先安裝 git 及 EPEL repo:
# yum install git epel-release
安裝 Let’s encrypt 所需套件:
# yum install gcc libffi-devel python-devel openssl-devel
然後下載 Let’s encrypt:
# cd /root
# git clone https://github.com/letsencrypt/letsencrypt
這時系統會將 Let’s encrypt 的最新檔案下載到 /root/letsencrypt, 執行以下 script SSL certificate:
# cd /root/letsencrypt
# ./letsencrypt-auto certonly -a standalone -d yourdomain.com -d www.yourdomain.com
Let’s encrypt 會將憑證檔案放到 /etc/letsencrypt/live/.
接著可以配置 Apache, 先安裝 mod_ssl:
# yum install mod_ssl
然後開啟儲存 VirtualHost 設定的檔案, 例如 /etc/httpd/sites-enabled/www.your-domain.com, 在檔案內應該已經有 VirtualHost 的 HTTP (埠號 80) 的設定, 加入 HTTPS (埠號 443) 的設定
|
1 2 3 4 5 6 7 8 9 10 11 |
<VirtualHost *:443> ServerName www.your-domain.com DocumentRoot /var/www/www.your-domain.com ErrorLog /var/log/apache/www.your-domain.com/error.log CustomLog /var/log/apache/www.your-domain.com/access.log combined
SSLEngine on SSLCertificateFile /etc/letsencrypt/live/www.your-domain.com/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/www.your-domain.com/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/www.your-domain.com/chain.pem </VirtualHost> |
將上面的 “www.your-domain.com” 換成你的網站 domain, 然後重新啟動 Apache:
# systemctl restart httpd
最後可以透過存取 HTTPS 頁面測試是否成功配置, 例如: “https://www.your-domain.com”.