兩邊的前次修訂版 前次修改
下次修改 | 前次修改
|
tech:ssl_letsencrypt [2021/06/23 22:46] – jonathan | tech:ssl_letsencrypt [2022/07/20 14:40] (目前版本) – [apache 相關設定] jonathan |
---|
| |
===== 申請 Let's Encrypt 與設定 Web Server 程序 ===== | ===== 申請 Let's Encrypt 與設定 Web Server 程序 ===== |
{{tabinclude>tech:ssl_letsencrypt:ubuntu20_04, tech:ssl_letsencrypt:centos8, tech:ssl_letsencrypt:centos7}} | {{tabinclude>tech:ssl_letsencrypt:ubuntu20_04, tech:ssl_letsencrypt:alpine3_15, tech:ssl_letsencrypt:centos8, tech:ssl_letsencrypt:centos7}} |
| |
* 這過程會檢查與安裝 python packages 並讀取 web server 的設定, 查看目前的網站網址, 如果有設定 Virtual Host 多網址, 也可以選擇產生多網域的憑證((只產生一個憑證檔案, 但該憑證檔案內有包含多個網址)) | * 這過程會檢查與安裝 python packages 並讀取 web server 的設定, 查看目前的網站網址, 如果有設定 Virtual Host 多網址, 也可以選擇產生多網域的憑證((只產生一個憑證檔案, 但該憑證檔案內有包含多個網址)) |
#</VirtualHost> | #</VirtualHost> |
</file> | </file> |
* certbot-auto 會自動產生 /etc/httpd/conf/httpd-le-ssl.conf 定義 VirtualHost | * certbot-auto 會自動產生 /etc/httpd/conf/httpd-le-ssl.conf 定義 VirtualHost, 如果沒有產生要直接修改 ssl.conf ++點這裡看 wiki.ichiayi.com 範例|<file> |
| : |
| : |
| # Explictly disable SSL compression (should default to off anyway...) |
| # Note enabling SSL compression makes Apache vulnerable to CRIME attack. |
| SSLCompression off |
| |
| # Default certificate file to use (provided by TurnKey) |
| #SSLCertificateFile /etc/ssl/private/cert.pem |
| SSLCertificateFile /etc/letsencrypt/live/wiki.ichiayi.com/cert.pem |
| SSLCertificateKeyFile /etc/letsencrypt/live/wiki.ichiayi.com/privkey.pem |
| |
| </IfModule> |
| </file> |
<note> | <note> |
* 如果之後增加 VirtualHost 透過 <code sh>certbot-auto --apache certonly</code> 產生憑證後, 需要到 /etc/httpd/conf/httpd-le-ssl.conf 手動加上定義 | * 如果之後增加 VirtualHost 透過 <code sh>certbot-auto --apache certonly</code> 產生憑證後, 需要到 /etc/httpd/conf/httpd-le-ssl.conf 手動加上定義 |
* https://certbot.eff.org/lets-encrypt/centosrhel7-other | * https://certbot.eff.org/lets-encrypt/centosrhel7-other |
* https://gitpress.io/@chchang/ubuntu-letsencrypt-cloudflare-wildcard | * https://gitpress.io/@chchang/ubuntu-letsencrypt-cloudflare-wildcard |
| * https://blog.anzupop.com/posts/acquire-lets-encrypt-certs-using-dns-cloudflare-plugin/ |
* https://serverfault.com/questions/744960/configuring-ssl-with-virtual-hosts-under-apache-and-centos | * https://serverfault.com/questions/744960/configuring-ssl-with-virtual-hosts-under-apache-and-centos |
* https://sslmate.com/caa/ | * https://sslmate.com/caa/ |