记-一次windows服务tomcat服务器ssl签发证书之路

## 操作记录：

certbot，用于申请ssl证书和自动续期
网站：[https://certbot.eff.org](https://certbot.eff.org/)

openssl，用于pem证书类型的转换
网站：[https://slproweb.com/products/Win32OpenSSL.html](https://slproweb.com/products/Win32OpenSSL.html)

### **使用certbot申请ssl证书**

```bash
certbot certonly --webroot -w D:\apache-tomcat-8.5.94\webapps\ROOT -d www.xxxx.com
```

### **生成路径：**

```bash
Saving debug log to C:\Certbot\log\letsencrypt.log
Requesting a certificate for www.sdxyjq.com

Successfully received certificate.
Certificate is saved at: C:\Certbot\live\www.xxxx.com-0002\fullchain.pem
Key is saved at:         C:\Certbot\live\www.xxxx.com-0002\privkey.pem
This certificate expires on 2025-02-11.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

---

If you like Certbot, please consider supporting our work by:

* Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
* Donating to EFF:                    https://eff.org/donate-le

---
```

### **证书转换并导出到相应路径**

```bash
openssl pkcs12 -export -out D:\apache-tomcat-8.5.94\conf\cert\www.xxxx.com.pfx  -inkey C:\Certbot\live\www.xxxx.com-0002\privkey.pem -in C:\Certbot\live\www.xxxx.com-0002\fullchain.pem -name tomcat
```

设置密码(默认使用原密码)：xxxx

### **重启tomcat**

D:\apache-tomcat-8.5.94\bin 路径内
关闭`shutdown.bat`

打开`startup.bat`

**注意：** 这里有个小tips，运行这俩bat的时候必须去那个bin路径下面运行，别整花活，什么快捷方式和命令行，这样会无法检查到那些东西的。。。这玩意只会检查当前运行目录下的东西。

## 自动续订脚本

### **创建文件renew_certificates.bat**

```bash
@echo off
cd C:\Certbot
certbot renew >> C:\Users\Administrator\Desktop\续订日志.log 2>&1
```

### **配置windows任务**

win+r输入taskschd.msc，打开任务并设置添加ssl自动续订的任务，在每月的1号检查并续订ssl

## 操作记录：

certbot，用于申请ssl证书和自动续期
网站：[https://certbot.eff.org](https://certbot.eff.org/)