c02fa649408ebc83921c8742ee4607b4.jpg
如果想要在 Win 平台上使用 let's encrypt 的話,目前官方尚未提供,但是有第三方 (letsencrypt-win-simple) 協助製作囉!~
 
下載後執行方式其實大同小異,相關資訊可以參考 Let's Encrypt - 免費的 SSL 憑證
主要是必須先把 443 啟用,並且能夠讓外部連線。其他的設定請參考以下步驟
 
  • 下載並解開
    先下載檔案並解開,我建議放在 C:\letsencrypt,語法如下
    letsencrypt.exe --manualhost <domain-name> --webroot <document-root>
    範例如下
    letsencrypt.exe --manualhost "example.com" --webroot "C:\apache\www"
    
     
  • 執行後會出現下列畫面
    Let's Encrypt (Simple Windows ACME Client)
    Renewal Period: 60
    Certificate Store: WebHosting
    
    ACME Server: https://acme-v01.api.letsencrypt.org/
    Config Folder: C:\Users\Administrator\AppData\Roaming\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org
    Certificate Folder: C:\Users\Administrator\AppData\Roaming\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org
    Loading Signer from C:\Users\Administrator\AppData\Roaming\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org\Signer
    
    Getting AcmeServerDirectory
    Loading Registration from C:\Users\Administrator\AppData\Roaming\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org\Registration
    
    
    Authorizing Identifier exammple.com Using Challenge Type http-01 Writing challenge answer to C:\fms\tymetro\.well-known/acme-challenge/gJ0q7Vvdas23dAoAlTh8wTvxgmEb7f9ZIIsB3anRliXQ
     Answer should now be browsable at http://exammple.com/.well-known/acme-challenge/gJ0q7Vvdas23dAoAlTh8wTvxgmEb7f9ZIIsB3anRliXQ
     Submitting answer
     Authorization Result: valid
    
    Requesting Certificate
     Request Status: Created
     Saving Certificate to C:\Users\Administrator\AppData\Roaming\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org\exammple.com-crt.der
     Saving Issuer Certificate to C:\Users\Administrator\AppData\Roaming\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org\ca-0A01414212341313A3D85736A0B85ECA708-crt.pem
     Saving Certificate to C:\Users\Administrator\AppData\Roaming\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org\exammple.com-all.pfx
     Opened Certificate Store "My" 
     Adding Certificate to Store
     Closing Certificate Store WARNING: Unable to configure server software.
     Opened Certificate Store "My"
     Removing Certificate from Store exammple.com 2016/11/10 1:53:12下午
     Closing Certificate Store
    
    
  • 回答問題
    中間會問幾個問題,原則上都 yes 即可,但是有一個動作是,自動更新時要用哪個帳號,如果要維持既有的,就回答 no 即可
  • Apache 設定
    參考如下,設定的檔案名稱及存放位置請參考步驟 2 的訊息!
    <VirtualHost *:443>
        ServerAdmin admin@example.com
        ServerName www.example.com
        ServerAlias example.com
        
        SSLEngine on
        SSLCertificateFile "C:/Users/administrator/AppData/Roaming/letsencrypt-win-simple/httpsacme-v01.api.letsencrypt.org/example.com-crt.pem"
        SSLCertificateKeyFile "C:/Users/administrator/AppData/Roaming/letsencrypt-win-simple/httpsacme-v01.api.letsencrypt.org/example.com-key.pem"
        SSLCertificateChainFile "C:/Users/administrator/AppData/Roaming/letsencrypt-win-simple/httpsacme-v01.api.letsencrypt.org/ca-0A01414212341313A3D85736A0B85ECA708-crt.pem"
    </VirtualHost>
  • 更新憑證
    憑證申請好之後每三個月需要更新一次。基本上會自動幫你更新,或是你也可以手動更新
    letsencrypt.exe --renew
     
    但若是你發現更新後沒用,那就表示你沒有 '重啟 Apache'
    這個步驟漏掉就沒辦法更新憑證囉!!
Facebook 討論區載入中...