u0634\u060c \u062f\u0633\u062a\u0648\u0631\u0627\u0644\u0639\u0645\u0644 \u0647\u0627\u06cc \u06af\u0627\u0645 \u0628\u0647 \u06af\u0627\u0645 \u062f\u0631 \u0645\u0648\u0631\u062f \u0631\u0648\u0634 \u0627\u06cc\u0645\u0646 \u0633\u0627\u0632\u06cc Nginx \u062e\u0648\u062f \u0628\u0627 Let&#8217;s Encrypt \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0627\u0628\u0632\u0627\u0631 certbot [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":10280,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[202,95],"tags":[2608,2684,2689,910,2687,918,2534,2607,2529,2539,2688,2685,1868,1845],"class_list":["post-10279","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-os","category-linux","tag-certbot","tag-lemp-stack----centos-7","tag-mariadb----centos-7","tag-nginx","tag-php-7------centos-7","tag-ssl","tag-vps-","tag-2607","tag-2529","tag-2539","tag-------nginx-centos-7","tag---nginx--centos-7","tag--linux","tag-1845"],"acf":[],"_links":{"self":[{"href":"https:\/\/rasanegaar.com\/blog\/wp-json\/wp\/v2\/posts\/10279","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rasanegaar.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rasanegaar.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rasanegaar.com\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/rasanegaar.com\/blog\/wp-json\/wp\/v2\/comments?post=10279"}],"version-history":[{"count":0,"href":"https:\/\/rasanegaar.com\/blog\/wp-json\/wp\/v2\/posts\/10279\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/rasanegaar.com\/blog\/wp-json\/wp\/v2\/media\/10280"}],"wp:attachment":[{"href":"https:\/\/rasanegaar.com\/blog\/wp-json\/wp\/v2\/media?parent=10279"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rasanegaar.com\/blog\/wp-json\/wp\/v2\/categories?post=10279"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rasanegaar.com\/blog\/wp-json\/wp\/v2\/tags?post=10279"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}