如果想要在 Win 平台上使用 let’s encrypt 的話,目前官方尚未提供,但是有第三方 (letsencrypt-win-simple) 協助製作囉!~
下載並解開
先下載檔案並解開,我建議放在 C:\letsencrypt,語法如下
letsencrypt.exe --manualhost <domain-name> --webroot <document-root>
範例如下
letsencrypt.exe --manualhost "example.com" --webroot "C:\apache\www"
執行後會出現下列畫面
Let's Encrypt (Simple Windows ACME Client) Renewal Period: 60 Certificate Store: WebHosting ACME Server: https://acme-v01.api.letsencrypt.org/ Config Folder: C:\Users\Administrator\AppData\Roaming\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org Certificate Folder: C:\Users\Administrator\AppData\Roaming\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org Loading Signer from C:\Users\Administrator\AppData\Roaming\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org\Signer Getting AcmeServerDirectory Loading Registration from C:\Users\Administrator\AppData\Roaming\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org\Registration Authorizing Identifier exammple.com Using Challenge Type http-01 Writing challenge answer to C:\fms\tymetro\.well-known/acme-challenge/gJ0q7Vvdas23dAoAlTh8wTvxgmEb7f9ZIIsB3anRliXQ Answer should now be browsable at http://exammple.com/.well-known/acme-challenge/gJ0q7Vvdas23dAoAlTh8wTvxgmEb7f9ZIIsB3anRliXQ Submitting answer Authorization Result: valid Requesting Certificate Request Status: Created Saving Certificate to C:\Users\Administrator\AppData\Roaming\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org\exammple.com-crt.der Saving Issuer Certificate to C:\Users\Administrator\AppData\Roaming\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org\ca-0A01414212341313A3D85736A0B85ECA708-crt.pem Saving Certificate to C:\Users\Administrator\AppData\Roaming\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org\exammple.com-all.pfx Opened Certificate Store "My" Adding Certificate to Store Closing Certificate Store WARNING: Unable to configure server software. Opened Certificate Store "My" Removing Certificate from Store exammple.com 2016/11/10 1:53:12下午 Closing Certificate Store
回答問題
中間會問幾個問題,原則上都 yes 即可,但是有一個動作是,自動更新時要用哪個帳號,如果要維持既有的,就回答 no 即可
Apache 設定
參考如下,設定的檔案名稱及存放位置請參考步驟 2 的訊息!
<VirtualHost *:443>
ServerAdmin admin@example.com
ServerName www.example.com
ServerAlias example.com
SSLEngine on
SSLCertificateFile "C:/Users/administrator/AppData/Roaming/letsencrypt-win-simple/httpsacme-v01.api.letsencrypt.org/example.com-crt.pem"
SSLCertificateKeyFile "C:/Users/administrator/AppData/Roaming/letsencrypt-win-simple/httpsacme-v01.api.letsencrypt.org/example.com-key.pem"
SSLCertificateChainFile "C:/Users/administrator/AppData/Roaming/letsencrypt-win-simple/httpsacme-v01.api.letsencrypt.org/ca-0A01414212341313A3D85736A0B85ECA708-crt.pem"
</VirtualHost>
更新憑證
憑證申請好之後每三個月需要更新一次。基本上會自動幫你更新,或是你也可以手動更新
letsencrypt.exe --renew
但若是你發現更新後沒用,那就表示你沒有 ‘重啟 Apache’
這個步驟漏掉就沒辦法更新憑證囉!!
