dehydrated 之前叫做 letsencrypt.sh 因為名稱違反 Let's Encrypt 的商標而改名
設定跟之前大同小異
以下範例 Document Root 在 /var/www/html, dehydrated 放在 /usr/local
cd /usr/local
git clone https://github.com/lukas2511/dehydrated
cd dehydrated
echo "yourdomain.com www.yourdomain.com" > domains.txt
mkdir -p /var/www/html/.well-known/acme-challenge # 另一個方法是設 alias (官網教的方法)
echo BASEDIR=/usr/local/dehydrated > config
echo WELLKNOWN=/var/www/html/.well-known/acme-challenge >> config
./dehydrated --register --accept-terms
./dehydrated -c
Let's Eencrypt 憑證有效期只有三個月, 到期前要再來執行 dehydrated -c
可排程每月執行, 剩餘時間要少於 30 天才會 renew, 不然只會提示 Longer than 30 days. Skipping
若機器有防火牆, 需開放以下 IP (for ACME challenge)
outbound1.letsencrypt.org 66.133.109.36
outbound2.letsencrypt.org 64.78.149.164
Apache 設定
Unmark Include conf/extra/httpd-ssl.conf in httpd.conf
conf/extra/httpd-ssl.conf 內容
SSLCertificateFile /usr/local/dehydrated/certs/yourdomain.com/cert.pem
SSLCertificateKeyFile /usr/local/dehydrated/certs/yourdomain.com/privkey.pem
SSLCertificateChainFile /usr/local/dehydrated/certs/yourdomain.com/chain.pem
SSLCACertificateFile /usr/local/dehydrated/certs/yourdomain.com/fullchain.pem
