Archive for the Category » Unix-like «

Blog已经转换为HTTPS

有计划将网站转为Https,Letsencrypt提供了免费的SSL证书,也有各种脚本如Certbot来提供证书的自动更新,

但是安装certbot时对amazon linux的支持并不完善,虽然要改的部分也就是证书位置和apache配置参数这些,需要手动处理还是嫌麻烦,待过一阵再说.

[ec2-user@ip-172-31-25-76 ~]$ sudo ./certbot-auto --apache
FATAL: Amazon Linux support is very experimental at present...
if you would like to work on improving it, please ensure you have backups
and then run this script again with the --debug flag!
Alternatively, you can install OS dependencies yourself and run this script
again with --no-bootstrap.

updated 12/02/2017

AWS帮助资源中实际有配置certbot的说明
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/SSL-on-an-instance.html#letsencrypt

也就说明使用没有问题,直接安装了mod24-ssl,并开放443端口

sudo yum install -y mod24_ssl
sudo ./certbot-auto --debug

确认了网站域名以后直接访问OK,另外将每天检查Renew加入到crontab

10 * * * * /home/ec2-user/certbot-auto renew

顺带把自动重启httpd也加入进来,修改Wordpress中的链接设置,全部工作完成.

因为自动配置了Apache自动转向,旧图片链接的修改看来也不再需要.


updated 12/04/2017

将备用域名从Dnspod转移到了Cloudfare,避免如备案等带来的问题.