HTTPS

2018-09-18

申请Let’s Encrypt数字证书

安装

wget https://dl.eff.org/certbot-auto
chmod a+x ./certbot-auto
./certbot-auto --help

参考官方文档: https://certbot.eff.org/docs/install.html#certbot-auto

遇到报错解决办法 OSError: Command /root/.local/share/letsencrypt/bin/python2.7 - setuptools pkg_resources pip wheel failed with error code 2

先卸载：

apt-get purge python-virtualenv python3-virtualenv virtualenv

再安装：

pip install virtualenv

使用DNS txt验证方式来申请域名证书

./certbot-auto -d test.malu.me --manual --preferred-challenges dns certonly

接下来根据提示，添加dns的txt记录，以完成验证

更新证书

touch abc.sh
chmod 777 abc.sh
./certbot-auto renew --force-renew --manual-auth-hook abc.sh

也可以试试：

./certbot-auto renew --force-renew --standalone --preferred-challenges dns

或者：

./certbot-auto renew --dry-run

Apache2下启用HTTPS

1.开启ssl模块

a2enmod ssl

2.编辑apache配置文件

cat /etc/apache2/sites-enabled/test.malu.me-ssl.conf

<IfModule mod_ssl.c>
	<VirtualHost *:443>
	
		DocumentRoot /app/www

		SSLEngine on
		SSLCertificateFile    /etc/letsencrypt/live/test.malu.me/cert.pem
		SSLCertificateKeyFile /etc/letsencrypt/live/test.malu.me/privkey.pem
		SSLCertificateChainFile /etc/letsencrypt/live/test.malu.me/chain.pem
		
		<FilesMatch "\.(cgi|shtml|phtml|php)$">
		   SSLOptions +StdEnvVars
		</FilesMatch>
		
		BrowserMatch "MSIE [2-6]" \
		nokeepalive ssl-unclean-shutdown \
		downgrade-1.0 force-response-1.0
		BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
	</VirtualHost>
</IfModule>

3.重启apache