免费SSL安全证书Let's Encrypt在CentOS下安装使用教程


Let’s Encrypt是最近很火的一个免费SSL证书发行项目,Let’s Encrypt是由ISRG提供的免费免费公益项目,自动化发行证书,但是证书只有90天的有效期。适合个人使用或者临时使用,不用再忍受自签发证书不受浏览器信赖的提示,Let’s Encrypt官方网站:https://letsencrypt.org/。证书安装简单,目前支持主流的web容器,本次CentOS 6.8下以Apache配置作为示例:
下载Let’s Encrypt软件,试用git下载,如果本机不支持,需要安装git,如下:

sudo yum -y install git-core

然后下载Let’s Encrypt,下载到/opt/letsencrypt目录下

sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt

进入下载目录/opt/letsencrypt:

cd /opt/letsencrypt

由于测试环境为采用的是XAMPP for Linux,XAMPP是单独配置的环境,所以只下载证书,执行以下命令即可:

./certbot-auto certonly --email webmaster@chuhu.net --webroot -w /opt/lampp/htdocs -d chuhu.net -d www.chuhu.net

首先Let’s Encrypt会检测系统安装一些依赖包,有安装提示的时候全部yes,安装完成后会出现一下提示,证书位置在/etc/letsencrypt/live/chuhu.net/目录下

IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/chuhu.net/fullchain.pem. Your cert will
expire on 2016-09-28. To obtain a new or tweaked version of this
certificate in the future, simply run certbot-auto again. To
non-interactively renew *all* of your certificates, run
"certbot-auto renew"
- If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

注意:在安装前,务必确保您需要安装的域名(如本次的:chuhu.net)必须解析到当前服务器,且根目录确保设置为/opt/lampp/htdocs,否则安装失败。
接下来配置XAMPP 下的Apache:

vi /opt/lampp/etc/httpd.conf

检查配置文件包含项 httpd-ssl.conf 前面的是否被屏蔽,如果被屏蔽,去掉#,默认是不需要修改。
SSL配置文件/opt/lampp/etc/extra/httpd-ssl.conf不管它,默认即可。
修改虚拟站点信息

vi /opt/lampp/etc/extra/httpd-vhosts.conf

保留之前的80端口的站点配置:

<VirtualHost *:80>
    ServerAdmin webmaster@chuhu.net
    DocumentRoot "/opt/lampp/htdocs"
    ServerName chuhu.net
    ServerAlias www.chuhu.net
    ErrorLog "logs/dummy-www.chuhu.net-error_log"
    CustomLog "logs/dummy-www.chuhu.net-access_log" common
</VirtualHost>

复制一份,修改配制成如下:

<VirtualHost *:443>
    ServerAdmin webmaster@chuhu.net
    DocumentRoot "/opt/lampp/htdocs"
    ServerName chuhu.net
    ServerAlias www.chuhu.net
    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/chuhu.net/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/chuhu.net/privkey.pem
    ErrorLog "logs/dummy-www.chuhu.net-error_log"
    CustomLog "logs/dummy-www.chuhu.net-access_log" common
</VirtualHost>

重启下web服务,访问https://chuhu.net即可。

Have any Question or Comment?

发表评论