Last update at :2024-06-17,Edit by888u
In Snail’s previous articles about SSL certificate installation, the application and installation of certificates were basically completed in the Nginx environment. There were relatively few installations of SSL certificates in the Apache environment. A few days ago, there was a netizen project that needed to configure the certificate he applied for in the Apache environment. It was not easy to apply for it automatically in his panel like Let\\’s Encrypt (after all, he purchased a paid certificate).
Whether we use the one-click LAMP package or the Pagoda panel, the installation methods are similar, except that some configuration files are not in specific directories, and we need to configure the WEB environment according to different Find the corresponding file path. If you encounter a specific panel environment or one-click package in the future, I will share it separately. Today I will mainly share the general method of modifying the certificate configuration SSL under Linux Apache.
First, preparations
1. Backup is very important
If we are really not familiar enough, we still need to back up the system environment or website data first to ensure that the data can be restored if the system is damaged. Or we can test in a similar test environment first, and then operate in the production environment with skilled workers.
2. Apply for SSL certificate
Whether we apply for a free certificate or a paid certificate here, we will generally apply for an SSL certificate package, which includes certificates for several environments such as Apache and Nginx. Here we definitely only need to use the certificate of the Apache environment, which contains 3 files (2 .crt and 1 .key file).
3. Certificate upload
Upload the three certificate files to our corresponding management directory, here we put them in the apache/conf/ssl directory.
Second, modify the configuration file
httpd.conf
We need to modify this configuration file and remove the # in front of the two files.
#LoadModule ssl_module modules/mod_ssl.so
#Include conf/extra/httpd-ssl.conf
If we have a problem with shmcb error later, you can refer to the "Solution" SSLSessionCache: \\'shmcb\\' session cache not supported\\"Problem\\" article, and then \\"LoadModule socache_shmcb_module modules/mod_socache_shmcb.so\\" The # comment in front of it means to remove it.
Third, add certificate configuration
extra/httpd-ssl.conf
Here we need to configure the certificate in the httpd-ssl.conf file.
VirtualHost _default_:443
Find the location of this script and add it directly below
DocumentRoot \\”/www/wwwroot/www.laobuluo.com\\”ServerName www.laobuluo.com:443SSLProtocol all -SSLv2 -SSLv3SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL: !DH:!EDH:!EXP:+MEDIUMSSLHonorCipherOrder onSSLCertificateFile /www/server/apache/conf/ssl/laobuluo.com.crtSSLCertificateKeyFile /www/server/apache/conf/ssl/laobuluo.com.keySSLCertificateChainFile /www/server/apache /conf/ssl/laobuluo.com_bundle.crt
Refer to similar ones, and then replace the directory and certificate directory corresponding to the site in our server with our own files. There are three certificate files in total.
At the same time, we need to add # to the remarks in front of the originally fixed certificate paths in the following places \\"SSLCertificateFile\\" and \\"SSLCertificateKeyFile\\" because we have added them above.
Fourth, restart Apache to take effect
service httpd restart
This depends on the system restart command, some are not like this. Check whether it takes effect after restarting. And by default, http does not automatically jump to https. We need to set it in the .htaccess of the current site (Apache modifies the .htaccess file to force HTTPS address access).
Recommended site searches: website registration number, website registration query, cheap space, overseas server rental price, overseas server, server proxy IP, virtual host service provider, space server, IP query, Hong Kong virtual host space,
发表评论