Windows 版 Let's Encrypt for Apache
c02fa649408ebc83921c8742ee4607b4.jpg
如果想要在 Win 平台上使用 let's encrypt 的話,目前官方尚未提供,但是有第三方 (letsencrypt-win-simple) 協助製作囉!~
 
下載後執行方式其實大同小異,相關資訊可以參考 Let's Encrypt - 免費的 SSL 憑證
主要是必須先把 443 啟用,並且能夠讓外部連線。其他的設定請參考以下步驟
 

步驟

  • 下載並解開
    先下載檔案並解開,我建議放在 C:\letsencrypt,語法如下
    letsencrypt.exe --manualhost <domain-name> --webroot <document-root>
    範例如下
    letsencrypt.exe --manualhost "example.com" --webroot "C:\apache\www"
     
  • 執行後會出現下列畫面
    Let's Encrypt (Simple Windows ACME Client)
Renewal Period: 60
Certificate Store: WebHosting

ACME Server: https://acme-v01.api.letsencrypt.org/
Config Folder: C:\Users\Administrator\AppData\Roaming\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org
Certificate Folder: C:\Users\Administrator\AppData\Roaming\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org
Loading Signer from C:\Users\Administrator\AppData\Roaming\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org\Signer

Getting AcmeServerDirectory
Loading Registration from C:\Users\Administrator\AppData\Roaming\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org\Registration


Authorizing Identifier exammple.com Using Challenge Type http-01 Writing challenge answer to C:\fms\tymetro\.well-known/acme-challenge/gJ0q7Vvdas23dAoAlTh8wTvxgmEb7f9ZIIsB3anRliXQ
 Answer should now be browsable at http://exammple.com/.well-known/acme-challenge/gJ0q7Vvdas23dAoAlTh8wTvxgmEb7f9ZIIsB3anRliXQ
 Submitting answer
 Authorization Result: valid

Requesting Certificate
 Request Status: Created
 Saving Certificate to C:\Users\Administrator\AppData\Roaming\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org\exammple.com-crt.der
 Saving Issuer Certificate to C:\Users\Administrator\AppData\Roaming\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org\ca-0A01414212341313A3D85736A0B85ECA708-crt.pem
 Saving Certificate to C:\Users\Administrator\AppData\Roaming\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org\exammple.com-all.pfx
 Opened Certificate Store "My" 
 Adding Certificate to Store
 Closing Certificate Store WARNING: Unable to configure server software.
 Opened Certificate Store "My"
 Removing Certificate from Store exammple.com 2016/11/10 1:53:12下午
 Closing Certificate Store
  • 回答問題
    中間會問幾個問題,原則上都 yes 即可,但是有一個動作是,自動更新時要用哪個帳號,如果要維持既有的,就回答 no 即可
  • Apache 設定
    參考如下,設定的檔案名稱及存放位置請參考步驟 2 的訊息!
    <VirtualHost *:443>
    ServerAdmin admin@example.com
    ServerName www.example.com
    ServerAlias example.com
    
    SSLEngine on
    SSLCertificateFile "C:/Users/administrator/AppData/Roaming/letsencrypt-win-simple/httpsacme-v01.api.letsencrypt.org/example.com-crt.pem"
    SSLCertificateKeyFile "C:/Users/administrator/AppData/Roaming/letsencrypt-win-simple/httpsacme-v01.api.letsencrypt.org/example.com-key.pem"
    SSLCertificateChainFile "C:/Users/administrator/AppData/Roaming/letsencrypt-win-simple/httpsacme-v01.api.letsencrypt.org/ca-0A01414212341313A3D85736A0B85ECA708-crt.pem"
</VirtualHost>
  • 更新憑證
    憑證申請好之後每三個月需要更新一次。基本上會自動幫你更新,或是你也可以手動更新
    letsencrypt.exe --renew
     
    但若是你發現更新後沒用,那就表示你沒有 '重啟 Apache'
    這個步驟漏掉就沒辦法更新憑證囉!!

註解

Facebook 討論區載入中...