在centos环境下给多域名站点配置https免费证书(Let’s Encrypt)

Step1，安装 cerbot和cerbot-apache

 yum install certbot certbot-apache

Step2，开放443端口

firewall-cmd –add-port=443/tcp –zone=public –permanent

firewall-cmd —reload

Step3，配置虚拟域名

vi /etc/httpd/conf/httpd.conf

NameVirtualHost *:80

<VirtualHost *:80>
ServerAdmin root@xxxx.com
DocumentRoot /var/www/html
ServerName xxxx.com
</VirtualHost>

<VirtualHost *:80>
ServerAdmin root@xxxx.com
DocumentRoot /var/www/html
ServerName www.xxxx.com
</VirtualHost>

Step4，多域名SSL证书生成

certbot run –apache -d host1.xxxx.com -d host2.xxxx.com

       ※遇到对话，全部同意，才能通过。下面对话框，建议选2，全部重定向到https。

Please choose whether HTTPS access is required or optional.
—————————————————————-
1: Easy – Allow both HTTP and HTTPS access to these sites
2: Secure – Make all requests redirect to secure HTTPS access
—————————————————————-

        ※执行完成后，查看/etc/httpd/conf/httpd.conf文件会发现在虚拟域名被追加了如下内容：

RewriteCond %{SERVER_NAME} =host.exsample.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]

Step5，配置ssl.conf文件

vi /etc/httpd/conf.d/ssl.conf

SSLCertificateFile /etc/letsencrypt/live/xxxx.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/xxx.com/privkey.pem

Step6，重启httpd服务

systemctl restart httpd

Step7，证明书更新（需要时）

因为letsencrypt的证书有效期限是三个月，所以每三个月要更新一次

certbot renew

       建议将上边的命令放到cron里自动执行。