FreeBSD:Apache Let's Encrypt:修订间差异

来自WHY42
(已建立頁面,內容為 "<source lang="bash"> pkg search certbot pkg install py27-certbot </source> 启用 mod_ssl: /usr/local/etc/apache24/httpd.conf <pre> LoadModule ssl_module libexec/ap…")
 
无编辑摘要
 
(未显示同一用户的1个中间版本)
第56行: 第56行:
SSLCertificateChainFile "/usr/local/etc/letsencrypt/live/www.yourdomain.com/fullchain.pem"
SSLCertificateChainFile "/usr/local/etc/letsencrypt/live/www.yourdomain.com/fullchain.pem"
...
...
</pre>
注: certbot renew的时候,不能强制http -> https
<pre>
RewriteEngine off
RewriteCond %{SERVER_NAME} =riguz.com
RewriteRule ^ https://riguz.com%{REQUEST_URI} [END,NE,R=permanent
</pre>
</pre>
[[Category:Linux/Unix]]
[[Category:Linux/Unix]]

2021年2月4日 (四) 01:07的最新版本

pkg search certbot
pkg install py27-certbot

启用 mod_ssl: /usr/local/etc/apache24/httpd.conf

LoadModule ssl_module libexec/apache24/mod_ssl.so

/usr/local/etc/apache24/modules.d/020_mod_ssl.conf

Listen 443
SSLProtocol ALL -SSLv2 -SSLv3
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLPassPhraseDialog  builtin
SSLSessionCacheTimeout  300

配置.well-known: 在 httpd.conf 中加入

<Directory "/usr/local/www/.well-known/">
   Options None
   AllowOverride None
   Require all granted
   Header add Content-Type text/plain
</Directory>

然后在每一个 virtualhost 中增加:

<VirtualHost *:80>
    Alias /.well-known/ /usr/local/www/.well-known/
    ServerName riguz.com

这样完了后就可以生成证书了:

certbot certonly \
--webroot \
-w /usr/local/www/ \
-d riguz.com \
-d www.riguz.com \
-d blog.riguz.com \
-d wiki.riguz.com \
-d view.riguz.com \
-d bug.riguz.com

完了为每一个 virtualhost 配置 ssl:

<VirtualHost *:443>
        SSLEngine on

	SSLCertificateFile "/usr/local/etc/letsencrypt/live/www.yourdomain.com/cert.pem"
	SSLCertificateKeyFile "/usr/local/etc/letsencrypt/live/www.yourdomain.com/privkey.pem"
	SSLCertificateChainFile "/usr/local/etc/letsencrypt/live/www.yourdomain.com/fullchain.pem"
...

注: certbot renew的时候,不能强制http -> https

RewriteEngine off
RewriteCond %{SERVER_NAME} =riguz.com
RewriteRule ^ https://riguz.com%{REQUEST_URI} [END,NE,R=permanent