使用 letsencrypt 的 ssl 免费证书 配置 apache 站点

资料
let's encrypt getting started
certbot user guide
安装 certbot
以debian为例，安装
apt-get install python-certbot-apache
certbot --apache
certbot --apache certonly
证书信息将保存在/etc/letsencrypt目录下
更新证书
手动测试更新
certbot renew --dry-run
更新，可加入crontab，定期自动更新
certbot renew --quiet
添加域名
例如添加某个域名 abc.xxx.com
certbot certonly --webroot -w /var/www/abc/ -d abc.xxx.com
对应的apache配置文件示例如下：
<VirtualHost abc.xxx.com:80>
ServerName abc.xxx.com
DocumentRoot "/var/www/abc"
<Directory "/var/www/abc">
</Directory>
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost abc.xxx.com:443>
ServerName abc.xxx.com
DocumentRoot "/var/www/abc"
<Directory "/var/www/abc">
</Directory>
SSLCertificateFile /etc/letsencrypt/live/abc.xxx.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/abc.xxx.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>