Chekwaa Apache na Lets Encrypt SSL Certificate na CentOS 8
Ịchekwa ihe nkesa weebụ gị bụ otu n'ime isi ihe ndị ị kwesịrị ịtụle tupu ị na-aga na ebe nrụọrụ weebụ gị. Asambodo nchekwa dị oke mkpa maka ịchekwa okporo ụzọ ezigara site na ihe nchọgharị weebụ na sava wee mee nke a, ọ ga-akpali ndị ọrụ iji webụsaịtị gị gbanwere data na ịmara nke ọma na echekwara okporo ụzọ ezigara.
N'ọtụtụ oge, a na-akwụ ụgwọ ma na-emeghari asambodo nchekwa kwa afọ. Ka anyị zoo asambodo bụ ikike asambodo efu, mepere emepe yana akpaaka nke ị nwere ike iji zoo saịtị gị. Asambodo ahụ ga-ekubi ume ka ụbọchị 90 ọ bụla gachara ma na-emegharị onwe ya n'enweghị ọnụ ahịa ọ bụla.
Akwadoro Gụọ: Otu esi echekwa Nginx na ka anyị zoo na CentOS 8
N'ime edemede a, anyị ga-egosi gị otu ị ga-esi tinye Asambodo Ka anyị Encrypt na Certbot maka sava weebụ Apache na emesia, hazie asambodo ka ọ megharịa na akpaghị aka na CentOS 8.
Tupu ịmalite, hụ na ị nwere ihe ndị a:
1. Ihe atụ nke sava CentOS 8 nwere sava weebụ Apache HTTP arụnyere ma na-agba ọsọ. Ị nwere ike kwado na sava weebụ apache gị na-arụ ọrụ.
$ sudo dnf install httpd $ sudo systemctl status httpd
2. Aha ngalaba ruru eru zuru oke (FQDN) na-arụtụ aka na adreesị IP ọha nke sava weebụ gị na ndị na-eweta webụsaịtị DNS gị. Maka ntuziaka a, anyị ga-eji linuxtechwhiz.info na-atụ aka na IP 34.67.63.136 nke nkesa.
Nzọụkwụ 1. Wụnye Certbot na CentOS 8
Certbot bụ onye ahịa na-emezi ntinye nke asambodo nchekwa. Ọ na-enweta asambodo n'aka Ka anyị ezoro ikike ma tinye ya na sava weebụ gị n'enweghị nnukwu nsogbu.
Certbot bụ n'efu na ọ ga-enyere gị aka ịwụnye asambodo ahụ n'ụzọ mmekọrịta site na ịmepụta ntuziaka dabere na nhazi sava weebụ gị.
Tupu nbudata certbot, buru ụzọ wụnye ngwugwu ndị dị mkpa maka nhazi njikọ ezoro ezo.
Anyị ga-amalite site na ịwụnye ebe nchekwa EPEL nke na-enye ngwugwu mgbakwunye dị elu maka sistemụ dabere na RHEL:
$ sudo dnf install epel-release
Ọzọ, wụnye mod_ssl na openssl ngwugwu.
$ sudo dnf install mod_ssl openssl
Ozugbo etinyere ndabere niile, wụnye Certbot na modul Apache maka Certbot.
$ sudo dnf install certbot python3-certbot-apache
Iwu a na-etinye Certbot, modul Apache maka Certbot, na ihe ndabere ndị ọzọ.
Kwụpụ 2: Mepụta Apache Virtual Host
Nzọụkwụ ọzọ ga-abụ imepụta faịlụ nnabata mebere maka ngalaba anyị – linuxtechwhiz.info. Malite na mbụ ịmepụta mgbọrọgwụ akwụkwọ ebe ị ga-etinye faịlụ HTML gị.
$ sudo mkdir /var/www/linuxtechwhiz.info.conf
Mepụta faịlụ index.html dị ka egosiri.
$ sudo echo “<h1>Welcome to Apache HTTP server</h1>” > /var/www/linuxtechwhiz.info/index.html
Na-esote, mepụta mebere faịlụ nnabata dị ka egosiri.
$ sudo vim /etc/httpd/conf.d/linuxtechwhiz.info
Tinye nhazi n'okpuru.
<VirtualHost *:443>
ServerName linuxtechwhiz.info
ServerAlias www.linuxtechwhiz.info
DocumentRoot /var/www/linuxtechwhiz.info/
<Directory /var/www/linuxtechwhiz.info/>
Options -Indexes +FollowSymLinks
AllowOverride All
</Directory>
ErrorLog /var/log/httpd/www.linuxtechwhiz.info-error.log
CustomLog /var/log/httpd/www.linuxtechwhiz.info-access.log combined
</VirtualHost>
Chekwa ma pụọ.
Kenye ikike na mgbọrọgwụ akwụkwọ dịka egosiri.
$ sudo chown -R apache:apache /var/www/linuxtechwhiz.info
Ka mgbanwe ndị a malite, malitegharịa ọrụ Apache.
$ sudo systemctl restart httpd
Kwụpụ 3: Wụnye Ka anyị Encrypt SSL Asambodo na CentOS 8
Ugbu a na-agba ọsọ certbot dị ka egosiri na-amalite ntinye akwụkwọ nke Let's Encrypt.
$ sudo certbot --apache -d domain.com
N'ọnọdụ anyị, nke a ga-abụ:
$ sudo certbot --apache -d linuxtechwhiz.info
Iwu a ga-ewega gị site na usoro mkpali iji nyere gị aka ịhazi Lets Encrypt maka ngalaba gị. Jide n'aka na ịnye adreesị ozi-e gị, Nabata Usoro Ọrụ wee kọwaa ngalaba aha ịchọrọ iji HTTPS protocol nke bụ ụdị HTTP ezoro ezo.
Ọ bụrụ na ihe niile gara nke ọma, ị ga-enweta ozi ekele na njedebe na-agwa gị na echekwara saịtị gị site na iji akwụkwọ Let's Encrypt. A ga-egosipụtakwa nkwado asambodo gị - nke na-abụkarị mgbe ụbọchị 90 gachara ka ebugachara ya.
Ugbu a laghachi azụ na faịlụ nnabata gị mebere wee tinye ahịrị nhazi ndị a.
SSLEngine On SSLCertificateFile /etc/letsencrypt/live/linuxtechwhiz.info/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/linuxtechwhiz.info/privkey.pem
Chekwa ma pụọ.
Nhazi nnabata nke Apache ikpeazụ ga-adị ka nke a:
<VirtualHost *:443>
ServerName linuxtechwhiz.info
ServerAlias www.linuxtechwhiz.info
DocumentRoot /var/www/linuxtechwhiz.info/
<Directory /var/www/linuxtechwhiz.info/>
Options -Indexes +FollowSymLinks
AllowOverride All
</Directory>
ErrorLog /var/log/httpd/www.linuxtechwhiz.info-error.log
CustomLog /var/log/httpd/www.linuxtechwhiz.info-access.log combined
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/linuxtechwhiz.info/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/linuxtechwhiz.info/privkey.pem
</VirtualHost>
Ọzọ, malitegharịa Apache.
$ sudo systemctl restart httpd
Kwụpụ 4: Nyochaa ka anyị zoo Asambodo SSL
Iji chọpụta na ihe niile na-arụ ọrụ, malite ihe nchọgharị gị wee gaa na adreesị IP nke ihe nkesa gị. Ị ga-ahụzi akara mkpọchi na mmalite URL.
Iji nweta nkọwa ndị ọzọ, pịa akara mkpọchi & pịa na nhọrọ 'Sertificate' na menu ndọda pụtara.
A ga-egosipụta nkọwa akwụkwọ na windo mmapụta ọzọ.
Ọzọkwa, ị nwere ike ịnwale ihe nkesa gị na https://www.ssllabs.com/ssltest/ na saịtị gị ga-enweta akara 'A' dị ka egosiri.
Kwụpụ 5: Megharia onwe anyị Ka anyị zoo Asambodo SSL
Ka anyị ezoro ezo naanị maka ụbọchị 90 naanị. Ọtụtụ mgbe, a na-eme usoro mmeghari ọhụrụ site na ngwugwu certbot nke na-agbakwunye edemede ọhụrụ na /etc/cron.d directory. Edemede ahụ na-agba ugboro abụọ kwa ụbọchị, ọ ga-emekwa asambodo ọ bụla ozugbo n'ime ụbọchị 30 nke njedebe.
Iji nwalee usoro mmeghari ohuru nke akpaaka, jiri certbot mee nyocha ịgba ọsọ kpọrọ nkụ.
$ sudo /usr/local/bin/certbot-auto renew --dry-run
Ọ bụrụ na enweghị mmejọ ahụ, mgbe ahụ ọ pụtara na ị dị mma ịga.
Nke a na-eduga anyị na njedebe nke ntuziaka a. N'ime ntuziaka a, anyị gosipụtara otu ị ga-esi jiri certbot wụnye na hazie akwụkwọ ikike anyị Encrypt na sava weebụ Apache na-agba ọsọ na sistemụ CentOS 8.