1、安装yum插件:

yum install yum-security

2、检查安全更新

yum --security check-update

3、只安装安全更新

yum update --security

4、检查特定软件有无安全更新

yum list-security software_name

5、列出更新的详细信息

yum info-security software_name

Let's Encrypt会自动安装在用户宿主目录~/.local/下，今天在续期证书时报错：

Creating virtual environment...
Installing Python packages...
Installation succeeded.
Traceback (most recent call last):
  File "/root/.local/share/letsencrypt/bin/letsencrypt", line 7, in <module>
    from certbot.main import main
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/main.py", line 13, in <module>
    from acme import jose
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/acme/jose/__init__.py", line 37, in <module>
    from acme.jose.interfaces import JSONDeSerializable
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/acme/jose/interfaces.py", line 9, in <module>
    from acme.jose import util
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/acme/jose/util.py", line 5, in <module>
    import OpenSSL
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/OpenSSL/__init__.py", line 8, in <module>
    from OpenSSL import rand, crypto, SSL
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/OpenSSL/rand.py", line 12, in <module>
    from OpenSSL._util import (
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/OpenSSL/_util.py", line 6, in <module>
    from cryptography.hazmat.bindings.openssl.binding import Binding
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 14, in <module>
    from cryptography.hazmat.bindings._openssl import ffi, lib
ImportError: /root/.local/share/letsencrypt/lib/python2.7/site-packages/cryptography/hazmat/bindings/_openssl.so: undefined symbol: OPENSSL_sk_num

原因是pip编译安装相应模块时调用到系统的openssl库，而系统openssl不支持OPENSSL_sk_num

由于我之前已经编译过新版的openssl放在/usr/local/openssl下，将第一步自动安装上的openssl-devel包删除，然后pip重新安装cryptography、pyopenssl即可。注意：需先清除安装缓存目录，否则安装时不会重新编译。

yum remove openssl-devel
cd ~/.local/share/letsencrypt/bin/
pip uninstall cryptography pyopenssl -y
pip install --upgrade pip
rm -rf ~/.cache/
pip install cryptography pyopenssl
ldd ~/.local/share/letsencrypt/lib/python2.7/site-packages/cryptography/hazmat/bindings/_openssl.so

此时已经链接到编译的openssl库上，这样再执行命令便不会报错。

Let's Encrypt是很火的一个免费SSL证书发行项目，自动化发行证书，证书有90天的有效期。适合个人使用或者临时使用，不用再忍受自签发证书不受浏览器信赖的提示。去年二蛋曾经记录过Let's Encrypt的使用教程，但是Let's Encrypt已经发布了新的工具certbot，虽然是新工具，但是生成证书的使用方法和参数是基本一致的，证书续期更简单了。但是目前看certbot在一些老版本的Linux发行版上的兼容性还是有问题的，特别是在CentOS 5上,因为python版本过低是无法使用的，CentOS 6上需要先安装epel才行。

安装方法：

如果是CentOS 6、7，先执行：

yum install epel-release
cd /root
wget https://dl.eff.org/certbot-auto --no-check-certificate
chmod +x ./certbot-auto
./certbot-auto -n

./certbot-auto -n只是用来安装依赖包的，也可以跳过直接到下面的生成证书的步骤，国内VPS或服务器上使用的话建议先修改为国内的pip源。

单域名生成证书：

./certbot-auto certonly --email [email protected] --agree-tos --webroot -w /home/wwwroot/www.2dan.cc -d www.2dan.cc

多域名单目录生成单证书：(一个网站多个域名使用同一个证书)

./certbot-auto certonly --email [email protected] --agree-tos --webroot -w /home/wwwroot/www.2dan.cc -d www.2dan.cc -d 2dan.cc

多域名多目录生成多个证书：(一次生成多个域名的多个证书)

./certbot-auto certonly --email [email protected] --agree-tos --webroot -w /home/wwwroot/www.2dan.cc -d www.2dan.cc -d 2dan.cc -w /home/wwwroot/www.caibaoz.com -d www.caibaoz.com -d caibaoz.com

- 阅读剩余部分 -

nginx 安装目录 /usr/local/nginx/sbin/nginx

在用户目录下 touch .bash_profile ，添加PATH：

PATH=$PATH:/usr/local/nginx/sbin
export PATH

刷新 source .bash_profile

此时 which nginx 可以输出正确的路径。

<span class="ratbar">
<span style="width:{$ppvod['vod_gold']*10}%;" class="ratbar-item">&nbsp;</span>
</span>
<strong class="ratbar-num">{$ppvod.vod_gold}</strong>

CSS

.ratbar{width:60px;height:12px;overflow:hidden;display:block;text-indent:-999px;float:left;margin:4px 5px 0 0;background:url(star-min.gif) 0 -20px no-repeat}
.ratbar-item{width:60px;height:12px;overflow:hidden;display:block;text-indent:-999px;float:left;background:url(star-min.gif) 0 0 no-repeat}
.ratbar-num{color:#f30;font-weight:normal}