安装certbot
ubuntu@VM-0-3-ubuntu:~$ api python3-certbot-apache
启用apache的ssl模块
sudo a2enmod ssl
生成证书
certbot生成证书,可以使用命令行交互模式,也可以使用一行命令来直接生成,这里使用命令行交互生成,新手不容易出错,尤其是服务器上有好几个web服务的时候
我们可以按照以下步骤进行交互式操作
填写接收通知邮箱
ubuntu@VM-0-3-ubuntu:~$ sudo certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): 78049500@qq.com
同意tos条款
必须选同意
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A
是否同意接收广告邮件
自由选择
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N
选择域名
服务器有多个web服务,选择需要ssl的域名,我需要为m.hrzone.cn配置https,即选择8
Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: r.bytetoy.net
2: w.bytetoy.net
3: f.eduez.cn
4: t.eduez.cn
5: hotpod.cn
6: www.hotpod.cn
7: hrzone.cn
8: m.hrzone.cn
9: www.hrzone.cn
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 8
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for m.hrzone.cn
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/apache2/sites-available/memos-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/memos-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/memos-le-ssl.conf
选择是否全部转发至https
意思是否将http也转发至https,可以随意选择,如果服务有其他客户端在用,建议选择1,不转发。
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Future versions of Certbot will automatically configure the webserver so that all requests redirect to secure HTTPS access. You can control this behavior and disable this warning with the --redirect and --no-redirect flags.
生成ssl证书
Congratulations! You have successfully enabled https://m.hrzone.cn
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=m.hrzone.cn
测试服务
可以通过浏览器访问https是否成功。
同时也可以在/etc/apache2/sites-available目录下,看到生成的一个单独的conf配置文件:memos-le-ssl.conf