Let’s Encrypt + certbot : 免費 SSL (0.40.1)

本文對應版本：0.40.1

下載、安裝

# wget https://dl.eff.org/certbot-auto
# chmod a+x ./certbot-auto
# ./certbot-auto

# wget https://dl.eff.org/certbot-auto

# chmod a+x ./certbot-auto

# ./certbot-auto

下載後加上執行屬性，裸執行一下讓程式自動更新及補上系統缺少的套件

mod_socache_shmcb.so

# vi /etc/httpd/conf.modules.d/00-base.conf

LoadModule socache_shmcb_module modules/mod_socache_shmcb.so

# vi /etc/httpd/conf.modules.d/00-base.conf

LoadModule socache_shmcb_module modules/mod_socache_shmcb.so

將 mod_socache_shmcb.so 註解移除

重新啟動 httpd

安裝證書 by 網站

./certbot-auto certonly --apache

1	./certbot-auto certonly --apache

因為沒有 DNS 權限，先測試了單一網站的安裝，certbot 會自動偵測 apache 設定檔抓取網站，證書存放在 /etc/letsencrypt/live/* 內

etc/httpd/conf.d/ssl.conf 範例

<VirtualHost _default_:443>

    DocumentRoot "/srv/htdocs/linepay"
    ServerName linepaylabs.dae.tw:443

    SSLEngine on
    SSLProtocol all -SSLv2 -SSLv3
    SSLCipherSuite HIGH:3DES:!aNULL:!MD5:!SEED:!IDEA
    SSLCertificateFile /etc/letsencrypt/live/linepaylabs.dae.tw/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/linepaylabs.dae.tw/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/linepaylabs.dae.tw/fullchain.pem

    <Files ~ "\.(cgi|shtml|phtml|php3?)$">
        SSLOptions +StdEnvVars
    </Files>
    <Directory "/var/www/cgi-bin">
        SSLOptions +StdEnvVars
    </Directory>

    BrowserMatch "MSIE [2-5]" \
             nokeepalive ssl-unclean-shutdown \
             downgrade-1.0 force-response-1.0

    #   Per-Server Logging:
    #   The home of a custom SSL log file. Use this when you want a
    #   compact non-error SSL logfile on a virtual host basis.
    CustomLog logs/ssl_request_log \
              "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>

DocumentRoot "/srv/htdocs/linepay"

ServerName linepaylabs.dae.tw:443

SSLEngine on

SSLProtocol all -SSLv2 -SSLv3

SSLCipherSuite HIGH:3DES:!aNULL:!MD5:!SEED:!IDEA

SSLCertificateFile /etc/letsencrypt/live/linepaylabs.dae.tw/cert.pem

SSLCertificateKeyFile /etc/letsencrypt/live/linepaylabs.dae.tw/privkey.pem

SSLCertificateChainFile /etc/letsencrypt/live/linepaylabs.dae.tw/fullchain.pem

SSLOptions +StdEnvVars

</Files>

SSLOptions +StdEnvVars

</Directory>

BrowserMatch "MSIE [2-5]" \

nokeepalive ssl-unclean-shutdown \

downgrade-1.0 force-response-1.0

# Per-Server Logging:

# The home of a custom SSL log file. Use this when you want a

# compact non-error SSL logfile on a virtual host basis.

CustomLog logs/ssl_request_log \

"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>

904 total views, 1 views today

Let’s Encrypt + certbot : 免費 SSL (0.40.1)

下載、安裝

mod_socache_shmcb.so

安裝證書 by 網站

etc/httpd/conf.d/ssl.conf 範例

Related Post

發佈留言

Let’s Encrypt + certbot : 免費 SSL (0.40.1)

下載、安裝

mod_socache_shmcb.so

安裝證書 by 網站

etc/httpd/conf.d/ssl.conf 範例

Related Post

CentOS 7 - 安裝 Python 3.10

派對遊戲平台 - 使用 Winwheel.js 製造轉盤

S3 - 用 s3cmd 管理

發佈留言