申請憑證
https://freessl.cn
可申請免費一年憑證
憑證檔案
Freessl.cn會發給你
PEM跟KEY兩個檔案
將PEM重新命名為CRT即可
參考用法
https://blog.freessl.cn/freessl-org-ssl-cert-zip-file-introduce/
設定SSL
sudo nano /etc/apache2/sites-available/default-ssl.conf
---------------------------------------------------
ServerAdmin [email protected]
ServerName example.com
DocumentRoot /var/www/html
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
SSLCertificateFile /path_to_your_crt.crt
SSLCertificateKeyFile /path_to_your_private_key.key
SSLCertificateChainFile /path_to_your_crt.crt
別忘記設定資料夾權限
<Directory /var/www/html>
Header always append X-Frame-Options SAMEORIGIN
AllowOverride All
Require all granted
</Directory>
開啟SSL MOD
sudo a2enmod ssl
開關SSL SITE
sudo a2ensite default-ssl #enable ssl site
sudo a2dissite default-ssl #disable ssl site
sudo apachectl configtest #check config
sudo systemctl restart apache2 #restart apache2
測試
Browse Your https://domain.com