1.獲取certbot-auto
wget https://dl.eff.org/certbot-auto
2.添加執行權限
chmod a+x certbot-auto
3.自動下載和安裝環境需要的組件
./certbot-auto --apache certonly
4.生成域名所需要的證書(紅色部分為網站訪問的路徑和需要生成證書的域名)
./certbot-auto certonly --email 123456@qq.com --agree-tos --webroot -w /www/web/blxz/public_html -d blxz.qq.cn
5.生成的路徑應該是(應該是四個證書文件):
/etc/letsencrypt/live/blxz.qq.com/privkey.pem
6.配置apache文件(vhost的域名配置文件.conf)
<VirtualHost *:443> DocumentRoot /www/web/blxz/public_html ServerName blxz.qq.com ServerAlias blxz.qq.com ErrorDocument 400 /errpage/400.html ErrorDocument 403 /errpage/403.html ErrorDocument 404 /errpage/404.html SSLEngine on SSLCertificateFile /etc/letsencrypt/live/blxz.qq.com/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/blxz.qq.com/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/blxz.qq.com/chain.pem php_admin_value open_basedir /www/web/blxz:/tmp <IfModule mod_deflate.c> DeflateCompressionLevel 7 AddOutputFilterByType DEFLATE text/html text/plain text/xml application/x-httpd-php AddOutputFilter DEFLATE css js html htm gif jpg png bmp php </IfModule> </VirtualHost> <Directory /www/web/blxz> Options FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory>
7.重啟apache配置
service httpd restart
注意:certbot Let's Encrypt永久免費但需要90天激活一次續約