[TIL] Concert, Let’s Encrypt 证书生成工具


setup go enviroment

root@lxneng:~# aria2c https://storage.googleapis.com/golang/go1.7.linux-amd64.tar.gz
root@lxneng:~# tar zxvf go1.7.linux-amd64.tar.gz
root@lxneng:~# mv go /usr/local

root@lxneng:~# vim .bashrc

    export GOPATH=~/gocode
    export PATH=$GOPTH/bin:/usr/local/go/bin:$PATH

root@lxneng:~# source .bashrc

# test env
root@lxneng:~# mkdir -p gocode/src/hello
root@lxneng:~# vi gocode/src/hello/hello.go

    package main

    import "fmt"

    func main() {
        fmt.Printf("hello, world\n")

root@lxneng:~# go install hello
root@lxneng:~# $GOPATH/bin/hello
hello, world

install concert

root@lxneng:~# go get -u github.com/minio/concert

concert usage


root@lxneng:~# sudo $GOPATH/bin/concert gen admint@lxneng.com lxneng.com
2016/09/07 11:14:51 Generated certificates for lxneng.com under certs will expire in 89 days.


root@lxneng:~# sudo $GOPATH/bin/concert renew admint@lxneng.com
2016/09/07 11:16:52 Keys have not expired yet, please renew in 89 days.

auto renew once in every 45 days.

root@lxneng:~# sudo $GOPATH/bin/concert server admint@lxneng.com lxneng.com
2016/09/07 11:18:06 Starting timer thread waiting for 45

config nginx

upstream lxneng {
    listen 443 ssl;
    ssl_certificate /root/certs/public.crt;
    ssl_certificate_key /root/certs/private.key;

    server_name lxneng.com;
    location / {
        root /var/www/lxneng.com/src/lxneng/static;
        try_files $uri $uri @wsgiapp;

    location @wsgiapp {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_redirect off;
        proxy_pass   http://lxneng;
server {
    listen       80;
    server_name  www.lxneng.com lxneng.com;
    rewrite ^ https://lxneng.com$request_uri? permanent;


This entry was tagged SSL and Devlog

comments powered by Disqus

© 2009-2013 lxneng.com. All rights reserved. Powered by Pyramid

go to Top