本文對應版本:0.40.1
--
下載、安裝
|
1 2 3 |
# wget https://dl.eff.org/certbot-auto # chmod a+x ./certbot-auto # ./certbot-auto |
下載後加上執行屬性,裸執行一下讓程式自動更新及補上系統缺少的套件
--
mod_socache_shmcb.so
|
1 2 3 |
# vi /etc/httpd/conf.modules.d/00-base.conf LoadModule socache_shmcb_module modules/mod_socache_shmcb.so |
將 mod_socache_shmcb.so 註解移除
重新啟動 httpd
--
安裝證書 by 網站
|
1 |
./certbot-auto certonly --apache |
因為沒有 DNS 權限,先測試了單一網站的安裝,certbot 會自動偵測 apache 設定檔抓取網站,證書存放在 /etc/letsencrypt/live/* 內
--
etc/httpd/conf.d/ssl.conf 範例
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
<VirtualHost _default_:443> DocumentRoot "/srv/htdocs/linepay" ServerName linepaylabs.dae.tw:443 SSLEngine on SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite HIGH:3DES:!aNULL:!MD5:!SEED:!IDEA SSLCertificateFile /etc/letsencrypt/live/linepaylabs.dae.tw/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/linepaylabs.dae.tw/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/linepaylabs.dae.tw/fullchain.pem <Files ~ "\.(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars </Files> <Directory "/var/www/cgi-bin"> SSLOptions +StdEnvVars </Directory> BrowserMatch "MSIE [2-5]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 # Per-Server Logging: # The home of a custom SSL log file. Use this when you want a # compact non-error SSL logfile on a virtual host basis. CustomLog logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost> |
--
1,018 total views, 2 views today