certbot免费ssl证书

一、安装certbot客户端

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

二、生成证书

./certbot-auto certonly --standalone --email 邮箱地址 -d 域名1 -d 域名2 ...

三、查看生成的证书

tree /etc/letsencrypt/live/

四、apache配置文件 httpd-ssl.conf


DocumentRoot "路径"
ServerName 域名
ServerAdmin 邮箱
ErrorLog "路径/logs/error_log"
TransferLog "路径/logs/access_log"
SSLEngine on
SSLCertificateFile "/etc/letsencrypt/live/证书域名/fullchain.pem"
SSLCertificateKeyFile "/etc/letsencrypt/live/证书域名/privkey.pem"

    SSLOptions +StdEnvVars


    SetOutputFilter DEFLATE
    Options FollowSymLinks
    AllowOverride All
    Order allow,deny
    Allow from all
    DirectoryIndex index.html index.php

BrowserMatch "MSIE [2-5]" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
CustomLog "路径/logs/ssl_request_log" \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
  

五、证书续签
Let’s Encrypt 生成的免费证书为3个月时间

./certbot-auto renew

你可能感兴趣的:(certbot免费ssl证书)