lampp使用Let\'s Encrypt过程记录

Let\'s Encrypt是什么？

Let\'s Encrypt要求站点要有虚拟主机，所以第一步就是把站点直接连接，变为虚拟主机方式。
建立一个文件夹放置虚拟主机配置文件
mkdir /opt/lampp/etc/myVhost

在/opt/lampp/etc/httpd.conf文件末尾添加
httpd.conf:
IncludeOptional etc/myVhost/*.conf

建立虚拟主机配置文件
vi /opt/lampp/etc/myVhost/example.com.conf

example.com.conf:

ServerName example.com
ServerAlias www.example.com
DocumentRoot /opt/lampp/htdocs
ErrorLog /opt/lampp/logs/example.com/error.log


mkdir /opt/lampp/logs/example.com#建立日志目录

虚拟主机配置完，重启lampp
cd /opt/lampp
./lampp restart #也可只单独重启Apache

2.下载let\'s encrypt程序
yum install epel-release #安装环境
yum install git #安装环境
git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt#下载到let\'s encrypt到/opt/letsencrypt

3.下载证书
cd /opt/letsencrypt
./certbot-auto certonly --webroot-w/opt/lampp/htdocs -d www.example.com

创新互联建站是一家集网站建设,娄烦企业网站建设,娄烦品牌网站建设,网站定制,娄烦网站建设报价,网络营销,网络优化,娄烦网站推广为一体的创新建站企业，帮助传统企业提升企业形象加强企业竞争力。可充分满足这一群体相比中小企业更为丰富、高端、多元的互联网需求。同时我们时刻保持专业、时尚、前沿，时刻以成就客户成长自我，坚持不断学习、思考、沉淀、净化自己，让我们为更多的企业打造出实用型网站。

#由于lampp是单独配置的环境，所以只下载证书。

证书下载成功会出现下面类似的提示：
IMPORTANT NOTES:
- If you lose your account credentials, you can recover through
e-mails sent to user@example.com.
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/example.com/fullchain.pem. Your cert
will expire on 2016-04-21. To obtain a new version of the
certificate in the future, simply run Let\'s Encrypt again.
- Your account credentials have been saved in your Let\'s Encrypt
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Let\'s
Encrypt so making regular backups of this folder is ideal.
- If you like Let\'s Encrypt, please consider supporting our work by:

Donating to ISRG / Let\'s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

4.配置Apache，其实也就是添加证书位置。
vi /opt/lampp/etc/myVhost/example.com.conf

example.com.conf:

ServerName example.com
ServerAlias www.example.com
DocumentRoot /opt/lampp/htdocs
ErrorLog /opt/lampp/logs/example.com/error.log
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem


5.设置http跳转至https
到第4步，没有意外的话，应该能在浏览器看到小锁了。不想用http，设置一个跳转就行了。

6.let\'s encrypt证书只有90天的期限，所以定期更新证书很有必要，不过还没有实践过，把网上一些资料先copy下来。
crontab -e
30 2 ** 1 /opt/letsencrypt/letsencrypt-auto renew >>/opt/lampp/logs/example.com/le-renew.log#定时每周一 2：30更新证书

7.更新Let’s Encrypt程序，同样没有实践过，先保存。
cd /opt/letsencrypt
git pull