Let’s Encrypt+Apache虚拟主机上设置

Apache在生成证书后也需要修改一下apache的配置文件 /usr/local/apache/conf/httpd.conf ,查找httpd-ssl将前面的#去掉。
然后再执行:
Apache 2.2如下:

cat >/usr/local/apache/conf/extra/httpd-ssl.conf<<EOF
Listen 443

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl

SSLCipherSuite EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5
SSLProxyCipherSuite EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5
SSLHonorCipherOrder on

SSLProtocol all -SSLv2 -SSLv3
SSLProxyProtocol all -SSLv2 -SSLv3
SSLPassPhraseDialog builtin

SSLSessionCache "shmcb:/usr/local/apache/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300

SSLMutex "file:/usr/local/apache/logs/ssl_mutex"

SSLStrictSNIVHostCheck on
NameVirtualHost *:443
EOF

Apache 2.4如下:

cat >/usr/local/apache/conf/extra/httpd-ssl.conf<<EOF
Listen 443

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl

SSLCipherSuite EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5
SSLProxyCipherSuite EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5
SSLHonorCipherOrder on

SSLProtocol all -SSLv2 -SSLv3
SSLProxyProtocol all -SSLv2 -SSLv3
SSLPassPhraseDialog builtin

SSLSessionCache "shmcb:/usr/local/apache/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300

Mutex sysvsem default

SSLStrictSNIVHostCheck on
EOF

并在对应apache虚拟主机配置文件的最后下面添加上SSL部分的配置文件:

<VirtualHost *:443>
	DocumentRoot /home/wwwroot/www.xiaokyun.com   #网站目录
	ServerName www.xiaokyun.com:443   #域名
	ServerAdmin admin@xiaokyun.com      #邮箱
	ErrorLog "/home/wwwlogs/www.xiaokyun.com-error_log"   #错误日志
	CustomLog "/home/wwwlogs/www.xiaokyun.com-access_log" common    #访问日志
	SSLEngine on
	SSLCertificateFile /etc/letsencrypt/live/www.xiaokyun.com/fullchain.pem   #改一下里面的域名就行
	SSLCertificateKeyFile /etc/letsencrypt/live/www.xiaokyun.com/privkey.pem    #改一下里面的域名就行

<Directory "/home/wwwroot/www.xiaokyun.com">   #网站目录
	SetOutputFilter DEFLATE
	Options FollowSymLinks
	AllowOverride All
	Order allow,deny
	Allow from all
	DirectoryIndex index.html index.php
</Directory>

</VirtualHost>

需将上述配置根据自己的实际情况修改后,添加到虚拟主机配置文件最后面。注意要重启apache使其实现。
执行:

/etc/init.d/httpd restart

重启Apache使其生效。

Published by

@XiaoKyun

双鱼男,过分热心的好人。