Ubuntu Apache2 Free SSL A Year Setup

申請憑證

https://freessl.cn
可申請免費一年憑證

憑證檔案

Freessl.cn會發給你
PEM跟KEY兩個檔案
將PEM重新命名為CRT即可

參考用法
https://blog.freessl.cn/freessl-org-ssl-cert-zip-file-introduce/

設定SSL

sudo nano /etc/apache2/sites-available/default-ssl.conf
---------------------------------------------------

ServerAdmin [email protected]
ServerName example.com
DocumentRoot /var/www/html

#   SSL Engine Switch:
#   Enable/Disable SSL for this virtual host.
SSLEngine on

#   A self-signed (snakeoil) certificate can be created by installing
#   the ssl-cert package. See
#   /usr/share/doc/apache2/README.Debian.gz for more info.
#   If both key and certificate are stored in the same file, only the
#   SSLCertificateFile directive is needed.
SSLCertificateFile     /path_to_your_crt.crt
SSLCertificateKeyFile   /path_to_your_private_key.key

SSLCertificateChainFile  /path_to_your_crt.crt

別忘記設定資料夾權限

<Directory /var/www/html>
    Header always append X-Frame-Options SAMEORIGIN
    AllowOverride All
    Require all granted
</Directory>

開啟SSL MOD

sudo a2enmod ssl

開關SSL SITE

sudo a2ensite default-ssl       #enable ssl site
sudo a2dissite default-ssl      #disable ssl site
sudo apachectl configtest       #check config
sudo systemctl restart apache2  #restart apache2

測試

Browse Your https://domain.com