|
|
第1行: |
第1行: |
| <source lang="bash"> | | |
| pkg search certbot
| | /etc/sysconfig/network-scripts/ifcfg-enp0s3 |
| pkg install py27-certbot
| | <source lang="properties"> |
| | ON_BOOT=yes |
| </source> | | </source> |
|
| |
|
| 启用 mod_ssl:
| |
| /usr/local/etc/apache24/httpd.conf
| |
| <pre>
| |
| LoadModule ssl_module libexec/apache24/mod_ssl.so
| |
| </pre>
| |
|
| |
| /usr/local/etc/apache24/modules.d/020_mod_ssl.conf
| |
| <pre>
| |
| Listen 443
| |
| SSLProtocol ALL -SSLv2 -SSLv3
| |
| SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
| |
| SSLPassPhraseDialog builtin
| |
| SSLSessionCacheTimeout 300
| |
| </pre>
| |
|
| |
| 配置.well-known:
| |
| 在 httpd.conf 中加入
| |
| <pre>
| |
| <Directory "/usr/local/www/.well-known/">
| |
| Options None
| |
| AllowOverride None
| |
| Require all granted
| |
| Header add Content-Type text/plain
| |
| </Directory>
| |
| </pre>
| |
| 然后在每一个 virtualhost 中增加:
| |
| <pre>
| |
| <VirtualHost *:80>
| |
| Alias /.well-known/ /usr/local/www/.well-known/
| |
| ServerName riguz.com
| |
| </pre>
| |
| 这样完了后就可以生成证书了:
| |
| <source lang="bash"> | | <source lang="bash"> |
| certbot certonly \
| | service network restart |
| --webroot \
| |
| -w /usr/local/www/ \
| |
| -d riguz.com \
| |
| -d www.riguz.com \
| |
| -d blog.riguz.com \
| |
| -d wiki.riguz.com \
| |
| -d view.riguz.com \
| |
| -d bug.riguz.com
| |
| </source> | | </source> |
| 完了为每一个 virtualhost 配置 ssl:
| |
| <pre>
| |
| <VirtualHost *:443>
| |
| SSLEngine on
| |
|
| |
| SSLCertificateFile "/usr/local/etc/letsencrypt/live/www.yourdomain.com/cert.pem"
| |
| SSLCertificateKeyFile "/usr/local/etc/letsencrypt/live/www.yourdomain.com/privkey.pem"
| |
| SSLCertificateChainFile "/usr/local/etc/letsencrypt/live/www.yourdomain.com/fullchain.pem"
| |
| ...
| |
| </pre>
| |
|
| |
| 注: certbot renew的时候,不能强制http -> https
| |
| <pre>
| |
| RewriteEngine off
| |
| RewriteCond %{SERVER_NAME} =riguz.com
| |
| RewriteRule ^ https://riguz.com%{REQUEST_URI} [END,NE,R=permanent
| |
| </pre>
| |
| [[Category:Linux/Unix]] | | [[Category:Linux/Unix]] |
2019年1月23日 (三) 09:09的版本
/etc/sysconfig/network-scripts/ifcfg-enp0s3