´£¨Ñ«È»s¤Æ¨t²ÎÂd¡B¨t²Î®a¨ã
±M·~®v³Å¥i¨ì©²¬°±z¤V¶q¡A²{³õ¥ç¦³ºë¬ü¨t²Î®a¨ã¥ô±z¬D¿ï
«H¸q©î°£´£¨Ñ±M·~¨³³t½T¹êªº³q¤ôºÞ¡B³q°¨±í§Þ³N
¥ß¨è¬°±z¸Ñ¨M©Ò¦³ªý¶ë°ÝÃD¡A°¨±í²¨³q¤@¦¸·d©w

­º­¶  ¡E  j2h ½×¾Â ¡E ·s¤â°Q½×     ¡E 

ssl

©ÐªF¡Gtest
µoªí®É¶¡¡G2019-12-19


https://blog.toright.com/posts/4837/%E4%BD%9B%E5%BF%83%E4%BE%86%E4%BA%86%EF%BC%8C%E5%BF%AB%E7%94%A8-lets-encrypt-%E5%85%8D%E8%B2%BB-ssl-%E6%86%91%E8%AD%89%E5%B9%AB%E7%B6%B2%E7%AB%99%E5%8A%A0%E5%AF%86%E5%90%A7%EF%BC%81.html



  • ÃÙ§Uºô¯¸       

    ¯²«Îºô
    ´£¨Ñ¯²«Î¸ê°T¡B¯²«Î¼s§i¥Zµn¡B©Ð«Î°U¯²¡B©Ð«È´M«Î¡B¯²«Î°t¹ï¡B¹q¤l¦a¹Ï¡B©Ð«Î¸ê®Æ¤W¶Ç
    ·h®a¤½¥q
    ¥»¤½¥q¬°¬F©²¥ß®×±M·~·h®a¤½¥q¡A§Ú­ÌªÃ«ù«È¤á¦Ü¤W¡A¥¿¬£¸gÀç²z©À¡A¦b¤j¥x¥_¿¤¥«¤@ª½¦³¤f¸O
    ©ú¤é¶Àª÷«Î
    ¶R«Î¡B½æ«Î¡B¯²«Î¡B¥X¯²¡B©ÐªF¯²«Î¥Zµn¡B¨Ã´£¨Ñ¯²«Î¡B³Ì±M·~ªºªA°È¡B³Ì¦w¥þ¿Ë¤Áªº¥æ©ö¡C

  • 1 ¼Ó¦í¤á¡G333
    µoªí®É¶¡¡G2019-12-22

    https://devil3688.pixnet.net/blog/post/43370377-%E5%85%8D%E8%B2%BB-ssl-%E6%86%91%E8%AD%89%EF%BC%8Clet%26rsquo%3Bs-encrypt-%E5%AE%89%E8%A3%9D%E8%A8%AD%E5%AE%9A

    2 ¼Ó¦í¤á¡G333
    µoªí®É¶¡¡G2019-12-24

    centos ¥æ¾Ç
    https://www.digit-seed.com/centos7-certbot-lets_encrypt_ssl/

    3 ¼Ó¦í¤á¡G333
    µoªí®É¶¡¡G2019-12-24

    https://www.niceinfos.com/linux/ssl-lets-encrypt-%E7%94%B3%E8%AB%8B%E8%88%87%E8%87%AA%E5%8B%95%E6%9B%B4%E6%96%B0/

    4 ¼Ó¦í¤á¡G333
    µoªí®É¶¡¡G2019-12-24

    ²³æ¥æ¾Ç


    https://wayne265265.pixnet.net/blog/post/215065329-%E3%80%90%E6%95%99%E5%AD%B8%E3%80%91%E6%95%99%E4%BD%A0%E4%BD%BF%E7%94%A8ssl%E6%86%91%E8%AD%89%E5%8A%A0%E5%AF%86%E7%B6%B2%E7%AB%99%2C-%E5%BE%9Ehttp%E5%88%B0htt



    https://www.brilliantcode.net/941/how-to-renew-ssl-certificates-automatically-by-certbot/


    https://zoneless.blog/2018/03/04/install-letsencrypt-on-centos/

    5 ¼Ó¦í¤á¡G3444
    µoªí®É¶¡¡G2019-12-24

    CentOS5/6 ¤É级 Python2.4/2.6 ¨ì 2.7 ª©¥»±Ðµ{
    https://www.vpsss.net/1388.html

    https://zhuanlan.zhihu.com/p/26309980

    yum -y install gcc

    ½T»{php ª©¥»
    rpm -qa |grep php
    rpm -qa |grep Python

    yum install certbot



    §R°£¤£­nªº¾ÌÃÒ
    ¦pªG§A¹³§Ú¤@¼Ë¡A¤§«e¤w¸g¥Ó½Ð¤F¦n´X­Ó¤lºô°ìªº¾ÌÃÒ¡A²{¦b³o¨Ç³£¤£»Ý­n¤F¡A¥i¥H±N¥¦­Ì§R°£¡C¥ý¨Ó¬Ý¬Ý¤§«e¥Ó½Ð¤F­þ¨Ç¾ÌÃÒ¡G
    ls /etc/letsencrypt/live
    ¦C¥Xªº¥Ø¿ý¦WºÙ§Y¬Oµ¥¤U­n¥Î¨ìªº --cert-name °Ñ¼Æªº­È¡G
    certbot delete --cert-name ¤lºô°ì.ºô°ì.com
    °õ¦æ«á´N·|§R°£¸Ó¤lºô°ìªº©Ò¦³¸ê®Æ¡F§R°£«ü¥O°õ¦æªº¹ê»Ú°Ê§@¡A¨ä¹ê¥u¬O¥h§R°£ 3 ­Ó¥Ø¿ý¤Uªººô°ì¥Ø¿ý¡A©Ò¥H§A¤]¥i¥H¤â°Ê§R°£¡G
    rm -rf /etc/letsencrypt/archive/ºô°ì¦WºÙ/
    rm -rf /etc/letsencrypt/live/ºô°ì¦WºÙ/
    rm -rf /etc/letsencrypt/renewal/ºô°ì¦WºÙ.conf


    6 ¼Ó¦í¤á¡Grrr
    µoªí®É¶¡¡G2019-12-24

    # lsb_release -a
    # yum install package


    vi /etc/yum.repos.d/CentOS-Base.repo
    http://n.sfs.tw/mymedia/index/10327



    yum clean all

    yum makecache

    yum install package

    §Y¥i¸Ñú¨问题¡C



    1.²×ºÝ¾÷¤å¦r¤¶­±¤U¥´su (±Ò°Êsuper user¶W¯Å¨Ï¥ÎªÌ¼Ò¦¡) ¦A¿é¤Jroot ±K½X
    2.²×ºÝ¾÷¤å¦r¤¶­±¿é¤J nano /etc/pam.d/gdm (¥Înano½s¿è¾¹½s¿ègdmÀÉ)
    3.§ä¨ì³o¦æauth required pam_succeed_if.so user != root quiet
    4.«e­±¥[¤W#¦r©l¸Ó¦æµL®Ä¡G#auth required pam_succeed_if.so user != root quiet
    5.«ö CTRL+X ¶}±ÒÀx¦s¥\¯à ¦A«ö Y ½T©w ¦A«ö ENTERÁä ¦^²×ºÝ¾÷


    1.­×§ï²Ä¤G­ÓÀÉ®×
    2.²×ºÝ¾÷¤å¦r¤¶­±¿é¤J nano /etc/pam.d/gdm-password (¥Înano½s¿è¾¹½s¿ègdmÀÉ)
    3.§ä¨ì³o¦æauth required pam_succed_if .so user !root quiet
    4.«e­±¥[¤W#¦r©l¸Ó¦æµL®Ä¡G#auth required pam_succed_if .so user !root quiet
    5.«ö CTRL+X ¶}±ÒÀx¦s¥\¯à ¦A«ö Y ½T©w ¦A«ö ENTERÁä ¦^²×ºÝ¾÷
    ½Æ»s¡B°Å¤U©M¶K¤W
    ¡@¡@½Æ»s¤@¾ã¦æ¡GAlt+6
    ¡@¡@°Å¤U¤@¾ã¦æ¡GCtrl+K
    ¡@¡@¶K¤W¡GCtrl+U

    7 ¼Ó¦í¤á¡Guuu
    µoªí®É¶¡¡G2019-12-25

    sudo yum install epel
    sudo yum install certbot

    8 ¼Ó¦í¤á¡G2342
    µoªí®É¶¡¡G2019-12-26

    centos 5.11
    https://my.oschina.net/u/209161/blog/3003996


    centos7
    https://www.rusnake.com/2017/04/28/centos-7-nginx-%E5%AE%89%E8%A3%9D-letsencrypt-%E6%86%91%E8%AD%89/






    https://bojack.pixnet.net/blog/post/45198111-%E3%80%90freebsd%E3%80%91%E7%94%A8-let%27s-encrypt-%E7%82%BA-apache-%E7%B6%B2%E7%AB%99%E5%95%9F%E7%94%A8%E5%8A%A0%E5%AF%86

    https://qizhanming.com/blog/2019/04/23/how-to-install-let-s-encrypt-wildcards-certificate-on-centos-7

    ³z¹L certbot.eff.org §Ö³t¦w¸Ë
    https://caloskao.org/ubuntu-use-certbot-to-automatically-update-lets-encrypt-certificate-authority/




    phpª©¥»Àq»{¬°5.1.6
    CentOS 6X¹w³]ªºPHPª©¥»PHP5.3



    ¦w¸Ë let's encrypt»Ý­n¤°»ò±ø¥ó
    https://www.morrisctech.com/2018/08/22/let_encrypt_https/

    9 ¼Ó¦í¤á¡Gre2423
    µoªí®É¶¡¡G2019-12-28


    https://www.minwt.com/website/server/20753.html



    https://seed0111.blogspot.com/2017/04/apache-sslssl.html
    https://seed0111.blogspot.com/2017/04/apache-sslssl.html

    10 ¼Ó¦í¤á¡Ge4rtet
    µoªí®É¶¡¡G2019-12-28

     netstat -lnp

    ¦w¸Ë Apache mod_ssl
     yum install mod_ssl
     systemctl restart httpd


    http://tprc.tanet.edu.tw/tpnet2018/2018meeting1_4.pdf
    ³]©w
    /etc/httpd/conf.d/ssl.conf
    SSLCertificateFile /etc/pki/tls/certs/localhost.crt







    APACHE SSL + SNI ¤@­ÓIP¡A¦h­ÓSSLÃÒ®Ñ
    https://34e.cc/731










    https://blog.4ze.tw/apache-ssl-installation-centos-6/

    Apache ºô¯¸³]©w SSL ³s½u
    http://www.osslab.tw/User:Alang/IT_%E5%B0%88%E6%A1%88%E5%B7%A5%E4%BD%9C/%E5%BB%BA%E7%AB%8B%E6%86%91%E8%AD%89%E6%8E%88%E6%AC%8A%E4%BC%BA%E6%9C%8D%E5%99%A8(CA)-%E8%87%AA%E6%88%91%E7%B0%BD%E7%BD%B2%E6%86%91%E8%AD%89(self-signed)/Apache_%E7%B6%B2%E7%AB%99%E8%A8%AD%E5%AE%9A_SSL_%E9%80%A3%E7%B7%9A



    /.well-known/acme-challenge/
    Vim /etc/httpd/conf/httpd.conf
    ¬õ¦â¬°·s¼W¸mApache Serverªº³]©w¡A§¹¦¨«á½Ð­«±ÒªA°È¡C
    NameVirtualHost *:443


    DocumentRoot /var/www/html/XXX/
    ServerName hrm.tibtrade.net
    ErrorLog logs/dummy-XXX.net-error_log
    CustomLog logs/dummy-XXX.net-access_log common
    RewriteEngine on
    RewriteCond %{SERVER_PORT} !^443$
    RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]



    DocumentRoot "/var/www/html/XXX"
    ServerName hrm.tibtrade.net
    SSLEngine on
    SSLCertificateFile /etc/httpd/ssl/xxx.crt
    SSLCertificateKeyFile /etc/httpd/ssl/xxx.key
    SSLCACertificateFile /etc/httpd/ssl/ca-xxx.crt





    1. ¦w¸ËOpenSSL®M¥ó
    yum install openssl
    2. ¦w¸ËSSL¼Ò²Õ¨ìApache
    yum install mod_ssl
    ²£¥ÍPrivate Key
    openssl genrsa -des3 -out wwwserver.key 2048 // ±KÆ_±j´ç
    ²£¥ÍCSR
    openssl req -new -key wwwserver.key -out wwwserver.csr //CSRÀɮצWºÙ

    ®³CSR¥Ó½Ð¾ÌÃÒ

    ¦w¸Ë¾ÌÃÒ
    1. ±N¤U¸ü«áªº¾ÌÃÒÀx¦s¨ì /etc/pki/tls/certs ¥Ø¿ý¡BPrivate KeyÀx¦s¨ì /etc/pki/tls/private ¥Ø¿ý
    2. ½s¿è /etc/httpd/conf.d/ssl.conf ¿é¤J¤U¦C¸ê°T«áÀx¦s

    SSLEngine on
    SSLCertificateFile /etc/pki/tls/certs/wwwserver.crt //¾ÌÃÒ¸ô®|
    SSLCertificateKeyFile /etc/pki/tls/private/wwwserver.key

    ­«±Òapache
    service httpd restart







    ¡@¦@ 10 ¤H¦^À³¡@¡@¿ï¾Ü­¶¼Æ ¡i²Ä1 ­¶¡j 

    ©m¦W¡G
    §G§i¤º®e¡G
    ¨ä¥L¿ï¶µ: