http转为https
折腾了一下午,终于把blog挂上了小绿锁,折腾死了
本博客环境为apache2搭建的,网上大多为apache,所以资料查起来还是挺麻烦的,下面附上小绿锁过程
1.开启ssl1
sudo a2enmod ssl
2.将sites-available/default-ssl.conf 链接到sites-enabled/中1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16cd /etc/apache2/sites-enabled/
ln -s ../sites-available/default-ssl.conf default-ssl.conf
vim default-ssl.conf //配置网站信息
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
ServerName blog.svz777.top
DocumentRoot /var/www/svzblog
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/对应域名/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/对应域名/privkey.pem
</VirtualHost>
</IfModule>
3.制作证书,这里有两种,一种是自己自签证书,不过会被标记为不安全,第二种就是采用CA机构认证的,这里我使用了Let’s Encrypt(certbot)1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
281.下载Certbot提供的证书工具
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
./certbot-auto -n //安装支持包
./certbot-auto --apache //安装apache插件
2.然后提示输入邮箱
3.同意许可啥啥啥的我也看不懂-.-
4.然后选择对应的站点
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/blog.svz777.top/fullchain.pem. Your cert will
expire on 2017-05-05. To obtain a new or tweaked version of this
certificate in the future, simply run certbot-auto again. To
non-interactively renew *all* of your certificates, run
"certbot-auto renew"
- If you lose your account credentials, you can recover through
e-mails sent to 903943711@qq.com.
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
显示这个即为成功
4.重启apache2