好用的HTTPS Apache on Ubuntu 16.04

Install

On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you'll need to do is apt-get the following packages.

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-apache 

Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates certificate installation.

Due to a security issue, Let's Encrypt has stopped offering the mechanism that the Apache plugin previously used to prove you control a domain. You can read more about this here.

We are planning on releasing a new version of Certbot in the next few days that works around this but if you have to obtain a certificate and cannot wait, you have a couple of options. If you're serving files for that domain out of a directory on that server, you can run the following command:

$ sudo certbot --authenticator webroot --installer apache

If you're not serving files out of a directory on the server, you can temporarily stop your server while you obtain the certificate and restart it after Certbot has obtained the certificate. This would look like:

$ sudo certbot --authenticator standalone --installer apache --pre-hook "apachectl -k stop" --post-hook "apachectl -k start"

Running either of these commands will get a certificate for you and have Certbot edit your Apache configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonlysubcommand. To see instructions on how to use this subcommand, select "None of the above" in the first drop-down menu above.

To learn more about how to use Certbot read our documentation.

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run

More detailed information and options about renewal can be found in the full documentation.



之前装过SSL出现情况:



  • 1
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值