Security: February 2017 Archives


Vote 0 Votes

dehydrated 之前叫做 因為名稱違反 Let's Encrypt 的商標而改名

以下範例 Document Root 在 /var/www/html, dehydrated 放在 /usr/local
cd /usr/local
git clone
cd dehydrated
echo "" > domains.txt
mkdir -p /var/www/html/.well-known/acme-challenge # 另一個方法是設 alias (官網教的方法)
echo BASEDIR=/usr/local/dehydrated > config
echo WELLKNOWN=/var/www/html/.well-known/acme-challenge >> config
./dehydrated --register --accept-terms
./dehydrated -c

Let's Eencrypt 憑證有效期只有三個月, 到期前要再來執行 dehydrated -c
可排程每月執行, 剩餘時間要少於 30 天才會 renew, 不然只會提示 Longer than 30 days. Skipping

若機器有防火牆, 需開放以下 IP (for ACME challenge)

Apache 設定
Unmark Include conf/extra/httpd-ssl.conf in httpd.conf
conf/extra/httpd-ssl.conf 內容
SSLCertificateFile /usr/local/dehydrated/certs/
SSLCertificateKeyFile /usr/local/dehydrated/certs/
SSLCertificateChainFile /usr/local/dehydrated/certs/
SSLCACertificateFile /usr/local/dehydrated/certs/

Recent Entries

About this Archive

This page is an archive of entries in the Security category from February 2017.

Security: May 2016 is the previous archive.

Security: May 2017 is the next archive.

Find recent content on the main index or look in the archives to find all content.

Monthly Archives