預計使用 Let's Encrypt 免費憑證
1.先搜尋可安裝的軟體
# pkg search certbot
py311-certbot-3.1.0,1 Let's Encrypt client
py311-certbot-apache-3.1.0 Apache plugin for Certbot
py311-certbot-dns-cloudflare-3.1.0 Cloudflare DNS plugin for Certbot
py311-certbot-dns-cpanel-0.4.0_1 CPanel DNS Authenticator plugin for Certbot
py311-certbot-dns-digitalocean-3.1.0 DigitalOcean DNS Authenticator plugin for Certbot
py311-certbot-dns-dnsimple-3.1.0 DNSimple DNS Authenticator plugin for Certbot
py311-certbot-dns-dnsmadeeasy-3.1.0 DNS Made Easy DNS Authenticator plugin for Certbot
py311-certbot-dns-gandi-1.5.0_1 Gandi LiveDNS plugin for Certbot
py311-certbot-dns-gehirn-3.1.0 Gehirn Infrastructure Service DNS Authenticator plugin for Certbot
py311-certbot-dns-google-3.1.0 Google Cloud DNS Authenticator plugin for Certbot
py311-certbot-dns-linode-3.1.0 Linode DNS Authenticator plugin for Certbot
py311-certbot-dns-luadns-3.1.0 LuaDNS Authenticator plugin for Certbot
py311-certbot-dns-nsone-3.1.0 NS1 DNS Authenticator plugin for Certbot
py311-certbot-dns-ovh-3.1.0 OVH DNS Authenticator plugin for Certbot
py311-certbot-dns-powerdns-0.2.1_2 PowerDNS DNS Authenticator plugin for Certbot
py311-certbot-dns-rfc2136-3.1.0 RFC 2136 DNS Authenticator plugin for Certbot
py311-certbot-dns-route53-3.1.0 Route53 DNS Authenticator plugin for Certbot
py311-certbot-dns-sakuracloud-3.1.0 Sakura Cloud DNS Authenticator plugin for Certbot
py311-certbot-dns-standalone-1.1_1 Standalone DNS Authenticator plugin for Certbot
py311-certbot-nginx-3.1.0 NGINX plugin for Certbot
2.安裝必要軟體
pkg install py311-certbot py311-certbot-apache
3.搜尋虛擬主機設定
# grep -r "VirtualHost \*:80" /usr/local/etc/apache24/
/usr/local/etc/apache24/extra/httpd-vhosts.conf.sample:<VirtualHost *:80>
/usr/local/etc/apache24/extra/httpd-vhosts.conf.sample:<VirtualHost *:80>
/usr/local/etc/apache24/extra/httpd-vhosts.conf:<VirtualHost *:80>
/usr/local/etc/apache24/extra/httpd-vhosts.conf:<VirtualHost *:80>
4. 修改虛擬主機設定
# ee /usr/local/etc/apache24/extra/httpd-vhosts.conf
<VirtualHost *:80>
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot "/www/web/"
ServerName gen-slps.slps.tn.edu.tw
ServerAlias gen-slps.slps.tn.edu.tw
ErrorLog "/usr/local/www/apache24/logs/dummy-host.example.com-error_log"
CustomLog "/usr/local/www/apache24/logs/dummy-host.example.com-access_log" common
</VirtualHost>
5. 修改 httpd.conf
# ee /usr/local/etc/apache24/httpd.conf
1. Include /usr/local/etc/apache24/extra/httpd-vhosts.conf
2. #LoadModule rewrite_module libexec/apache24/mod_rewrite.so
3. #LoadModule ssl_module libexec/apache24/mod_ssl.so
6. 安裝並設定憑證,安裝完重開 apache
certbot --apache -d gen-slps.slps.tn.edu.tw
service apache24 restart
7. 增加虛擬主機設定,強制輸入ip的使用者進入網域
<VirtualHost *:80>
ServerName 163.26.79.1
Redirect permanent / https://gen-slps.slps.tn.edu.tw/
</VirtualHost>
後記:
※ 憑證位置 /usr/local/etc/letsencrypt/live/gen-slps.slps.tn.edu.tw/cert.pem
※ 查詢憑證到期日
openssl x509 -in /usr/local/etc/letsencrypt/live/gen-slps.slps.tn.edu.tw/cert.pem -noout -dates
沒有留言:
張貼留言