1、下载certbot1
2
3cd /data/soft
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
2、生成证书
/data/soft/certbot-auto –apache certonly
1
2
3
4
5Saving debug log to /var/log/letsencrypt/letsencrypt.log
Could not choose appropriate plugin: The apache plugin is not working; there may be problems with your existing configuration.
The error was: NoInstallationError('Cannot find Apache executable apachectl',)
The apache plugin is not working; there may be problems with your existing configuration.
The error was: NoInstallationError('Cannot find Apache executable apachectl',)
3、上面报错提示找不到执行路径,需要指定apache的路径
sudo env PATH=$PATH:/usr/local/apache2/bin ./certbot-auto –apache certonly
1
2
3
4
5Saving debug log to /var/log/letsencrypt/letsencrypt.log
Could not choose appropriate plugin: The apache plugin is not working; there may be problems with your existing configuration.
The error was: NoInstallationError('Could not find configuration root',)
The apache plugin is not working; there may be problems with your existing configuration.
The error was: NoInstallationError('Could not find configuration root',)
4、上面报错提示找不到配置目录,需要指定–apache-server-root
sudo env PATH=$PATH:/usr/local/apache2/bin ./certbot-auto –apache –apache-server-root /usr/local/apache2
1
2
3
4
5
6
7
8
9Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
No names were found in your configuration files. Please enter in your domain
name(s) (comma and/or space separated) (Enter 'c' to cancel): www.test.com
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.test.com
Cleaning up challenges
Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.
5、使用certbot申请申请域名免费证书,默认会访问80端口,如果80端口不存在,会报以上错误,修改httpd.conf配置文件,添加上80端口,并重启apache1
2
3
4
5
6
7
8Listen 80
ServerAdmin test@test.example.com
ServerName www.test.com
ServerAlias test
DocumentRoot /var/www/html
6、重新生成证书,成功之后会在/etc/letsencrypt/live/ebank.cbibank.com目录下生成四个文件.pem文件和一个README文件1cert.pem chain.pem fullchain.pem privkey.pem README
7、修改conf/httpd.conf文件1
2#Include conf/extra/httpd-ssl.conf
#LoadModule ssl_module modules/mod_ssl.so
将这两行的#去掉
8、配置conf/extra/httpd-ssl.conf文件,修改对应的域名和证书路径:1
2
3
4
5
6
7
8
DocumentRoot "/var/www/html"
ServerName ebank.cbibank.com
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/ebank.cbibank.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/ebank.cbibank.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/ebank.cbibank.com/chain.pem
9、修改完成后重启apache:1/usr/local/apache2/bin/apachectl restart
重启过程报错,无法关闭apache提示以下错误:
1httpd: Syntax error on line 434 of /usr/local/apache2/conf/httpd.conf: Cannot load /usr/local/apache2/modules/mod_ssl.so into server: /usr/local/apache2/modules/mod_ssl.so: cannot open shared object file: No such file or directory
在/usr/lib64/下面没有httpd的模块,yum安装mod_ssl:
1yum install mod_ssl
安装完成之后在/usr/lib64/httpd/modules/下面会有mod_ssl.so
1
2/usr/lib64/httpd/modules/mod_ssl.so
ln -s /usr/lib64/httpd/modules/mod_ssl.so /usr/local/apache2/modules/mod_ssl.so
再次尝试重启apache,报错:
1httpd: Syntax error on line 434 of /usr/local/apache2/conf/httpd.conf: Cannot load /usr/local/apache2/modules/mod_ssl.so into server: /usr/local/apache2/modules/mod_ssl.so:undefined symbol: ap_global_mutex_create
google了一下,有说yum安装的mod_ssl与apache的安装版本不兼容的问题,因此尝试使用对应版本的tar包将模块文件拷过去:
拷贝modules目录下的ssl目录和loggers的内容到/usr/local/apache2/modules/ssl目录下、拷贝include目录下的内容到/usr/local/apache2/modules/ssl目录下,拷贝完之后,在/usr/local/apache2/modules/ssl目录下执行以下命令:
1/usr/local/apache2/bin/apxs -a -i -c mod_ssl.c
执行完成之后再次重启apache,依旧报错:
1httpd: Syntax error on line 434 of /usr/local/apache2/conf/httpd.conf: Cannot load /usr/local/apache2/modules/mod_ssl.so into server: /usr/local/apache2/modules/mod_ssl.so: undefined symbol: ssl_cmd_SSLPassPhraseDialog
需要指定openssl路径,执行以下命令:
1/usr/local/apache2/bin/apxs -a -i -c -L/usr/lib/openssl/engines/lib -c *.c -lcrypto -lssl -ldl
再次重启apache
1httpd: Syntax error on line 434 of /usr/local/apache2/conf/httpd.conf: Cannot load /usr/local/apache2/modules/mod_ssl.so into server: /usr/local/apache2/modules/mod_ssl.so:undefined symbol: ap_global_mutex_create
重启apache依旧报错undefinedsymbol:ap_global_mutex_create,没找到任何解决办法,最后只能添加-enable-ssl参数,重新编译安装apache。