SSL证书安装和配置 - 使用 Let's Encrypt 保护 Apache | Ubuntu | VPS | 域名

安装APACHE

sudo apt update && sudo apt upgrade
sudo apt install apache2
sudo ufw app list
sudo ufw allow in "Apache Full"
sudo ufw status
curl -4 <http://icanhazip.com>
#到http://IP

设置APACHE虚拟主机(VirtualHost)

#绑定域名

#/var/www/html,建立自己文件夹
sudo mkdir -p /var/www/**roomlinker.com**/public_html
# 权限设置
sudo chown -R $USER:$USER /var/www/**roomlinker.com**/public_html
sudo chmod -R 755 /var/www

#创建一个默认页面：
nano /var/www/roomlinker.com/public_html/index.html

#添加内容：
<html>
  <head>
    <title>Welcome to this website!</title>
  </head>
  <body>
    <h1>Success! The <strong>**roomlinker.com**</strong> virtual host is working!</h1>
  </body>
</html>

#复制默认配置文件000-default.conf，重命名
sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/**roomlinker.com.conf**

sudo nano /etc/apache2/sites-available/roomlinker.com.conf
#配置文件样本：
<VirtualHost *:80>
  ...
    ServerAdmin [email protected]
    ServerName **roomlinker.com**
    ServerAlias **www.roomlinker.com**
    DocumentRoot **/var/www/roomlinker.com/public_html**
    ...
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
    ...
</VirtualHost>

#启用新的虚拟主机文件
sudo a2ensite roomlinker.com.conf
#禁用默认站点
sudo a2dissite 000-default.conf
#测试配置
sudo apache2ctl configtest
#重启
sudo systemctl restart apache2

安装Let’s Encrypt安全证书

#安装Certbot软件
sudo apt update
sudo apt install certbot python3-certbot-apache
sudo certbot --apache

#检查自动更新服务
sudo systemctl status certbot.timer

重新配置APACHE虚拟主机

sudo nano /etc/apache2/sites-available/roomlinker.com.conf
#配置文件样本
<VirtualHost *:443>
ServerAdmin [[email protected]](<mailto:[email protected]>)
ServerName [roomlinker.com](<http://roomlinker.com/>)
ServerAlias [www.roomlinker.com](<http://www.roomlinker.com/>)
DocumentRoot /var/www/roomlinker.com

# SSL configuration
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/roomlinker.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/roomlinker.com/privkey.pem
#SSLCACertificateFile /etc/ssl/certs/ca-certificates.crt  #If not using a self-signed certificate, omit this line
#两种写法 ls /etc/letsencrypt/live/roomlinker.com
# Log files
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

#   Version 1

    SSLCertificateFile      /etc/letsencrypt/live/roomlinker.com/cert.pem
    SSLCertificateKeyFile   /etc/letsencrypt/live/roomlinker.com/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/roomlinker.com/chain.pem

#   Version 2

		SSLCertificateFile /etc/letsencrypt/live/roomlinker.com/fullchain.pem
	  SSLCertificateKeyFile /etc/letsencrypt/live/roomlinker.com/privkey.pem

重定向（重新配置http/80端口）

sudo nano /etc/apache2/sites-available/roomlinker.com.conf
#配置文件样本：
<VirtualHost *:80>
  ...
    ServerAdmin [email protected]
    ServerName roomlinker.com
    ServerAlias www.roomlinker.com
    DocumentRoot /var/www/roomlinker.com/public_html
    ...
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
    ...
		**RewriteEngine on
		RewriteCond %{SERVER_NAME} =[roomlinker.com](<http://roomlinker.com/>) [OR]
		RewriteCond %{SERVER_NAME} =[www.roomlinker.com](<http://www.roomlinker.com/>)
		RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]**
</VirtualHost>