有计划将网站转为Https,Letsencrypt提供了免费的SSL证书,也有各种脚本如Certbot来提供证书的自动更新,
但是安装certbot时对amazon linux的支持并不完善,虽然要改的部分也就是证书位置和apache配置参数这些,需要手动处理还是嫌麻烦,待过一阵再说.
[ec2-user@ip-172-31-25-76 ~]$ sudo ./certbot-auto --apache FATAL: Amazon Linux support is very experimental at present... if you would like to work on improving it, please ensure you have backups and then run this script again with the --debug flag! Alternatively, you can install OS dependencies yourself and run this script again with --no-bootstrap.
updated 12/02/2017
AWS帮助资源中实际有配置certbot的说明
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/SSL-on-an-instance.html#letsencrypt
也就说明使用没有问题,直接安装了mod24-ssl,并开放443端口
sudo yum install -y mod24_ssl
sudo ./certbot-auto --debug
确认了网站域名以后直接访问OK,另外将每天检查Renew加入到crontab
10 * * * * /home/ec2-user/certbot-auto renew
顺带把自动重启httpd也加入进来,修改Wordpress中的链接设置,全部工作完成.
因为自动配置了Apache自动转向,旧图片链接的修改看来也不再需要.
updated 12/04/2017
将备用域名从Dnspod转移到了Cloudfare,避免如备案等带来的问题.
Leave a Reply