dehydrated

user-pic
Vote 0 Votes

dehydrated 之前叫做 letsencrypt.sh 因為名稱違反 Let's Encrypt 的商標而改名
設定跟之前大同小異

以下範例 Document Root 在 /var/www/html, dehydrated 放在 /usr/local
cd /usr/local
git clone https://github.com/lukas2511/dehydrated
cd dehydrated
echo "yourdomain.com www.yourdomain.com" > domains.txt
mkdir -p /var/www/html/.well-known/acme-challenge # 另一個方法是設 alias (官網教的方法)
echo BASEDIR=/usr/local/dehydrated > config
echo WELLKNOWN=/var/www/html/.well-known/acme-challenge >> config
./dehydrated --register --accept-terms
./dehydrated -c

Let's Eencrypt 憑證有效期只有三個月, 到期前要再來執行 dehydrated -c
可排程每月執行, 剩餘時間要少於 30 天才會 renew, 不然只會提示 Longer than 30 days. Skipping

若機器有防火牆, 需開放以下 IP (for ACME challenge)
outbound1.letsencrypt.org 66.133.109.36
outbound2.letsencrypt.org 64.78.149.164

Apache 設定
Unmark Include conf/extra/httpd-ssl.conf in httpd.conf
conf/extra/httpd-ssl.conf 內容
SSLCertificateFile /usr/local/dehydrated/certs/yourdomain.com/cert.pem
SSLCertificateKeyFile /usr/local/dehydrated/certs/yourdomain.com/privkey.pem
SSLCertificateChainFile /usr/local/dehydrated/certs/yourdomain.com/chain.pem
SSLCACertificateFile /usr/local/dehydrated/certs/yourdomain.com/fullchain.pem

About this Entry

This page contains a single entry by Pank published on February 13, 2017 2:11 PM.

Show battery percentage on Android 7 devices was the previous entry in this blog.

HiNet Dr.Speed Analysis is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Monthly Archives