使用免费的SSL

公司收的一大堆论坛都要加SSL，每个都要购买的话会是一笔不小的费用。
所以准备全部使用Let’s Encrypt的免费SSL。

会社は沢山掲示板の運営会社を買収しました。もしすべてのSSLを購入する場合、費用がかなり掛かります。
そして、Let’s Encryptで導入しましょう。

wget -O -  https://get.acme.sh | sh
cd .acme.sh/
#确保通过域名可访问到/var/www/yemaosheng/htdocs/.well-known/下的内容
#ドメインにアクセスできることを確認してください
./acme.sh --issue -d yemaosheng.com -d www.yemaosheng.com -w /var/www/yemaosheng/htdocs
[Tue Mar  7 21:19:34 CST 2017] Multi domain='DNS:www.yemaosheng.com'
[Tue Mar  7 21:19:34 CST 2017] Getting domain auth token for each domain
[Tue Mar  7 21:19:34 CST 2017] Getting webroot for domain='yemaosheng.com'
[Tue Mar  7 21:19:34 CST 2017] Getting new-authz for domain='yemaosheng.com'
[Tue Mar  7 21:19:36 CST 2017] The new-authz request is ok.
[Tue Mar  7 21:19:36 CST 2017] Getting webroot for domain='www.yemaosheng.com'
[Tue Mar  7 21:19:36 CST 2017] Getting new-authz for domain='www.yemaosheng.com'
[Tue Mar  7 21:19:36 CST 2017] The new-authz request is ok.
[Tue Mar  7 21:19:37 CST 2017] yemaosheng.com is already verified, skip http-01.
[Tue Mar  7 21:19:37 CST 2017] Verifying:www.yemaosheng.com
[Tue Mar  7 21:19:39 CST 2017] Success
[Tue Mar  7 21:19:39 CST 2017] Verify finished, start to sign.
[Tue Mar  7 21:19:40 CST 2017] Cert success.
-----BEGIN CERTIFICATE-----
MIIFFzCCA............FlYV3RaDYYpw=
-----END CERTIFICATE-----
[Tue Mar  7 21:19:40 CST 2017] Your cert is in  /root/.acme.sh/yemaosheng.com/yemaosheng.com.cer 
[Tue Mar  7 21:19:40 CST 2017] Your cert key is in  /root/.acme.sh/yemaosheng.com/yemaosheng.com.key 
[Tue Mar  7 21:19:40 CST 2017] The intermediate CA cert is in  /root/.acme.sh/yemaosheng.com/ca.cer 
[Tue Mar  7 21:19:40 CST 2017] And the full chain certs is there:  /root/.acme.sh/yemaosheng.com/fullchain.cer
 
crontab -l
7 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
 
vi /etc/httpd/conf.d/ssl.conf
...
<VirtualHost *:443>
        DocumentRoot "/var/www/yemaosheng/htdocs"
        ServerName yemaosheng.com
 
        SSLEngine on
        SSLProtocol all -SSLv2 -SSLv3
        SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
        SSLCertificateFile "/root/.acme.sh/yemaosheng.com/yemaosheng.com.cer"
        SSLCertificateKeyFile "/root/.acme.sh/yemaosheng.com/yemaosheng.com.key"
        SSLCertificateChainFile "/root/.acme.sh/yemaosheng.com/fullchain.cer"
        ...
</VirtualHost>
...

wget -O - https://get.acme.sh | sh cd .acme.sh/ #确保通过域名可访问到/var/www/yemaosheng/htdocs/.well-known/下的内容 #ドメインにアクセスできることを確認してください ./acme.sh --issue -d yemaosheng.com -d www.yemaosheng.com -w /var/www/yemaosheng/htdocs [Tue Mar 7 21:19:34 CST 2017] Multi domain='DNS:www.yemaosheng.com' [Tue Mar 7 21:19:34 CST 2017] Getting domain auth token for each domain [Tue Mar 7 21:19:34 CST 2017] Getting webroot for domain='yemaosheng.com' [Tue Mar 7 21:19:34 CST 2017] Getting new-authz for domain='yemaosheng.com' [Tue Mar 7 21:19:36 CST 2017] The new-authz request is ok. [Tue Mar 7 21:19:36 CST 2017] Getting webroot for domain='www.yemaosheng.com' [Tue Mar 7 21:19:36 CST 2017] Getting new-authz for domain='www.yemaosheng.com' [Tue Mar 7 21:19:36 CST 2017] The new-authz request is ok. [Tue Mar 7 21:19:37 CST 2017] yemaosheng.com is already verified, skip http-01. [Tue Mar 7 21:19:37 CST 2017] Verifying:www.yemaosheng.com [Tue Mar 7 21:19:39 CST 2017] Success [Tue Mar 7 21:19:39 CST 2017] Verify finished, start to sign. [Tue Mar 7 21:19:40 CST 2017] Cert success. -----BEGIN CERTIFICATE----- MIIFFzCCA............FlYV3RaDYYpw= -----END CERTIFICATE----- [Tue Mar 7 21:19:40 CST 2017] Your cert is in /root/.acme.sh/yemaosheng.com/yemaosheng.com.cer [Tue Mar 7 21:19:40 CST 2017] Your cert key is in /root/.acme.sh/yemaosheng.com/yemaosheng.com.key [Tue Mar 7 21:19:40 CST 2017] The intermediate CA cert is in /root/.acme.sh/yemaosheng.com/ca.cer [Tue Mar 7 21:19:40 CST 2017] And the full chain certs is there: /root/.acme.sh/yemaosheng.com/fullchain.cer crontab -l 7 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null vi /etc/httpd/conf.d/ssl.conf ... <VirtualHost *:443> DocumentRoot "/var/www/yemaosheng/htdocs" ServerName yemaosheng.com SSLEngine on SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS" SSLCertificateFile "/root/.acme.sh/yemaosheng.com/yemaosheng.com.cer" SSLCertificateKeyFile "/root/.acme.sh/yemaosheng.com/yemaosheng.com.key" SSLCertificateChainFile "/root/.acme.sh/yemaosheng.com/fullchain.cer" ... </VirtualHost> ...

叶茂盛

记一记

Leave a Reply Cancel reply

Related Posts

Leave a Reply Cancel reply