“FreeBSD:MariaDB 安装”与“FreeBSD:Apache Let's Encrypt”:页面之间的差异
(页面间差异)
无编辑摘要 |
(已建立頁面,內容為 "<source lang="bash"> pkg search certbot pkg install py27-certbot </source> 启用 mod_ssl: /usr/local/etc/apache24/httpd.conf <pre> LoadModule ssl_module libexec/ap…") |
||
第1行: | 第1行: | ||
<source lang="bash"> | <source lang="bash"> | ||
pkg search | pkg search certbot | ||
pkg install | pkg install py27-certbot | ||
</source> | </source> | ||
启用 mod_ssl: | |||
/usr/local/etc/apache24/httpd.conf | |||
<pre> | |||
LoadModule ssl_module libexec/apache24/mod_ssl.so | |||
</pre> | |||
/usr/local/etc/apache24/modules.d/020_mod_ssl.conf | |||
<pre> | <pre> | ||
Listen 443 | |||
SSLProtocol ALL -SSLv2 -SSLv3 | |||
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 | |||
SSLPassPhraseDialog builtin | |||
SSLSessionCacheTimeout 300 | |||
</pre> | |||
配置.well-known: | |||
在 httpd.conf 中加入 | |||
/usr/local/ | <pre> | ||
<Directory "/usr/local/www/.well-known/"> | |||
Options None | |||
AllowOverride None | |||
Require all granted | |||
Header add Content-Type text/plain | |||
</Directory> | |||
</pre> | |||
然后在每一个 virtualhost 中增加: | |||
<pre> | |||
<VirtualHost *:80> | |||
Alias /.well-known/ /usr/local/www/.well-known/ | |||
ServerName riguz.com | |||
</pre> | |||
这样完了后就可以生成证书了: | |||
<source lang="bash"> | |||
certbot certonly \ | |||
--webroot \ | |||
-w /usr/local/www/ \ | |||
-d riguz.com \ | |||
-d www.riguz.com \ | |||
-d blog.riguz.com \ | |||
-d wiki.riguz.com \ | |||
-d view.riguz.com \ | |||
-d bug.riguz.com | |||
</source> | |||
完了为每一个 virtualhost 配置 ssl: | |||
<pre> | |||
<VirtualHost *:443> | |||
SSLEngine on | |||
SSLCertificateFile "/usr/local/etc/letsencrypt/live/www.yourdomain.com/cert.pem" | |||
SSLCertificateKeyFile "/usr/local/etc/letsencrypt/live/www.yourdomain.com/privkey.pem" | |||
SSLCertificateChainFile "/usr/local/etc/letsencrypt/live/www.yourdomain.com/fullchain.pem" | |||
... | |||
/usr/local/etc | |||
</pre> | </pre> | ||
[[Category:Linux/Unix]] | [[Category:Linux/Unix]] |
2018年11月27日 (二) 05:01的版本
pkg search certbot
pkg install py27-certbot
启用 mod_ssl: /usr/local/etc/apache24/httpd.conf
LoadModule ssl_module libexec/apache24/mod_ssl.so
/usr/local/etc/apache24/modules.d/020_mod_ssl.conf
Listen 443 SSLProtocol ALL -SSLv2 -SSLv3 SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 SSLPassPhraseDialog builtin SSLSessionCacheTimeout 300
配置.well-known: 在 httpd.conf 中加入
<Directory "/usr/local/www/.well-known/"> Options None AllowOverride None Require all granted Header add Content-Type text/plain </Directory>
然后在每一个 virtualhost 中增加:
<VirtualHost *:80> Alias /.well-known/ /usr/local/www/.well-known/ ServerName riguz.com
这样完了后就可以生成证书了:
certbot certonly \
--webroot \
-w /usr/local/www/ \
-d riguz.com \
-d www.riguz.com \
-d blog.riguz.com \
-d wiki.riguz.com \
-d view.riguz.com \
-d bug.riguz.com
完了为每一个 virtualhost 配置 ssl:
<VirtualHost *:443> SSLEngine on SSLCertificateFile "/usr/local/etc/letsencrypt/live/www.yourdomain.com/cert.pem" SSLCertificateKeyFile "/usr/local/etc/letsencrypt/live/www.yourdomain.com/privkey.pem" SSLCertificateChainFile "/usr/local/etc/letsencrypt/live/www.yourdomain.com/fullchain.pem" ...