apache 安装SSL证书相关

1、在apache的配置文件httpd.conf里最后一行添加：

IncludeOptional /www/server/panel/vhost/apache/*.conf

2、添加/www/server/panel/vhost/apache/www.xxx.com.conf

<VirtualHost *:80>

    ServerAdmin webmaster@example.com

    DocumentRoot "/www/wwwroot/xiaochengxu"

    ServerName 81d06989. www.xxx.com

    ServerAlias xcx.nmpfit.com

    errorDocument 404 /404.html

    ErrorLog "/www/wwwlogs/ www.xxx.com -error_log"

    CustomLog "/www/wwwlogs/ www.xxx.com -access_log" combined

    #HTTP_TO_HTTPS_START

    <IfModule mod_rewrite.c>

        RewriteEngine on

        RewriteCond %{SERVER_PORT} !^443$

        RewriteRule (.*) https://%{SERVER_NAME}$1 [L,R=301]

    </IfModule>

    #HTTP_TO_HTTPS_END

    #HTTP_TO_HTTPS_START

    <IfModule mod_rewrite.c>

        RewriteEngine on

        RewriteCond %{SERVER_PORT} !^443$

        RewriteRule (.*) https://%{SERVER_NAME}$1 [L,R=301]

    </IfModule>

    #HTTP_TO_HTTPS_END

    #HTTP_TO_HTTPS_START

    <IfModule mod_rewrite.c>

        RewriteEngine on

        RewriteCond %{SERVER_PORT} !^443$

        RewriteRule (.*) https://%{SERVER_NAME}$1 [L,R=301]

    </IfModule>

    #HTTP_TO_HTTPS_END

    #DENY FILES

    <Files ~ (\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)$>

      Order allow,deny

      Deny from all

    </Files>

    #PHP

    <FilesMatch \.php$>

            SetHandler "proxy:unix:/tmp/php-cgi-56.sock|fcgi://localhost"

    </FilesMatch>

    #PATH

    <Directory "/www/wwwroot/xiaochengxu">

        SetOutputFilter DEFLATE

        Options FollowSymLinks

        AllowOverride All

        Require all granted

        DirectoryIndex index.php index.html index.htm default.php default.html default.htm

    </Directory>

</VirtualHost>

<VirtualHost *:443>

    ServerAdmin webmasterexample.com

    DocumentRoot "/www/wwwroot/xiaochengxu/"

    ServerName SSL. www.xxx.com

    ServerAlias www.xxx.com

    errorDocument 404 /404.html

    ErrorLog "/www/wwwlogs/ www.xxx.com -error_log"

    CustomLog "/www/wwwlogs/ www.xxx.com -access_log" combined

    #SSL

    SSLEngine On

    #SSLCertificateFile /etc/letsencrypt/live/ www.xxx.com /fullchain.pem

    #SSLCertificateKeyFile /etc/letsencrypt/live/ www.xxx.com /privkey.pem

    SSLCertificateFile /etc/letsencrypt/live/ www.xxx.com /server_public.crt

    SSLCertificateKeyFile /etc/letsencrypt/live/ www.xxx.com /server.key

    SSLCertificateChainFile /etc/letsencrypt/live/ www.xxx.com /server_chain.crt

    SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH

    SSLProtocol All -SSLv2 -SSLv3

    SSLHonorCipherOrder On

    #PHP

    <FilesMatch \.php$>

            SetHandler "proxy:unix:/tmp/php-cgi-56.sock|fcgi://localhost"

    </FilesMatch>

    #DENY FILES

    <Files ~ (\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)$>

      Order allow,deny

      Deny from all

    </Files>

    #PATH

    <Directory "/www/wwwroot/xiaochengxu/">

        SetOutputFilter DEFLATE

        Options FollowSymLinks

        AllowOverride All

        Require all granted

        DirectoryIndex index.php index.html index.htm default.php default.html default.htm

    </Directory>

</VirtualHost>

3、把下载下来的证书文件放到 /etc/letsencrypt/live/www.xxx.com/里，然后重启apache就行了