Hunter的大杂烩

December 1, 2019

免费APACHE SSL证书安装

Filed under: 技术话题 — hunter @ 3:41 pm

参考:
https://letsencrypt.org/zh-cn/getting-started/
https://www.cnblogs.com/stulzq/p/8628163.html


yum -y install yum-utils
yum-config-manager --enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optional
yum install certbot python2-certbot-apache
certbot certonly -d 你的域名 -d *.你的域名 --manual --preferred-challenges dns


根据提示,在域名中增加验证条目后,certbot会在/etc/letsencrypt/archive 下生成4个证书文件,有效期3个月

$ tree /etc/letsencrypt/archive/xxx.cn
.
├── cert1.pem
├── chain1.pem
├── fullchain1.pem
└── privkey1.pem

修改 apache conf 目录下的httpd-ssl.conf,在vhost里面增加

SSLCertificateFile "/etc/letsencrypt/archive/xxx.cn/cert1.pem"
SSLCertificateKeyFile "/etc/letsencrypt/archive/xxx.cn/privkey1.pem"
SSLCertificateChainFile "/etc/letsencrypt/archive/xxx.cn/chain1.pem"

重启apache即可

 

BTW: 如果按照官网的apache操作指引(https://certbot.eff.org/lets-encrypt/centosrhel7-apache)去做,会安装很多无用模块,甚至安装了一个APACHE,如果是自己编译服务的话,会很麻烦,下次有机会按“晓晨Master”博客直接下载源码试一试

No Comments

No comments yet.

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress