Windows 版 Let's Encrypt for Apache
  • 4,747 views,
  • 2016-11-10,
  • 上傳者: 洪國恩,
  •  0
c02fa649408ebc83921c8742ee4607b4.jpg
如果想要在 Win 平台上使用 let's encrypt 的話,目前官方尚未提供,但是有第三方 (letsencrypt-win-simple) 協助製作囉!~
 
下載後執行方式其實大同小異,相關資訊可以參考 Let's Encrypt - 免費的 SSL 憑證
主要是必須先把 443 啟用,並且能夠讓外部連線。其他的設定請參考以下步驟
 
步驟
1.
下載並解開
先下載檔案並解開,我建議放在 C:\letsencrypt,語法如下
letsencrypt.exe --manualhost <domain-name> --webroot <document-root>
範例如下
letsencrypt.exe --manualhost "example.com" --webroot "C:\apache\www"
 
2.
執行後會出現下列畫面
Let's Encrypt (Simple Windows ACME Client)
Renewal Period: 60
Certificate Store: WebHosting

ACME Server: https://acme-v01.api.letsencrypt.org/
Config Folder: C:\Users\Administrator\AppData\Roaming\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org
Certificate Folder: C:\Users\Administrator\AppData\Roaming\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org
Loading Signer from C:\Users\Administrator\AppData\Roaming\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org\Signer

Getting AcmeServerDirectory
Loading Registration from C:\Users\Administrator\AppData\Roaming\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org\Registration


Authorizing Identifier exammple.com Using Challenge Type http-01 Writing challenge answer to C:\fms\tymetro\.well-known/acme-challenge/gJ0q7Vvdas23dAoAlTh8wTvxgmEb7f9ZIIsB3anRliXQ
 Answer should now be browsable at http://exammple.com/.well-known/acme-challenge/gJ0q7Vvdas23dAoAlTh8wTvxgmEb7f9ZIIsB3anRliXQ
 Submitting answer
 Authorization Result: valid

Requesting Certificate
 Request Status: Created
 Saving Certificate to C:\Users\Administrator\AppData\Roaming\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org\exammple.com-crt.der
 Saving Issuer Certificate to C:\Users\Administrator\AppData\Roaming\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org\ca-0A01414212341313A3D85736A0B85ECA708-crt.pem
 Saving Certificate to C:\Users\Administrator\AppData\Roaming\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org\exammple.com-all.pfx
 Opened Certificate Store "My" 
 Adding Certificate to Store
 Closing Certificate Store WARNING: Unable to configure server software.
 Opened Certificate Store "My"
 Removing Certificate from Store exammple.com 2016/11/10 1:53:12下午
 Closing Certificate Store

3.
回答問題
中間會問幾個問題,原則上都 yes 即可,但是有一個動作是,自動更新時要用哪個帳號,如果要維持既有的,就回答 no 即可
4.
Apache 設定
參考如下,設定的檔案名稱及存放位置請參考步驟 2 的訊息!
<VirtualHost *:443>
    ServerAdmin admin@example.com
    ServerName www.example.com
    ServerAlias example.com
    
    SSLEngine on
    SSLCertificateFile "C:/Users/administrator/AppData/Roaming/letsencrypt-win-simple/httpsacme-v01.api.letsencrypt.org/example.com-crt.pem"
    SSLCertificateKeyFile "C:/Users/administrator/AppData/Roaming/letsencrypt-win-simple/httpsacme-v01.api.letsencrypt.org/example.com-key.pem"
    SSLCertificateChainFile "C:/Users/administrator/AppData/Roaming/letsencrypt-win-simple/httpsacme-v01.api.letsencrypt.org/ca-0A01414212341313A3D85736A0B85ECA708-crt.pem"
</VirtualHost>
5.
更新憑證
憑證申請好之後每三個月需要更新一次。基本上會自動幫你更新,或是你也可以手動更新
letsencrypt.exe --renew
 
但若是你發現更新後沒用,那就表示你沒有 '重啟 Apache'
這個步驟漏掉就沒辦法更新憑證囉!!
Facebook 討論區載入中...
資料夾 :
發表時間 :
2016-11-10 14:00:54
觀看數 :
4,747
發表人 :
洪國恩
部門 :
老洪的 IT 學習系統
QR Code :