分类 Linux 下的文章

Let's Encrypt_openssl.so: undefined symbol: OPENSSL_sk_num错误解决

Let's Encrypt会自动安装在用户宿主目录~/.local/下,今天在续期证书时报错:

Creating virtual environment...
Installing Python packages...
Installation succeeded.
Traceback (most recent call last):
  File "/root/.local/share/letsencrypt/bin/letsencrypt", line 7, in <module>
    from certbot.main import main
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/main.py", line 13, in <module>
    from acme import jose
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/acme/jose/__init__.py", line 37, in <module>
    from acme.jose.interfaces import JSONDeSerializable
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/acme/jose/interfaces.py", line 9, in <module>
    from acme.jose import util
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/acme/jose/util.py", line 5, in <module>
    import OpenSSL
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/OpenSSL/__init__.py", line 8, in <module>
    from OpenSSL import rand, crypto, SSL
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/OpenSSL/rand.py", line 12, in <module>
    from OpenSSL._util import (
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/OpenSSL/_util.py", line 6, in <module>
    from cryptography.hazmat.bindings.openssl.binding import Binding
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 14, in <module>
    from cryptography.hazmat.bindings._openssl import ffi, lib
ImportError: /root/.local/share/letsencrypt/lib/python2.7/site-packages/cryptography/hazmat/bindings/_openssl.so: undefined symbol: OPENSSL_sk_num

原因是pip编译安装相应模块时调用到系统的openssl库,而系统openssl不支持OPENSSL_sk_num

由于我之前已经编译过新版的openssl放在/usr/local/openssl下,将第一步自动安装上的openssl-devel包删除,然后pip重新安装cryptographypyopenssl即可。注意:需先清除安装缓存目录,否则安装时不会重新编译。

yum remove openssl-devel
cd ~/.local/share/letsencrypt/bin/
pip uninstall cryptography pyopenssl -y
pip install --upgrade pip
rm -rf ~/.cache/
pip install cryptography pyopenssl
ldd ~/.local/share/letsencrypt/lib/python2.7/site-packages/cryptography/hazmat/bindings/_openssl.so

此时已经链接到编译的openssl库上,这样再执行命令便不会报错。

免费SSL安全证书Let's Encrypt(certbot)安装使用教程

Let's Encrypt是很火的一个免费SSL证书发行项目,自动化发行证书,证书有90天的有效期。适合个人使用或者临时使用,不用再忍受自签发证书不受浏览器信赖的提示。去年二蛋曾经记录过Let's Encrypt的使用教程,但是Let's Encrypt已经发布了新的工具certbot,虽然是新工具,但是生成证书的使用方法和参数是基本一致的,证书续期更简单了。但是目前看certbot在一些老版本的Linux发行版上的兼容性还是有问题的,特别是在CentOS 5上,因为python版本过低是无法使用的,CentOS 6上需要先安装epel才行。

安装方法:

如果是CentOS 6、7,先执行:

yum install epel-release
cd /root
wget https://dl.eff.org/certbot-auto --no-check-certificate
chmod +x ./certbot-auto
./certbot-auto -n

./certbot-auto -n只是用来安装依赖包的,也可以跳过直接到下面的生成证书的步骤,国内VPS或服务器上使用的话建议先修改为国内的pip源。

单域名生成证书:

./certbot-auto certonly --email admin@2dan.cc --agree-tos --webroot -w /home/wwwroot/www.2dan.cc -d www.2dan.cc

多域名单目录生成单证书:(一个网站多个域名使用同一个证书)

./certbot-auto certonly --email admin@2dan.cc --agree-tos --webroot -w /home/wwwroot/www.2dan.cc -d www.2dan.cc -d 2dan.cc

多域名多目录生成多个证书:(一次生成多个域名的多个证书)

./certbot-auto certonly --email admin@2dan.cc --agree-tos --webroot -w /home/wwwroot/www.2dan.cc -d www.2dan.cc -d 2dan.cc -w /home/wwwroot/www.caibaoz.com -d www.caibaoz.com -d caibaoz.com

- 阅读剩余部分 -

免费SSL安全证书Let's Encrypt安装使用及Nginx配置

letsencrypt.png
Let's Encrypt CA 项目由非赢利组织 Internet Security Research Group (ISRG) 运营,由Mozilla、思科、Akamai、IdenTrust、EFF 和密歇根大学等组织发起,向网站自动签发和管理免费SSL证书,以加速互联网从 HTTP 向 HTTPS 过渡。

Let's Encrypt 官方网站:https://letsencrypt.org/
Let's Encrypt 项目主页:https://github.com/letsencrypt/letsencrypt

1、安装Let's Encrypt脚本依赖环境

# CentOS 6
yum install centos-release-SCL && yum update
yum install python27
scl enable python27 bash
yum install python27-python-devel python27-python-setuptools python27-python-tools python27-python-virtualenv
yum install augeas-libs dialog gcc libffi-devel openssl-devel python-devel
yum install python-argparse

# CentOS 7
yum install -y git python27
yum install -y augeas-libs dialog gcc libffi-devel openssl-devel python-devel
yum install python-argparse

2、获取Let's Encrypt并生成SSL证书

yum install git-core
git clone https://github.com/letsencrypt/letsencrypt.git
cd letsencrypt
./letsencrypt-auto certonly --email admin@2dan.cc -d www.2dan.cc --webroot -w /home/html --agree-tos

如果多个域名可以加多个-d 域名



- 阅读剩余部分 -

网络和IO测试 bench 一键脚本

代码放在 Github

https://raw.githubusercontent.com/teddysun/across/master/bench.sh

使用时直接执行下面的命令即可

wget -qO- bench.sh | bash

注:bench.sh 其实是一个域名,这个域名 301 到真正的脚本,脚本名就叫 bench.sh

VirtualBox中安装CentOS最小化版后的网络设置

目标:将VirtualBox中安装的CentOS最小化版设置为和主机在同一网段以实现互访
虚拟机网络设置如下图:
1.jpg
2.jpg

编辑 /etc/sysconfig/network-scripts/ifcfg-eth0 文件

ONBOOT=no
NM_CONTROLLED=yes

修改为

ONBOOT=yes
NM_CONTROLLED=no

复制网卡eth0配置文件

cd /etc/sysconfig/network-scripts/
cp ifcfg-eth0 ifcfg-eth1

然后编辑 ifcfg-eth1

DEVICE=eth1
HWADDR=08:00:27:78:26:6C
TYPE=Ethernet
UUID=3e312ec8-f00a-4004-a89f-367105f7e132
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=static
IPADDR=192.168.1.11
NETMASK=255.255.255.0
GATEWAY=192.168.1.1

保存退出并重启网络服务:

service network restart

至此,目标实现!