在Ubuntu上配置SSL证书,一般可按以下步骤进行:
更新系统软件包并安装必要的依赖,如OpenSSL:
sudo apt update
sudo apt install openssl
可使用Let’s Encrypt免费获取,安装Certbot工具:
sudo apt install certbot python3-certbot-nginx # 用于Nginx
sudo apt install certbot python3-certbot-apache # 用于Apache
然后运行Certbot获取证书,以Nginx为例:
sudo certbot --nginx -d example.com -d www.example.com
/etc/nginx/sites-available/。确保配置中包含监听443端口、指定证书和私钥文件路径等内容,如:server {
listen 443 ssl;
server_name example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
# 其他配置...
}
修改后测试配置并重新加载Nginx:
sudo nginx -t
sudo systemctl reload nginx
/etc/apache2/sites-available/。确保包含类似以下内容:<VirtualHost *:443>
ServerName example.com
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
# 其他配置...
</VirtualHost>
然后启用站点并重启Apache:
sudo a2ensite example.com.conf
sudo systemctl restart apache2
Let’s Encrypt证书有效期为90天,Certbot可自动续期。可手动测试续期:
sudo certbot renew --dry-run
若要设置定时任务自动续期,可编辑crontab:
sudo crontab -e
添加如下内容(每天检查两次):
0 12 * * * /usr/bin/certbot renew --quiet
0 0 * * * /usr/bin/certbot renew --quiet