win-acme SSL Apache 安裝記錄(和Let's Encrypt相同,只是全程要下指令,但一但完成應該很省心)
下載 win-acme 版本為 2.2.9.1
以下為 Apache 設定的參考文件:省心指令:
網站根目錄: D:\Inetpub\wwwroot
憑證存儲目錄: C:\apache24\certs
主機網址: star.im.chu.edu.tw
win-acme安裝目錄: C:\win-acme
成功後在 C:\Apache24\certs 下有4個檔案:httpd-ssl.conf 內含:測試語法是否正確:
./httpd.exe -t
沒問題就重開WEB
使用 Powershell 建立系統排程, 90天自動續約
#Let's Encrypt 憑證有效期 90 天,建議自動續約後 自動重啟 Apache:#續約後,讓 Apache 重新載入新憑證:
檔案名稱用途Apache 設定對應項
star.im.chu.edu.tw-chain.pem完整憑證鏈 (Full Chain Certificate),包含網站憑證及中繼憑證SSLCertificateFile
star.im.chu.edu.tw-chain-only.pem中繼憑證 (Intermediate Certificate),用於鏈接 CA 根憑證SSLCertificateChainFile
star.im.chu.edu.tw-chain-crt.pem伺服器憑證 (Server Certificate),僅包含該網站的 SSL 憑證SSLCertificateFile(但通常使用 full chain)
star.im.chu.edu.tw-key.pem私鑰 (Private Key),用於匹配 SSL 憑證SSLCertificateKeyFile
--------------------------------------------------------
Configuring Apache
To use certificates obtained with the help of WACS with the Apache 2.4 server, you need to make settings in Apache24\conf\extra\httpd-vhosts.conf file; you could also make these changes in the \Apache24\conf\extra\httpd-ssl.conf file as well instead if you so wish:
Define CERTROOT "C:/apache-certs"
Define SITEROOT "C:/htdocs/www"
....
<VirtualHost *:443>
ServerName www.example.com
DocumentRoot "${SITEROOT}/example.com"
....
SSLEngine on
SSLCertificateFile "${CERTROOT}/example.com-chain.pem"
SSLCertificateKeyFile "${CERTROOT}/example.com-key.pem"
</VirtualHost>
下載 win-acme 版本為 2.2.9.1
以下為 Apache 設定的參考文件:
CODE:
https://www.win-acme.com/manual/advanced-use/examples/apache網站根目錄: D:\Inetpub\wwwroot
憑證存儲目錄: C:\apache24\certs
主機網址: star.im.chu.edu.tw
win-acme安裝目錄: C:\win-acme
CODE:
cd C:\win-acme.\wacs.exe --source manual --host star.im.chu.edu.tw --validation filesystem --webroot "D:\Inetpub\wwwroot" --store pemfiles --pemfilespath C:\apache24\certshttpd.conf 中含:star.im.chu.edu.tw-chain.pem
star.im.chu.edu.tw-chain-only.pem
star.im.chu.edu.tw-chain-crt.pem (這個檔在設定中沒有用到)
star.im.chu.edu.tw-chain-key.pem
CODE:
Define SRVROOT "c:/Apache24"Define CERTROOT "c:/Apache24/certs"# Secure (SSL/TLS) connectionsInclude conf/extra/httpd-ssl.conf #SSL 設定檔CODE:
# 設定 SSL 憑證SSLCertificateFile "${CERTROOT}/star.im.chu.edu.tw-chain.pem" # 設定私鑰SSLCertificateKeyFile "${CERTROOT}/star.im.chu.edu.tw-key.pem" # 設定 CA 中繼憑證SSLCertificateChainFile "${CERTROOT}/star.im.chu.edu.tw-chain-only.pem"./httpd.exe -t
沒問題就重開WEB
使用 Powershell 建立系統排程, 90天自動續約
#Let's Encrypt 憑證有效期 90 天,建議自動續約後 自動重啟 Apache:
CODE:
schtasks /create /tn "Renew LetsEncrypt SSL" /sc daily /st 02:00 /tr "C:\win-acme\wacs.exe --renew --pemfilespath A:\Apache24\certs --quiet" /rl highestCODE:
schtasks /create /tn "Restart Apache After Renew" /sc daily /st 02:10 /tr "C:\Apache24\bin\httpd.exe -k restart" /rl highest檔案名稱用途Apache 設定對應項
star.im.chu.edu.tw-chain.pem完整憑證鏈 (Full Chain Certificate),包含網站憑證及中繼憑證SSLCertificateFile
star.im.chu.edu.tw-chain-only.pem中繼憑證 (Intermediate Certificate),用於鏈接 CA 根憑證SSLCertificateChainFile
star.im.chu.edu.tw-chain-crt.pem伺服器憑證 (Server Certificate),僅包含該網站的 SSL 憑證SSLCertificateFile(但通常使用 full chain)
star.im.chu.edu.tw-key.pem私鑰 (Private Key),用於匹配 SSL 憑證SSLCertificateKeyFile
--------------------------------------------------------
Configuring Apache
To use certificates obtained with the help of WACS with the Apache 2.4 server, you need to make settings in Apache24\conf\extra\httpd-vhosts.conf file; you could also make these changes in the \Apache24\conf\extra\httpd-ssl.conf file as well instead if you so wish:
Define CERTROOT "C:/apache-certs"
Define SITEROOT "C:/htdocs/www"
....
<VirtualHost *:443>
ServerName www.example.com
DocumentRoot "${SITEROOT}/example.com"
....
SSLEngine on
SSLCertificateFile "${CERTROOT}/example.com-chain.pem"
SSLCertificateKeyFile "${CERTROOT}/example.com-key.pem"
</VirtualHost>
統計資料: 發表於 由 dtchang — 2025-02-20, 23:42