Step 1 — Installing dependent modules
yum install epel-release mod_ssl
Step 2 — Downloading the Let’s Encrypt client
yum install python-certbot-apache
Step 3 — Setting up the SSL certificate
certbot --apache -d example.com
certbot --apache -d example.com -d www.example.com
IMPORTANT! The first domain should be your base domain, in this sample it’s example.com
Step 4 — Setting up auto renewal of the certificate
Let’s Encrypt certificates are valid for 90 days, but every web professional will recommend you to renew it within 60 days in order to avoid any issues. To accomplish this, the certbot will help us with its renewcommand. It will check if the certificate is less than 30 days away from expiration.
Please run this command to proceed:
# certbot renew
To automate this renewal process you could setup a cronjob. Firstly, open the crontab:
crontab -e
0 0 * * 1 /usr/bin/certbot renew >> /var/log/sslrenew.log
https://www.hostinger.com/tutorials/vps/how-to-install-lets-encrypt-ssl-apache-centos7
安裝完之後我們可以看到原本的設定檔 *.conf 同樣的目錄底下會自動產生一個名為 *-le-ssl.conf 檔案,其中的內容會是你原本的 HTTP 設定再加上 SSL 憑證設定,方便我們在 service httpd restart 之後可以直接生效。範例如下:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin master@domain.com
ServerName domain.com
ServerAlias www.domain.com
DocumentRoot /var/www/html
<Directory "/var/www/html">
AllowOverride All
</Directory>
SSLCertificateFile /etc/letsencrypt/live/domain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/domain.com/chain.pem
</VirtualHost>
</IfModule>
這樣就可以了,但如果你的 SSL Module 無法正確被識別,造成 SSL 設定檔沒有被載入,那可以把前後的 <IfModule mod_ssl.c> 標記移除就 OK 囉。
為了讓所有連線都走 SSL 連線,原本的設定檔可以改成 Redirect SSL,如下:
|
1 2 3 4 5 6 |
<VirtualHost *:80> ServerAdmin master@domain.com ServerName domain.com ServerAlias www.domain.com Redirect 301 / https://domain.com/ </VirtualHost> |