Hướng dẫn cài đặt SSL bằng let’s encrypt
Share Everywhere
Table of contents
Cài đặt modules:
sudo yum install epel-release mod_ssl
Cài certbot:
sudo yum install python-certbot-apache
Cài đặt SSL certificate:
certbot --apache -d example.com
Nếu muốn tạo SSL cho nhiều domain hoặc subdomain:
certbot --apache -d example.com -d www.example.com
QUAN TRỌNG! Tên miền đầu tiên sẽ là tên miền nền của bạn, trong trường hợp này là example.com
Thông báo khi thành công:
[root@ip-172-31-93-116 conf.d]# certbot --apache -d yentth.cf
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Requesting a certificate for yentth.cf
Performing the following challenges:
http-01 challenge for yentth.cf
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/httpd/conf.d/yentth-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/conf.d/yentth-le-ssl.conf
Redirecting vhost in /etc/httpd/conf.d/yentth.conf to ssl vhost in /etc/httpd/conf.d/yentth-le-ssl.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://yentth.cf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Subscribe to the EFF mailing list (email: [email protected]).
We were unable to subscribe you the EFF mailing list because your e-mail address appears to be invalid. You can try again later by visiting https://act.eff.org.
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/yentth.cf/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/yentth.cf/privkey.pem
Your certificate will expire on 2022-05-12. To obtain a new or
tweaked version of this certificate in the future, simply run
certbot again with the "certonly" option. To non-interactively
renew *all* of your certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
[root@ip-172-31-93-116 conf.d]# Connection to ec2-54-159-88-13.compute-1.amazonaws.com closed by remote host.
Connection to ec2-54-159-88-13.compute-1.amazonaws.com closed.
Lưu ý:
- Domain phải đang hoạt động đc (phải có 1 ec2 instance cài đặt apache đc gắn A/AAA vào domain)
- TH gặp lỗi:
Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.
thì sửa như sau:
cd /etc/httpd/conf.d
sudo nano yourDomainName.conf
Paste, edit, and save the following:
<VirtualHost *:80>
ServerName yourDomainName.com
DocumentRoot /var/www/html
ServerAlias www.yourDomainName.com
ErrorLog /var/www/error.log
CustomLog /var/www/requests.log combined
</VirtualHost>
sudo service httpd restart
And with this you should see the virtual host:
httpd -D DUMP_VHOSTS
To install certbot (another way)
cd ~/downloads
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
sudo certbot-auto --apache --debug
Cách dùng với nginx: (phải điền webserver trong file configure + nginx tắt)
Để tự renew theo lịch:
Bạn thấy bài viết này như thế nào?
