1,540 total views, 2 views today
Let’s Encrypt 的數位憑證認證機構(CA)推出免費SSL/TLS 憑證服務,但是期限僅限三個月,安裝過程雖然簡單,但是怕忘記步驟還是紀錄一下。
伺服器需求:
- 必須有 EPEL repository:
- 必須安裝 git
下載Let’s Encrypt Client 工具
git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
安裝 SSL 憑證
cd /opt/letsencrypt ./letsencrypt-auto --apache -d qaz.com -d www.qaz.com
vi /etc/httpd/conf.d/ssl.conf
Listen 443 <VirtualHost *:443> ServerName qaz.com SSLEngine on SSLCertificateFile "/etc/letsencrypt/live/qaz.com/cert.pem" SSLCertificateKeyFile "/etc/letsencrypt/live/qaz.com/privkey.pem" SSLCertificateChainFile "/etc/letsencrypt/live/qaz.com/chain.pem" </VirtualHost>
systemctl restart httpd
憑證檢查
https://www.ssllabs.com/ssltest/analyze.html?d=qaz.com&latest
憑證更新
./letsencrypt-auto renew
Let’s Encrypt Client更新
cd /opt/letsencrypt
git pull