blog升级https访问

blog很久没更新维护了,最近http频繁提示不安全,索性升一下https。

这里记录一下流程,不得不说,以前频繁需要去找搜索引擎的,现在一个AI就能彻底解决这些问题,极大提升了运维的效率。

之前因为一些error一直没解决,这次也彻底解决了这些错误。

dpkg: error processing package python3-parsedatetime (--configure):
 dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of python3-rfc3339:No apport report written because MaxReports is reached already
            No apport report written because MaxReports is reached already

 python3-rfc3339 depends on python3-tz; however:
  Package python3-tz is not configured yet.

dpkg: error processing package python3-rfc3339 (--configure):
 dependency problems - leaving unconfigured
Errors were encountered while processing:
 python3-requests-toolbelt
 python3-pbr
 python3-mock
 python3-zope.event
 python3-zope.component
 python3-pyparsing
 python3-configargparse
 python3-zope.hookable
 python3-future
 python3-josepy
 python3-tz
 python3-acme
 python3-parsedatetime
 python3-rfc3339
E: Sub-process /usr/bin/dpkg returned an error code (1)

备份并移除现有的 py3compile

sudo mv /usr/bin/py3compile /usr/bin/py3compile.bak  # 备份
sudo ln -sf /usr/bin/python3 /usr/bin/py3compile     # 强制创建新链接

修复 Python 环境

sudo apt install --reinstall python3-minimal python3-pkg-resources

强制重新配置所有未完成的包

sudo dpkg --configure -a

清理并重新安装问题包

sudo apt purge \
python3-requests-toolbelt \
python3-pbr \
python3-mock \
python3-zope.{event,component,hookable} \
python3-{pyparsing,configargparse,future,josepy,tz,acme,parsedatetime,rfc3339}

sudo apt autoremove
sudo apt clean
sudo apt update
sudo apt install -f

使用 aptitude 解决复杂依赖(如果 apt 仍然失败):

sudo apt install aptitude
sudo aptitude install python3-pbr

最后安装 Certbot

sudo snap install --classic certbot
sudo ln -sf /snap/bin/certbot /usr/bin/certbot

验证了下,没问题了。

获取 SSL 证书

sudo certbot –nginx -d wutongyu.info -d wutongyu.info

然后输入自己接受证书到期的提醒邮箱等信息

最后提示配置成功

最后不要忘记配置自动续期证书有效期。

sudo certbot renew --renew-hook "systemctl reload nginx"

或直接在/etc/letsencrypt/renewal-hooks/post/目录下添加脚本

sudo vim /etc/letsencrypt/renewal-hooks/post/restart-nginx.sh

写入:

#!/bin/bash
systemctl reload nginx

赋予执行权限:

sudo chmod +x /etc/letsencrypt/renewal-hooks/post/restart-nginx.sh

测试自动更新 运行以下命令模拟续期测试:

sudo certbot renew --dry-run

发表回复

您的邮箱地址不会被公开。 必填项已用 * 标注