首先安装apache ssl模块
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto -d www.youdomain.com
报错:
Error: Protected multilib versions: openssl-1.0.1e-48.el6_8.4.x86_64 != openssl-1.0.1e-42.el6_7.4.i686
yum remove openssl-1.0.1e-42.el6_7.4.i686 -y
再次:
./letsencrypt-auto -d www.youdomain.com
报错:
Type: connection
Detail: Failed to connect to 221.236.173.67:443 for TLS-SNI-01
challenge
删除/etc/httpd/conf.d/ssl.conf里面的443的默认主机。
再次:
./letsencrypt-auto -d www.youdomain.com
警告:
IMPORTANT NOTES:
- Unable to install the certificate
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/www.hualike.net/fullchain.pem. Your cert will
expire on 2017-07-05. To obtain a new or tweaked version of this
certificate in the future, simply run letsencrypt-auto again with
the "certonly" option. To non-interactively renew *all* of your
certificates, run "letsencrypt-auto renew"
忽略他,自己增加一个端口为443的虚拟机,并增加类似下面的配置到这个虚拟机:
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/www.youdomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.youdomain.com/privkey.pem
重启apache,访问你的网站:
没ssl证书警告了,如果你的图和js css之类的也走https的话,浏览器地址栏将显示绿色的锁。
证书有效期3个月,3个月后你需要renew。
已经可以用于adhoc安装ipa了,safari不会警告 无法连接到“www.youdomain.com”了。