Centos 7安裝Let’s Encrypt憑證

 1,540 total views,  2 views today

Let’s Encrypt 的數位憑證認證機構(CA)推出免費SSL/TLS 憑證服務,但是期限僅限三個月,安裝過程雖然簡單,但是怕忘記步驟還是紀錄一下。

伺服器需求:

  1. 必須有 EPEL repository:
  2. 必須安裝 git

下載Let’s Encrypt Client 工具

git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt

 安裝 SSL 憑證

cd /opt/letsencrypt
./letsencrypt-auto --apache -d qaz.com -d www.qaz.com

vi /etc/httpd/conf.d/ssl.conf

Listen 443
<VirtualHost *:443>
  ServerName qaz.com
  SSLEngine on
  SSLCertificateFile "/etc/letsencrypt/live/qaz.com/cert.pem"
  SSLCertificateKeyFile "/etc/letsencrypt/live/qaz.com/privkey.pem"
  SSLCertificateChainFile "/etc/letsencrypt/live/qaz.com/chain.pem"
</VirtualHost>

systemctl restart httpd

憑證檢查

https://www.ssllabs.com/ssltest/analyze.html?d=qaz.com&latest

2016-04-11_15h53_16

憑證更新

./letsencrypt-auto renew

Let’s Encrypt Client更新

cd /opt/letsencrypt
git pull

 

發表迴響

%d 位部落客按了讚: