如何在Amazon Linux AMI中安装Lets加密SSL。我想为我的域实现Lets加密SSL。
答案 0 :(得分:1)
在这里,我将解释如何在Linux AMI中配置加密机制。我在Linux AMI中成功完成了此操作。按照以下步骤完成操作。
1. SSH into your server.
2. Download certbot (the Let’s Encrypt client need to install for renew and install ssl): **wget https://dl.eff.org/certbot-auto** then **chmod a+x certbot-auto**
3. Run certbot to fetch your certificates.follow the below code
sudo ./certbot-auto --debug -v --server https://acme-v01.api.letsencrypt.org/directory certonly -d YOUR_DOMAIN [Replace your Domain in YOUR_DOMAIN placeholde]
4. while generating it will ask you the recover or support email please add your email.
5. certbot will place your certs in the following paths…
Certificate: /etc/letsencrypt/live/YOUR_DOMAIN/cert.pem
Full Chain: /etc/letsencrypt/live/YOUR_DOMAIN/fullchain.pem
Private Key: /etc/letsencrypt/live/YOUR_DOMAIN/privkey.pem
6. Go to your apache config where you created a virtual host it can be either in httpd.conf or conf.d.
7. Add the virtual host for 443 port
<VirtualHost *:443>
ServerAdmin ADMIN_EMAIL
ServerName YOUR_DOMAIN
ServerAlias www.YOUR_DOMAIN
DocumentRoot "YOUR FOLDER PATH"
AllowEncodedSlashes On
ErrorLog "/var/log/httpd/YOUR_DOMAIN_error.log"
CustomLog "/var/log/httpd/YOUR_DOMAIN-sslaccess.log" common
<Directory YOUR FOLDER PATH>
DirectoryIndex index.php
Options -Indexes
AllowOverride All
</Directory>
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/YOUR_DOMAIN/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/YOUR_DOMAIN/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/YOUR_DOMAIN/fullchain.pem
</VirtualHost>
答案 1 :(得分:0)
在线上有很多解决方案;我认为您必须继续尝试,直到找到适合自己的方法为止。经过许多实验,对我有用的是遵循针对Apache和CentOS 6的certbot指令。官方链接为here,但出于一致性考虑:
在终端中运行以下命令:
wget https://dl.eff.org/certbot-auto
sudo mv certbot-auto /usr/local/bin/certbot-auto
sudo chown root /usr/local/bin/certbot-auto
sudo chmod 0755 /usr/local/bin/certbot-auto
sudo /usr/local/bin/certbot-auto --apache
如果出现错误消息,请阅读警告并运行(如果您感到舒服):
sudo /usr/local/bin/certbot-auto --apache --debug
在这里,可能会要求您完成一些相当直观的问题来配置安装。如果没有,对我有用的东西对您不会有用。 :(
测试以查看续订证书是否有效:
sudo /usr/local/bin/certbot-auto renew --dry-run
如果是这样,请导航至系统的crontab(通常位于/etc/crontab/
附近),并添加以下代码以进行检查(并在必要时运行)并在每天的午夜和中午自动更新:
0 0,12 * * * python -c 'import random; import time; time.sleep(random.random() * 3600)' && /usr/local/bin/certbot-auto renew
答案 2 :(得分:0)
如果您运行的是 CentOS 7 或 8,则需要安装 Certbot,因为 Certbot-auto 已被弃用,并且不能在 CentOS 6 之后运行。
您可以使用以下命令检查您正在运行的 CentOS。
rpm -E %{rhel}
并使用来自 amazon 的 tutorial 在 Amazon Linux 中安装 Certbot
sudo yum update
sudo yum install -y certbot python2-certbot-apache