Quam adhibere pro Encrypt? Sit scriptor Encrypt SSL Free certificatorium Principium & Installation Roma

Quam adhibere pro Encrypt?

Lets Encrypt SSL certificatorium Principium & Installation Tutorial

Quid SSL?Chen WeiliangIn superiori articulo "Quid interest inter nos https? ENARRATIO SSL encryption processus» Memoratur in.

PraeterE-commercePagina debet mercari SSL libellum encrypted provectum ac uti website ut WeChatPublica propter promotionemDenew mediaPopulus, si libellum SSL instituere vis, actu libellum encryptatum SSL gratis instituere potes.SEOUtile, potest emendare ordinem keywords inter tormenta quaerendi.

Ipsa Encrypt scriptum processuum constituit (https://certbot.eff.org/), ususLinuxamici, hoc doceo sequi potes dum ad processum referendo.

Instrumentum certbot-auto primum deprime, deinde clientelas instrumenti institutionis currunt.

wget https://dl.eff.org/certbot-auto --no-check-certificate
chmod +x ./certbot-auto
./certbot-auto -n

Generate SSL libellum

Deinde, cumChen WeiliangNomen dominii diarii exemplum sume, quaeso, illud secundum necessitates tuas mutare.

Vide ut mitigare imperium in:

1. mailbox Vinco
2. server iter
3. website domain name

Unius dominii singularis directorium, libellum generare:

./certbot-auto certonly --email [email protected] --agree-tos --no-eff-email --webroot -w /home/admin/web/chenweiliang.com/public_html -d www.chenweiliang.com

Multi-dominium singulare directorium, libellum generant: (id est, multa nomina domain nomina, uno directorio, eodem certificatorio utere)

./certbot-auto certonly --email [email protected] --agree-tos --no-eff-email --webroot -w /home/admin/web/chenweiliang.com/public_html -d www.chenweiliang.com -d img.chenweiliang.com

Generatum SSL libellum salvus erit in:/etc/letsencrypt/live/www.chenweiliang.com/ Sub contentis.

Multiplex nomina domain et multiplex directoria libellum generant: (id est multa nomina domain, multa directoria, eodem certificatorio utuntur)

./certbot-auto certonly --email [email protected] --agree-tos --no-eff-email --webroot -w /home/admin/web/chenweiliang.com/public_html -d www.chenweiliang.com -d img.chenweiliang.com -w /home/eloha/public_html/site/etufo.org -d www.etufo.org -d img.etufo.org

Post libellum Encrypt feliciter inauguratum est, nuntius sequentis promptus in SSH apparebit:

Important notes:
- Gratulationes! Tua certificatorium et chain servatae sunt at;
/etc/letsencrypt/live/www.chenweiliang.com/fullchain.pem
Clavis lima tua servata est:
/etc/letsencrypt/live/www.chenweiliang.com/privkey.pem
Tua cert exspirare in 2018-02-26. Ad novam vel tweaked
versionem huius certificamenti in futurum, solum certbot-auto . currunt
iterum. Ad non-interactively renovare omnes * tuorum libellorum currunt
"certbot-auto renovare"
- Si Certbot similis, placere considerans opus ab faveo;
ISRG donando / Encrypt: https://letsencrypt.org/donate
In donando EFF: https://eff.org/donate-le

SSL Quisque renovationis

Testimonia renovatio etiam valde commoda est, utenscrontabAuto- renovare.Quidam Debian non habet crontab installed, potes illud manually primum instituere.

apt-get install cron

Mandata sequentia sunt in nginx et apache respective / Etc / crontab Mandatum in tabella inscriptum significat renovatum esse singulis diebus 10 et validitatis tempus 90 dierum sufficit.

Nginx fasciculus crontab, adde:

0 3 */10 * * /root/certbot-auto renew --renew-hook "/etc/init.d/nginx reload"

Apache crontab fasciculus, adde:

0 3 */10 * * /root/certbot-auto renew --renew-hook "service httpd restart"

SSL libellum Apache configuratione

Nunc opus est ut configurationis Apache mutationes.

tips:

• si uterisCWP Imperium Panel, in Add nomen domain reprehendo Automatarie testimonium SSL generabit, sponte SSL libellum de Apache configurabit.
• Si plures gradus sequentium agis, error forte post reprimendo Apache occurrere potest.
• Si erratum est, configurationem dele tu manually addita.

Emendo httpd.conf lima ▼

/usr/local/apache/conf/httpd.conf

Find ▼

Listen 443

• (Praecedens numerus remove #)

vel portum audiendi adde 443 ▼

Listen 443

SSH reprehendo Apache audire portum ▼

grep ^Listen /usr/local/apache/conf/httpd.conf

Find ▼

mod_ssl

• (Praecedens numerus remove #)

aut addere ▼ *

LoadModule ssl_module modules/mod_ssl.so

Find ▼

httpd-ssl

• (Praecedens numerus remove #)

Deinde, SSH mandatum sequens (nota mutandi viam tuam);

at >/usr/local/apache/conf/extra/httpd-ssl.conf<<EOF
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProxyCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLHonorCipherOrder on
SSLProtocol all -SSLv2 -SSLv3
SSLProxyProtocol all -SSLv2 -SSLv3
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/usr/local/apache/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
SSLMutex "file:/usr/local/apache/logs/ssl_mutex"
EOF

Deinde in fine Apache configurationis pro pagina quae creavitsubtus.

Adde fasciculum configurationis sectionis SSL (nota commentarium removere et viam tuam mutare);

<VirtualHost *:443>
DocumentRoot /home/admin/web/chenweiliang.com/public_html //网站目录
ServerName www.chenweiliang.com:443 //域名
ServerAdmin [email protected] //邮箱
ErrorLog "/var/log/www.chenweiliang.com-error_log" //错误日志
CustomLog "/var/log/www.chenweiliang.com-access_log" common //访问日志
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/www.chenweiliang.com/fullchain.pem //之前生成的证书
SSLCertificateKeyFile /etc/letsencrypt/live/www.chenweiliang.com/privkey.pem //之前生成的密钥
<Directory "/home/admin/web/chenweiliang.com/public_html"> //网站目录
SetOutputFilter DEFLATE
Options FollowSymLinks
AllowOverride All
suPHP_UserGroup eloha eloha //用户组（有些服务器配置需要，有些可能不需要，出错请删除此行）
Order allow,deny
Allow from all
DirectoryIndex index.html index.phps
</Directory>
</VirtualHost>

Denique sileo Apache super illud;

service httpd restart

Apache vim HTTP redirect ad HTTPS

• Multae petitiones interretiales semper tantum cum SSL currunt.
• Nobis opus est efficere ut omni tempore quo SSL utimur, in pagina SSL accessura sit oportet.
• Si quis usor Paginam cum URL non-SSL accedere temptaverit, ipse ad SSL website redirectedendus est.
• Refero ad SSL URL utendo moduli Apache mod_rewrite.
• Ut usura LUMEN unum cliccum involucrum institutionis, aedificatum in automati institutione certificamenti SSL et ad HTTPS redire coactus, redirectio ad HTTPSIn virtute, HTTPS redirectio addere non debes.

Redirectio addere regulae

• In file configurationis Apache, edite website virtualem exercitum et adde sequentia loca.
• Eadem uncinis addere potes radicem documenti in pagina tua in pagina .htaccess.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Si tantum vis ut URL certum definire ad HTTPS redirigere:

RewriteEngine On
RewriteRule ^message$ https://www.etufo.org/message [R=301,L]

• Quod si aliquis conatur accedere Nuntius , pagina ad https saliet et usor Domicilium cum SSL accedere non potest.

Sileo Apache ad .htaccess lima ut effectum sortiatur;

service httpd restart

cautiones

• Quaeso mutare superius inscriptio electronica inscriptionem electronicam tuam.
• Memento quaeso mutare nomen dominii supra website ad nomen tuum website domain nomen.

Redirect regulae locus quaestio

Sub regulas pseudo-staticas, cum regulas salire constituendo redirectionis soles occurrere http non possunt redire ad https Consultatio.

Initio codicem redirectum in .htaccess transscripsimus et in sequentibus casibus patebit ▼

• [L] indicat regulam hodiernam esse ultimam regulam, desine examinare regulas sequentes auctas.
• Cum ergo pagina paginae paginae redirectae accessio, [L] sistit regulam sequentem, ergo regula directio non operatur.

Cum visitare paginam http, domicilium redirectiones trigger velimus, regulam pseudo-staticam omittimus ut regulam saltum directio exequatur, ut obtineri possit.Site-wide http redirigere ad https .

Noli https redirigere praecepta posuit in [E] Infra praecepta, put [E] supra praecepta ▼

Lectio extensa;

• Quid interest inter nos https? ENARRATIO SSL encryption processus
• Quid facerem, si errorem 500 invenio, insertis Litteris Encrypt SSL libellum in CWP potestate panel?
• Automatarie salire ad secundum gradus domain nomen sine nomine dominii www top-level: radix domain nomen 301 redirects www.