Centos6.5安装let's encrypt for xampp

2019独角兽企业重金招聘Python工程师标准>>>

lampp使用Let's Encrypt过程记录

Let's Encrypt是什么？ 
https://letsencrypt.org/ 
 
Let's Encrypt要求站点要有虚拟主机，所以第一步就是把站点直接连接，变为虚拟主机方式。 
建立一个文件夹放置虚拟主机配置文件 
mkdir /opt/lampp/etc/myVhost 
 
在/opt/lampp/etc/httpd.conf文件末尾添加 
httpd.conf: 
IncludeOptional etc/myVhost/*.conf 
 
建立虚拟主机配置文件  
vi /opt/lampp/etc/myVhost/example.com.conf 
 
example.com.conf: 
<VirtualHost *:80> 
    ServerName example.com 
    ServerAlias www.example.com 
    DocumentRoot /opt/lampp/htdocs 
    ErrorLog /opt/lampp/logs/example.com/error.log 
</VirtualHost> 
 
mkdir /opt/lampp/logs/example.com  #建立日志目录 
 
虚拟主机配置完，重启lampp 
cd /opt/lampp 
./lampp restart        #也可只单独重启Apache 
 
2.下载let's encrypt程序 
yum install epel-release               #安装环境 
yum install git                               #安装环境 
git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt     #下载到let's encrypt到 /opt/letsencrypt 
 
3.下载证书 
cd /opt/letsencrypt 
./certbot-auto certonly --webroot -w /opt/lampp/htdocs  -d www.example.com   

#由于lampp是单独配置的环境，所以只下载证书。 
 
证书下载成功会出现下面类似的提示： 
IMPORTANT NOTES: 
 - If you lose your account credentials, you can recover through 
   e-mails sent to user@example.com. 
 - Congratulations! Your certificate and chain have been saved at 
   /etc/letsencrypt/live/example.com/fullchain.pem. Your cert 
   will expire on 2016-04-21. To obtain a new version of the 
   certificate in the future, simply run Let's Encrypt again. 
 - Your account credentials have been saved in your Let's Encrypt 
   configuration directory at /etc/letsencrypt. You should make a 
   secure backup of this folder now. This configuration directory will 
   also contain certificates and private keys obtained by Let's 
   Encrypt so making regular backups of this folder is ideal. 
 - If you like Let's Encrypt, please consider supporting our work by: 
 
   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate 
   Donating to EFF:                    https://eff.org/donate-le 
 
 
4.配置Apache，其实也就是添加证书位置。 
vi /opt/lampp/etc/myVhost/example.com.conf 
 
example.com.conf: 
<VirtualHost *:443> 
    ServerName example.com 
    ServerAlias www.example.com 
    DocumentRoot /opt/lampp/htdocs 
    ErrorLog /opt/lampp/logs/example.com/error.log 
    SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem 
    SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem 
</VirtualHost> 
 
5.设置http跳转至https 
到第4步，使用https://www.example.com，没有意外的话，应该能在浏览器看到小锁了。不想用http，设置一个跳转就行了。 

6.let's encrypt证书只有90天的期限，所以定期更新证书很有必要，不过还没有实践过，把网上一些资料先copy下来。 
crontab -e 
30 2 * * 1 /opt/letsencrypt/letsencrypt-auto renew >> /opt/lampp/logs/example.com/le-renew.log  #定时每周一 2：30更新证书 
 
7.更新Let’s Encrypt程序，同样没有实践过，先保存。 
cd /opt/letsencrypt 
git pull 

转载于:https://my.oschina.net/xiaoxiezi/blog/816265