HTTP到HTTPS——申请SSL证书并安装过程中踩到的坑

本文记录了我在把网站从HTTP升级到 HTTPS ，申请和安装SSL证书路上踩过的几个坑。

安装环境：

操作系统：centos 6 X64
SSL证书来源：Let's Encrypt
安装用脚本：acme.sh
服务器：apache2

我的安装用的脚本，最好分步执行，以免出现问题后仍然尝试安装过期的证书

#!/bin/sh
#获得脚本并执行
curl https://get.acme.sh | sh

#申请证书，证书每60天自动申请一次，记住用自己的域名替换掉www.dreamoftime0.com
acme.sh --issue -d www.dreamoftime0.com --apache

#安装证书
acme.sh --installcert -d www.dreamoftime0.com --cert-file /etc/httpd/ssl/dreamoftime0.com.pem --key-file /etc/httpd/ssl/dreamoftime0.com.key --fullchain-file /etc/httpd/ssl/dreamoftime0.com.cer --reloadcmd "service httpd force-reload"
#一定记住，这里的文件是要放东西的输出文件，不是输入文件

#enjoy the https

最后记得修改apache的SSL配置。

需要修改的参数：

ServerName 设置为 www.example.com:443
SSLCertificateFile 设置为 证书文件的位置，即证书安装命令中--cert-file的值
SSLCertificateKeyFile 设置为 证书密钥文件的位置，即证书安装命令中--key-file的值
SSLCertificateChainFile 设置为 完整的证书链的位置，即证书安装命令中--fullchain-file的值

以下为参考的SSL配置文件

# /etc/httpd/conf.d/ssl.conf 
#
# This is the Apache server configuration file providing SSL support.
# It contains the configuration directives to instruct the server how to
# serve pages over an https connection. For detailing information about these 
# directives see <URL:http://httpd.apache.org/docs/2.2/mod/mod_ssl.html>
# 
# Do NOT simply read the instructions in here without understanding
# what they do.  They're here only as hints or reminders.  If you are unsure
# consult the online docs. You have been warned.  
#

LoadModule ssl_module modules/mod_ssl.so

#
# When we also provide SSL we have to listen to the 
# the HTTPS port in addition.
#
Listen 443

##
##  SSL Global Context
##
##  All SSL configuration in this context applies both to
##  the main server and all SSL-enabled virtual hosts.
##

#   Pass Phrase Dialog:
#   Configure the pass phrase gathering process.
#   The filtering dialog program (`builtin' is a internal
#   terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog  builtin

#   Inter-Process Session Cache:
#   Configure the SSL Session Cache: Firs