tygtw.ddns.net更新ssl安全憑證至2022/4/27
原ssl安全憑證申請 https://manage.sslforfree.com/dashboard 免費期已過,付費基本版本每月約台幣280元(10元美金),因此改用免費的https://letsencrypt.osfipin.com/
申請後,解壓縮憑證檔案,將fullchain.crt與private.pem上傳至自訂路徑,例如:/etc/httpd/conf/ssl
修改
/etc/httpd/conf.d 下ssl.conf (Fedora 2X版預設路徑)
新增
SSLCertificateFile /etc/httpd/conf/ssl/fullchain.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl/private.pem
重啟apache service httpd restart
===========
官網所提供設定訊息僅供參考,ssl.conf檔設定須依本身伺服器版本調整。
# 通用性
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder off
SSLSessionTickets off
# 开启 OCSP Stapling(建议)
SSLUseStapling On
SSLStaplingCache “shmcb:logs/ssl_stapling(32768)”
