CentOS 7 Nginx Let’ s Encrypt SSL 证书安装配置

更新时间:2019-04-29

Let’ s Encrypt 是一个免费的 SSL/TLS 证书发行机构, 证书有效期为90天, 到期前30内可续期, 实现永久免费.

本次安装使用的服务器配置:

  • 1CPU,1G,  优惠码
  • CentOS 7.5
  • nginx 1.15.3

Let’ s Encrypt SSL 证书的的获取并不是像其他网站一样, 在页面上填写资申请证书, 而是需要在域名所在的服务器上安装一个客户端(python写的)去获取证书和续期.

目前 Let’ s Encrypt  支持两种类型的证书,一种是必须显示指定域名的证书,另一种是通配符证书,两种证书的申请方式略有不同。

使用 Certbot 客户端

Certbot 客户端是现在官方推荐的客户端

certbot 官网

客户端安装

运行 certbot,测试程序是否正常。

如果运行正常,将出现类似下面的提示。

如果某些依赖包版本过低或不匹配,则可能会出现类似下面的提示。

根据所缺少的依赖包的不同,提示内容可能不同,使用下面的命令尝试修复。

再次运行 certbot ,程序正常。

一. 申请固定域名证书

安装 nginx

参考《CentOS 7 配置 LNMP + FTP 环境》中的 “安装 nginx”, “配置 Nginx”,“允许通过防火墙” 章节。

获取证书

申请过程中要验证绑定的域名是否属于申请人, 其原理就是申请人在域名所在的服务器上申请证书, 然后 Let’ s Encrypt 会访问绑定的域名与客户端通信成功即可通过.

这 个验证的方法有两种, 一种需要停止当前的 web server 服务, 让出 80 端口, 由客户端内置的 web server 启动与 Let’ s Encrypt 通信. 另一种不需要停止当前 web server , 但需要在域名根目录下创建一个临时目录, 并要保证外网通过域名可以访问这个目录.

执行此命令后会生成证书, 保存在 /etc/letsencrypt/live 中对应的域名目录下面, 其实这里面并不是真正的证书文件,而是通过软连接的形式链到了 /etc/letsencrypt/archive 中对应的域名目录下.

证书自动续期

renew 参数是官方推荐的续期方式, 使用这个参数会遍历 /etc/letsencrypt/live 下所有的证书, 如果证书在可续期的时间范围内(过期前30天内), 就会申请新的证书并替换原有证书, 否则跳过.

设置定时自动续期

可以将 certbot renew 命令加入到 cron 中定时执行

编辑定时任务

我这里设置为每月28号23点执行此脚本. 更新证书后重启 nginx.

或使用官方方法

保存退出

二. 申请通配符证书

申请通配符证书不需要nginx. 但需要验证域名的 dns, 原理就是在域名dns记录中写入一条txt类型的记录。

如果要实现自动化的申请和续期,certbot 所在的服务器必须能够访问域名dns服务,certbot 提供了一些国外的dns服务商的验证组件。国内的阿里云,腾讯云可以使用第三方提供的验证组件,如:https://github.com/ywdblog/certbot-letencrypt-wildcardcertificates-alydns-au

下载此项目源码到指定目录

修改 api 授权 token

这里以阿里云为例,找到 ALY_KEY= 及 ALY_TOKEN= 参数,改为你申请的 key 和 token, 如果申请请参考该组件 github 上的说明。

保存退出。

申请证书,如果想申请通配符证书,除根域名外,最多只能有一个二级域名,且二级为*号

中途需要输入 y 确认, 等待一会就申请成功了。

自动续期

输入以下内容

保存退出

 

三. 扩展部分

配置 Nginx SSL 证书

找到 SSL 证书对应域名的 Server 段, 修改为如下设置(根据自身需求做调整)

保存配置, 重新加载 Nginx 配置或重启.

到这步, Nginx 的 SSL 证书就配置完成了, 打开浏览器访问网站就会启用 https, 看到绿色安全锁的图标.

规范页面中的链接

如果你发现浏览器中的安全锁上带有叹号, 说明页面中引用到了非 https 的链接, 你可能要花上一点时间来修改这些链接, 如果是本站资源, 可以使用相对地址, 如果是外部资源, 要先看外部资源是否支持 https, 如果支持改为 https 地址即可,如果不支持则要想办法替换为 https 资源或将资源保存到本地并使用相对地址.

CentOS 7 Nginx Let’ s Encrypt SSL 证书安装配置》上有14个想法

  1. 你好,博主,我想请教下,为什么我一旦运行./letsencrypt-auto certonly –webroot –renew-by-default –email admin@itnmg.net -w /usr/share/nginx/html -d blog.itnmg.net -d itnmg.net -d http://www.itnmg.net 这条命令时,一直报错
    Failed authorization procedure. ceshi.cssnj.com.cn (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: NXDOMAIN looking up A for ceshi.cssnj.com.cn

    IMPORTANT NOTES:
    – The following errors were reported by the server:

    Domain: ceshi.cssnj.com.cn
    Type: connection
    Detail: DNS problem: NXDOMAIN looking up A for ceshi.cssnj.com.cn

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

    后面的域名,DNS问题出在哪啦?请指导一下,谢谢

  2. 博主您好,我按照你的文章中的方法配置之后,提示不是私密连接是为啥呢,麻烦帮忙看一下!https://www.iwwenbo.com

    • www.iwwenbo.com 使用了无效的安全证书。 该证书仅对 iwwenbo.com 有效。 错误代码: SSL_ERROR_BAD_CERT_DOMAIN
      你申请的证书只对根域名有效. 加了 www 就不行了.

  3. 这个是上面部分,到了Installing Python packages…会卡住几分钟,然后出问题

    Bootstrapping dependencies for RedHat-based OSes…
    yum is /usr/bin/yum
    Loaded plugins: fastestmirror
    Loading mirror speeds from cached hostfile
    * base: centos.mirror.iweb.ca
    * epel: mirrors.kernel.org
    * extras: centos.mirror.iweb.ca
    * updates: centos.mirror.iweb.ca
    Package python-2.7.5-34.el7.x86_64 already installed and latest version
    Package python-devel-2.7.5-34.el7.x86_64 already installed and latest version
    Package python-virtualenv-1.10.1-2.el7.noarch already installed and latest version
    Package python-tools-2.7.5-34.el7.x86_64 already installed and latest version
    Package python-pip-7.1.0-1.el7.noarch already installed and latest version
    Nothing to do
    Loaded plugins: fastestmirror
    Loading mirror speeds from cached hostfile
    * base: centos.mirror.iweb.ca
    * epel: mirror.sfo12.us.leaseweb.net
    * extras: centos.mirror.iweb.ca
    * updates: centos.mirror.iweb.ca
    Package gcc-4.8.5-4.el7.x86_64 already installed and latest version
    Package dialog-1.2-4.20130523.el7.x86_64 already installed and latest version
    Package augeas-libs-1.4.0-2.el7.x86_64 already installed and latest version
    Package 1:openssl-1.0.1e-51.el7_2.4.x86_64 already installed and latest version
    Package 1:openssl-devel-1.0.1e-51.el7_2.4.x86_64 already installed and latest version
    Package libffi-devel-3.0.13-16.el7.x86_64 already installed and latest version
    Package redhat-rpm-config-9.1.0-68.el7.centos.noarch already installed and latest version
    Package ca-certificates-2015.2.6-70.1.el7_2.noarch already installed and latest version
    Nothing to do
    Checking for new version…
    Creating virtual environment…
    Installing Python packages…

  4. 你好,我在运行./letsencrypt-auto –help的时候出了问题,最下面我更新了pip,还是会有版本提示,这是什么原因呢,我是在root目录下拉的letsencrypt
    Installing Python packages…
    Had a problem while installing Python packages:
    Collecting argparse==1.4.0 (from -r /tmp/tmp.q0RJfFNDgB/letsencrypt-auto-requirements.txt (line 5))
    Downloading argparse-1.4.0-py2.py3-none-any.whl
    Collecting pycparser==2.14 (from -r /tmp/tmp.q0RJfFNDgB/letsencrypt-auto-requirements.txt (line 11))
    Downloading pycparser-2.14.tar.gz (223kB)
    Collecting cffi==1.4.2 (from -r /tmp/tmp.q0RJfFNDgB/letsencrypt-auto-requirements.txt (line 14))
    Downloading cffi-1.4.2.tar.gz (365kB)
    Collecting ConfigArgParse==0.10.0 (from -r /tmp/tmp.q0RJfFNDgB/letsencrypt-auto-requirements.txt (line 31))
    Downloading ConfigArgParse-0.10.0.tar.gz
    Collecting configobj==5.0.6 (from -r /tmp/tmp.q0RJfFNDgB/letsencrypt-auto-requirements.txt (line 33))
    Downloading configobj-5.0.6.tar.gz
    Collecting cryptography==1.2.3 (from -r /tmp/tmp.q0RJfFNDgB/letsencrypt-auto-requirements.txt (line 35))
    Downloading cryptography-1.2.3.tar.gz (373kB)
    Collecting enum34==1.1.2 (from -r /tmp/tmp.q0RJfFNDgB/letsencrypt-auto-requirements.txt (line 57))
    Downloading enum34-1.1.2.tar.gz (46kB)
    Collecting funcsigs==0.4 (from -r /tmp/tmp.q0RJfFNDgB/letsencrypt-auto-requirements.txt (line 60))
    Downloading funcsigs-0.4-py2.py3-none-any.whl
    Collecting idna==2.0 (from -r /tmp/tmp.q0RJfFNDgB/letsencrypt-auto-requirements.txt (line 63))
    Downloading idna-2.0-py2.py3-none-any.whl (61kB)
    Collecting ipaddress==1.0.16 (from -r /tmp/tmp.q0RJfFNDgB/letsencrypt-auto-requirements.txt (line 66))
    Downloading ipaddress-1.0.16-py27-none-any.whl
    Collecting linecache2==1.0.0 (from -r /tmp/tmp.q0RJfFNDgB/letsencrypt-auto-requirements.txt (line 69))
    Downloading linecache2-1.0.0-py2.py3-none-any.whl
    Collecting ndg-httpsclient==0.4.0 (from -r /tmp/tmp.q0RJfFNDgB/letsencrypt-auto-requirements.txt (line 72))
    Downloading ndg_httpsclient-0.4.0.tar.gz
    Collecting ordereddict==1.1 (from -r /tmp/tmp.q0RJfFNDgB/letsencrypt-auto-requirements.txt (line 74))
    Downloading ordereddict-1.1.tar.gz
    Collecting parsedatetime==2.1 (from -r /tmp/tmp.q0RJfFNDgB/letsencrypt-auto-requirements.txt (line 76))
    Downloading parsedatetime-2.1-py2-none-any.whl
    Collecting pbr==1.8.1 (from -r /tmp/tmp.q0RJfFNDgB/letsencrypt-auto-requirements.txt (line 79))
    Downloading pbr-1.8.1-py2.py3-none-any.whl (89kB)
    Collecting psutil==3.3.0 (from -r /tmp/tmp.q0RJfFNDgB/letsencrypt-auto-requirements.txt (line 82))
    Downloading psutil-3.3.0.tar.gz (261kB)
    Collecting pyasn1==0.1.9 (from -r /tmp/tmp.q0RJfFNDgB/letsencrypt-auto-requirements.txt (line 104))
    Downloading pyasn1-0.1.9-py2.py3-none-any.whl
    Collecting pyOpenSSL==0.15.1 (from -r /tmp/tmp.q0RJfFNDgB/letsencrypt-auto-requirements.txt (line 116))
    Downloading pyOpenSSL-0.15.1-py2.py3-none-any.whl (102kB)
    Collecting pyRFC3339==1.0 (from -r /tmp/tmp.q0RJfFNDgB/letsencrypt-auto-requirements.txt (line 119))
    Downloading pyRFC3339-1.0-py2.py3-none-any.whl
    Collecting python-augeas==0.5.0 (from -r /tmp/tmp.q0RJfFNDgB/letsencrypt-auto-requirements.txt (line 122))
    Downloading python-augeas-0.5.0.tar.gz (90kB)
    Collecting python2-pythondialog==3.3.0 (from -r /tmp/tmp.q0RJfFNDgB/letsencrypt-auto-requirements.txt (line 124))
    Downloading python2-pythondialog-3.3.0.tar.bz2 (1.8MB)
    Collecting pytz==2015.7 (from -r /tmp/tmp.q0RJfFNDgB/letsencrypt-auto-requirements.txt (line 127))
    Downloading pytz-2015.7-py2.py3-none-any.whl (476kB)
    Collecting requests==2.9.1 (from -r /tmp/tmp.q0RJfFNDgB/letsencrypt-auto-requirements.txt (line 141))
    Downloading requests-2.9.1-py2.py3-none-any.whl (501kB)
    Collecting six==1.10.0 (from -r /tmp/tmp.q0RJfFNDgB/letsencrypt-auto-requirements.txt (line 144))
    Downloading six-1.10.0-py2.py3-none-any.whl
    Collecting traceback2==1.4.0 (from -r /tmp/tmp.q0RJfFNDgB/letsencrypt-auto-requirements.txt (line 147))
    Downloading traceback2-1.4.0-py2.py3-none-any.whl
    Collecting unittest2==1.1.0 (from -r /tmp/tmp.q0RJfFNDgB/letsencrypt-auto-requirements.txt (line 150))
    Downloading unittest2-1.1.0-py2.py3-none-any.whl (96kB)
    Collecting zope.component==4.2.2 (from -r /tmp/tmp.q0RJfFNDgB/letsencrypt-auto-requirements.txt (line 153))
    Downloading zope.component-4.2.2.tar.gz (546kB)
    Collecting zope.event==4.1.0 (from -r /tmp/tmp.q0RJfFNDgB/letsencrypt-auto-requirements.txt (line 155))
    Downloading zope.event-4.1.0.tar.gz (476kB)
    Collecting zope.interface==4.1.3 (from -r /tmp/tmp.q0RJfFNDgB/letsencrypt-auto-requirements.txt (line 157))
    Downloading zope.interface-4.1.3.tar.gz (141kB)
    Collecting mock==1.0.1 (from -r /tmp/tmp.q0RJfFNDgB/letsencrypt-auto-requirements.txt (line 175))
    Downloading mock-1.0.1.zip (861kB)
    Collecting acme==0.5.0 (from -r /tmp/tmp.q0RJfFNDgB/letsencrypt-auto-requirements.txt (line 181))
    Downloading acme-0.5.0-py2.py3-none-any.whl (91kB)
    Collecting letsencrypt==0.5.0 (from -r /tmp/tmp.q0RJfFNDgB/letsencrypt-auto-requirements.txt (line 184))
    Downloading letsencrypt-0.5.0-py2-none-any.whl (208kB)
    Collecting letsencrypt-apache==0.5.0 (from -r /tmp/tmp.q0RJfFNDgB/letsencrypt-auto-requirements.txt (line 187))
    Downloading letsencrypt_apache-0.5.0-py2-none-any.whl (100kB)
    Requirement already satisfied (use –upgrade to upgrade): setuptools>=1.0 in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from cryptography==1.2.3->-r /tmp/tmp.q0RJfFNDgB/letsencrypt-auto-requirements.txt (line 35))
    Installing collected packages: argparse, pycparser, cffi, ConfigArgParse, six, configobj, idna, pyasn1, enum34, ipaddress, cryptography, funcsigs, linecache2, pyOpenSSL, ndg-httpsclient, ordereddict, parsedatetime, pbr, psutil, pytz, pyRFC3339, python-augeas, python2-pythondialog, requests, traceback2, unittest2, zope.interface, zope.event, zope.component, mock, acme, letsencrypt, letsencrypt-apache
    Running setup.py install for pycparser: started
    Running setup.py install for pycparser: finished with status ‘done’
    Running setup.py install for cffi: started
    Running setup.py install for cffi: finished with status ‘done’
    Running setup.py install for ConfigArgParse: started
    Running setup.py install for ConfigArgParse: finished with status ‘done’
    Running setup.py install for configobj: started
    Running setup.py install for configobj: finished with status ‘done’
    Running setup.py install for enum34: started
    Running setup.py install for enum34: finished with status ‘done’
    Running setup.py install for cryptography: started
    Running setup.py install for cryptography: still running…
    Running setup.py install for cryptography: finished with status ‘error’
    Complete output from command /root/.local/share/letsencrypt/bin/python2.7 -u -c “import setuptools, tokenize;__file__=’/tmp/pip-build-uYHFZD/cryptography/setup.py’;exec(compile(getattr(tokenize, ‘open’, open)(__file__).read().replace(‘rn’, ‘n’), __file__, ‘exec’))” install –record /tmp/pip-mldWY_-record/install-record.txt –single-version-externally-managed –compile –install-headers /root/.local/share/letsencrypt/include/site/python2.7/cryptography:
    running install
    running build
    running build_py
    creating build
    creating build/lib.linux-x86_64-2.7
    creating build/lib.linux-x86_64-2.7/cryptography
    copying src/cryptography/__init__.py -> build/lib.linux-x86_64-2.7/cryptography
    copying src/cryptography/__about__.py -> build/lib.linux-x86_64-2.7/cryptography
    copying src/cryptography/fernet.py -> build/lib.linux-x86_64-2.7/cryptography
    copying src/cryptography/exceptions.py -> build/lib.linux-x86_64-2.7/cryptography
    copying src/cryptography/utils.py -> build/lib.linux-x86_64-2.7/cryptography
    creating build/lib.linux-x86_64-2.7/cryptography/x509
    copying src/cryptography/x509/__init__.py -> build/lib.linux-x86_64-2.7/cryptography/x509
    copying src/cryptography/x509/name.py -> build/lib.linux-x86_64-2.7/cryptography/x509
    copying src/cryptography/x509/general_name.py -> build/lib.linux-x86_64-2.7/cryptography/x509
    copying src/cryptography/x509/base.py -> build/lib.linux-x86_64-2.7/cryptography/x509
    copying src/cryptography/x509/extensions.py -> build/lib.linux-x86_64-2.7/cryptography/x509
    copying src/cryptography/x509/oid.py -> build/lib.linux-x86_64-2.7/cryptography/x509
    creating build/lib.linux-x86_64-2.7/cryptography/hazmat
    copying src/cryptography/hazmat/__init__.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat
    creating build/lib.linux-x86_64-2.7/cryptography/hazmat/backends
    copying src/cryptography/hazmat/backends/multibackend.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends
    copying src/cryptography/hazmat/backends/__init__.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends
    copying src/cryptography/hazmat/backends/interfaces.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends
    creating build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives
    copying src/cryptography/hazmat/primitives/keywrap.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives
    copying src/cryptography/hazmat/primitives/__init__.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives
    copying src/cryptography/hazmat/primitives/cmac.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives
    copying src/cryptography/hazmat/primitives/hashes.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives
    copying src/cryptography/hazmat/primitives/constant_time.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives
    copying src/cryptography/hazmat/primitives/hmac.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives
    copying src/cryptography/hazmat/primitives/serialization.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives
    copying src/cryptography/hazmat/primitives/padding.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives
    creating build/lib.linux-x86_64-2.7/cryptography/hazmat/bindings
    copying src/cryptography/hazmat/bindings/__init__.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/bindings
    creating build/lib.linux-x86_64-2.7/cryptography/hazmat/backends/openssl
    copying src/cryptography/hazmat/backends/openssl/ciphers.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends/openssl
    copying src/cryptography/hazmat/backends/openssl/__init__.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends/openssl
    copying src/cryptography/hazmat/backends/openssl/cmac.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends/openssl
    copying src/cryptography/hazmat/backends/openssl/hashes.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends/openssl
    copying src/cryptography/hazmat/backends/openssl/x509.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends/openssl
    copying src/cryptography/hazmat/backends/openssl/dsa.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends/openssl
    copying src/cryptography/hazmat/backends/openssl/hmac.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends/openssl
    copying src/cryptography/hazmat/backends/openssl/ec.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends/openssl
    copying src/cryptography/hazmat/backends/openssl/backend.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends/openssl
    copying src/cryptography/hazmat/backends/openssl/rsa.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends/openssl
    copying src/cryptography/hazmat/backends/openssl/utils.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends/openssl
    creating build/lib.linux-x86_64-2.7/cryptography/hazmat/backends/commoncrypto
    copying src/cryptography/hazmat/backends/commoncrypto/ciphers.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends/commoncrypto
    copying src/cryptography/hazmat/backends/commoncrypto/__init__.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends/commoncrypto
    copying src/cryptography/hazmat/backends/commoncrypto/hashes.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends/commoncrypto
    copying src/cryptography/hazmat/backends/commoncrypto/hmac.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends/commoncrypto
    copying src/cryptography/hazmat/backends/commoncrypto/backend.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends/commoncrypto
    creating build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/twofactor
    copying src/cryptography/hazmat/primitives/twofactor/__init__.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/twofactor
    copying src/cryptography/hazmat/primitives/twofactor/totp.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/twofactor
    copying src/cryptography/hazmat/primitives/twofactor/utils.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/twofactor
    copying src/cryptography/hazmat/primitives/twofactor/hotp.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/twofactor
    creating build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/asymmetric
    copying src/cryptography/hazmat/primitives/asymmetric/__init__.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/asymmetric
    copying src/cryptography/hazmat/primitives/asymmetric/dsa.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/asymmetric
    copying src/cryptography/hazmat/primitives/asymmetric/dh.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/asymmetric
    copying src/cryptography/hazmat/primitives/asymmetric/ec.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/asymmetric
    copying src/cryptography/hazmat/primitives/asymmetric/padding.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/asymmetric
    copying src/cryptography/hazmat/primitives/asymmetric/rsa.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/asymmetric
    copying src/cryptography/hazmat/primitives/asymmetric/utils.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/asymmetric
    creating build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/kdf
    copying src/cryptography/hazmat/primitives/kdf/__init__.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/kdf
    copying src/cryptography/hazmat/primitives/kdf/x963kdf.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/kdf
    copying src/cryptography/hazmat/primitives/kdf/concatkdf.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/kdf
    copying src/cryptography/hazmat/primitives/kdf/hkdf.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/kdf
    copying src/cryptography/hazmat/primitives/kdf/pbkdf2.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/kdf
    creating build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/ciphers
    copying src/cryptography/hazmat/primitives/ciphers/__init__.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/ciphers
    copying src/cryptography/hazmat/primitives/ciphers/algorithms.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/ciphers
    copying src/cryptography/hazmat/primitives/ciphers/modes.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/ciphers
    copying src/cryptography/hazmat/primitives/ciphers/base.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/ciphers
    creating build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/interfaces
    copying src/cryptography/hazmat/primitives/interfaces/__init__.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/interfaces
    creating build/lib.linux-x86_64-2.7/cryptography/hazmat/bindings/openssl
    copying src/cryptography/hazmat/bindings/openssl/__init__.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/bindings/openssl
    copying src/cryptography/hazmat/bindings/openssl/_conditional.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/bindings/openssl
    copying src/cryptography/hazmat/bindings/openssl/binding.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/bindings/openssl
    creating build/lib.linux-x86_64-2.7/cryptography/hazmat/bindings/commoncrypto
    copying src/cryptography/hazmat/bindings/commoncrypto/__init__.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/bindings/commoncrypto
    copying src/cryptography/hazmat/bindings/commoncrypto/binding.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/bindings/commoncrypto
    running egg_info
    writing requirements to src/cryptography.egg-info/requires.txt
    writing src/cryptography.egg-info/PKG-INFO
    writing top-level names to src/cryptography.egg-info/top_level.txt
    writing dependency_links to src/cryptography.egg-info/dependency_links.txt
    writing entry points to src/cryptography.egg-info/entry_points.txt
    warning: manifest_maker: standard file ‘-c’ not found

    reading manifest file ‘src/cryptography.egg-info/SOURCES.txt’
    reading manifest template ‘MANIFEST.in’
    no previously-included directories found matching ‘docs/_build’
    warning: no previously-included files matching ‘*’ found under directory ‘vectors’
    writing manifest file ‘src/cryptography.egg-info/SOURCES.txt’
    running build_ext
    generating cffi module ‘build/temp.linux-x86_64-2.7/_padding.c’
    creating build/temp.linux-x86_64-2.7
    generating cffi module ‘build/temp.linux-x86_64-2.7/_constant_time.c’
    generating cffi module ‘build/temp.linux-x86_64-2.7/_openssl.c’
    building ‘_openssl’ extension
    creating build/temp.linux-x86_64-2.7/build
    creating build/temp.linux-x86_64-2.7/build/temp.linux-x86_64-2.7
    gcc -pthread -fno-strict-aliasing -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong –param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -D_GNU_SOURCE -fPIC -fwrapv -DNDEBUG -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong –param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -D_GNU_SOURCE -fPIC -fwrapv -fPIC -I/usr/include/python2.7 -c build/temp.linux-x86_64-2.7/_openssl.c -o build/temp.linux-x86_64-2.7/build/temp.linux-x86_64-2.7/_openssl.o
    {standard input}: Assembler messages:
    {standard input}:107153: Warning: partial line at end of file ignored
    {standard input}: Error: open CFI at the end of file; missing .cfi_endproc directive
    gcc: internal compiler error: Killed (program cc1)
    Please submit a full bug report,
    with preprocessed source if appropriate.
    See for instructions.
    error: command ‘gcc’ failed with exit status 4

    —————————————-
    Command “/root/.local/share/letsencrypt/bin/python2.7 -u -c “import setuptools, tokenize;__file__=’/tmp/pip-build-uYHFZD/cryptography/setup.py’;exec(compile(getattr(tokenize, ‘open’, open)(__file__).read().replace(‘rn’, ‘n’), __file__, ‘exec’))” install –record /tmp/pip-mldWY_-record/install-record.txt –single-version-externally-managed –compile –install-headers /root/.local/share/letsencrypt/include/site/python2.7/cryptography” failed with error code 1 in /tmp/pip-build-uYHFZD/cryptography
    You are using pip version 8.0.3, however version 8.1.1 is available.
    You should consider upgrading via the ‘pip install –upgrade pip’ command.

发表回复

您的电子邮箱地址不会被公开。 必填项已用*标注

验证码