FreeBSD:Apache Let's Encrypt:修订间差异
已建立頁面,內容為 "<source lang="bash"> pkg search certbot pkg install py27-certbot </source> 启用 mod_ssl: /usr/local/etc/apache24/httpd.conf <pre> LoadModule ssl_module libexec/ap…" |
无编辑摘要 |
||
(未显示同一用户的1个中间版本) | |||
第56行: | 第56行: | ||
SSLCertificateChainFile "/usr/local/etc/letsencrypt/live/www.yourdomain.com/fullchain.pem" | SSLCertificateChainFile "/usr/local/etc/letsencrypt/live/www.yourdomain.com/fullchain.pem" | ||
... | ... | ||
</pre> | |||
注: certbot renew的时候,不能强制http -> https | |||
<pre> | |||
RewriteEngine off | |||
RewriteCond %{SERVER_NAME} =riguz.com | |||
RewriteRule ^ https://riguz.com%{REQUEST_URI} [END,NE,R=permanent | |||
</pre> | </pre> | ||
[[Category:Linux/Unix]] | [[Category:Linux/Unix]] |
2021年2月4日 (四) 01:07的最新版本
pkg search certbot
pkg install py27-certbot
启用 mod_ssl: /usr/local/etc/apache24/httpd.conf
LoadModule ssl_module libexec/apache24/mod_ssl.so
/usr/local/etc/apache24/modules.d/020_mod_ssl.conf
Listen 443 SSLProtocol ALL -SSLv2 -SSLv3 SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 SSLPassPhraseDialog builtin SSLSessionCacheTimeout 300
配置.well-known: 在 httpd.conf 中加入
<Directory "/usr/local/www/.well-known/"> Options None AllowOverride None Require all granted Header add Content-Type text/plain </Directory>
然后在每一个 virtualhost 中增加:
<VirtualHost *:80> Alias /.well-known/ /usr/local/www/.well-known/ ServerName riguz.com
这样完了后就可以生成证书了:
certbot certonly \
--webroot \
-w /usr/local/www/ \
-d riguz.com \
-d www.riguz.com \
-d blog.riguz.com \
-d wiki.riguz.com \
-d view.riguz.com \
-d bug.riguz.com
完了为每一个 virtualhost 配置 ssl:
<VirtualHost *:443> SSLEngine on SSLCertificateFile "/usr/local/etc/letsencrypt/live/www.yourdomain.com/cert.pem" SSLCertificateKeyFile "/usr/local/etc/letsencrypt/live/www.yourdomain.com/privkey.pem" SSLCertificateChainFile "/usr/local/etc/letsencrypt/live/www.yourdomain.com/fullchain.pem" ...
注: certbot renew的时候,不能强制http -> https
RewriteEngine off RewriteCond %{SERVER_NAME} =riguz.com RewriteRule ^ https://riguz.com%{REQUEST_URI} [END,NE,R=permanent