2020年1月17日 星期五

【linux】免費SSL設定,Cerbot

1.先到Cerbot官網

2.選擇目前伺服器環境

















3.照著步驟走,要先確定有裝mod_ssl
yum -y install yum-utils
yum-config-manager --enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optional

sudo yum install certbot python2-certbot-apache
sudo certbot --apache


4.取得憑證 certbot certonly --webroot -w /var/www/html -d mydomain.com --email {your_email_address} --agree-tos
成功後SSL憑證會放到 /etc/letsencrypt/live/{YOUR URL}/

5.改SSL,/etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/letsencrypt/live/www.chiender.bnet.tw/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.chiender.bnet.tw/privkey.pem
SSLCACertificateFile /etc/letsencrypt/live/www.chiender.bnet.tw/fullchain.pem

6.設定VirturalHost
<VirtualHost *:80>
        ServerAlias *
        VirtualDocumentRoot "/var/www/html/%0"
        RewriteEngine on
        RewriteCond %{HTTPS} !=on
        RewriteRule ^(.*) https://%{SERVER_NAME}$1 [L,R]
</VirtualHost>

<VirtualHost *:443>
        ServerAlias *
        VirtualDocumentRoot "/var/www/html/%0"
        SSLEngine on
</VirtualHost>

6 則留言: