Ubuntu 16.04 SSL Certbot
情境描述
某某協會的SSL憑證過期20天,直接裝新的Let's Encrypt認證模組更新憑證。
解題過程
依照Digitalocean上的步驟裝好certbot
$ sudo certbot --apache -d example.com
依序輸入certbot要的資訊(email等)
最後他會詢問是否所有網址都要求走https
Please choose whether HTTPS access is required or optional.
-------------------------------------------------------------------------------
1: Easy - Allow both HTTP and HTTPS access to these sites
2: Secure - Make all requests redirect to secure HTTPS access
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
選2之後他就會自動設定apach,貌似也順便幫你重啟。
Redirecting vhost in /etc/apache2/sites-available/000-default.conf to ssl vhost
in /etc/apache2/sites-available/default-ssl.conf
成功後會看到以下訊息
Congratulations! You have successfully enabled https://www.csim.org.tw
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=www.csim.org.tw
-------------------------------------------------------------------------------
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/www.csim.org.tw/fullchain.pem. Your cert will
expire on 2017-08-10. To obtain a new or tweaked version of this
certificate in the future, simply run certbot again with the
"certonly" option. To non-interactively renew *all* of your
certificates, run "certbot renew"
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le