Previous Job.

1.Setup an Account on DNSPOD.

2.Active API Token.

3.Add a A Record.

4.Setup DNSPOD on Router.

1. How to install

Install online

curl https://get.acme.sh

2. Issue a cert

Automatic DNS API integration

If your DNS provider supports API access, we can use that API to automatically issue the certs.

You don't have to do anything manually!

export DP_Id="1234"
export DP_Key="sADDsdasdgdsf"
acme.sh   --issue   --dns dns_dp   -d www.example.com  -d example.com

3. Install the cert to Apache etc.

acme.sh --install-cert -d example.com \
--cert-file      /etc/ssl/example.com.crt  \
--key-file       /etc/ssl/example.com.key  \
--fullchain-file /etc/ssl/example.com.fullchain \
--reloadcmd     "service apache2 force-reload"

注意, 默认生成的证书都放在安装目录下: ~/.acme.sh/, 请不要直接使用此目录下的文件, 例如: 不要直接让 nginx/apache 的配置文件使用这下面的文件. 这里面的文件都是内部使用, 而且目录结构可能会变化.

reference
https://github.com/Neilpang/acme.sh
https://github.com/Neilpang/acme.sh/wiki/说明

4. Configure SSL Settings for Apache

vi /etc/httpd/conf.d/ssl.conf

Inside, we should first find the SSLProtocol and SSLCipherSuite lines and either delete them or comment them out.

# SSLProtocol all -SSLv2
# SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA

change the following lines

根据上面提示,不能直接使用.acme.sh里的证书。下次更新额时候注意一下
SSLCertificateFile /root/.acme.sh/www.arthurtsang.net/www.arthurtsang.net.cer
SSLCertificateKeyFile /root/.acme.sh/www.arthurtsang.net/www.arthurtsang.net.key 
SSLCertificateChainFile /root/.acme.sh/www.arthurtsang.net/fullchain.cer
SSLCACertificateFile /root/.acme.sh/www.arthurtsang.net/ca.cer

find ServerName and change to your domain

Find the SSLCertificateFileand SSLCertificateKeyFile lines and change them to the directory we made at /etc/ssl

SSLCertificateFile /etc/ssl/example.com.crt
SSLCertificateKeyFile /etc/ssl/example.com.key

reference
https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-centos-7
https://www.digitalocean.com/community/tutorials/how-to-create-an-ssl-certificate-on-apache-for-centos-7

check ssl.conf at /etc/httpd/conf.d/

SSLCertificateFile /root/.acme.sh/www.arthurtsang.net/www.arthurtsang.net.cer
SSLCertificateKeyFile /root/.acme.sh/www.arthurtsang.net/www.arthurtsang.net.key 
SSLCertificateChainFile /root/.acme.sh/www.arthurtsang.net/fullchain.cer
SSLCACertificateFile /root/.acme.sh/www.arthurtsang.net/ca.cer

results matching ""

    No results matching ""