Home > 網路管理 > Let’s Encrypt

Let’s Encrypt

https://letsencrypt.org/zh-tw/

一、How To Secure Apache with Let’s Encrypt on CentOS 8

https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-centos-8

二、How To Secure Apache with Let’s Encrypt on CentOS 7

https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-centos-7

三、[SSL] Let’s Encrypt免費的SSL憑證(三個月)@精讚

四、安裝 Let’s Encrypt

五、CentOS 8 安裝Certbot自動取得及更新Let’s Encrypt SSL憑證

CentOS 8 安裝Certbot自動取得及更新Let’s Encrypt SSL憑證

1.設定 Apache 設定SSL相關設定,,編輯/etc/httpd/conf.d/ssl.conf

vi /etc/httpd/conf.d/ssl.conf

2.找到 SSLCertificateFile與SSLCertificateKeyFile及SSLCACertificateFile 這三行並修改相關路徑。

SSLCertificateFile /etc/letsencrypt/live/cgsh.tc.edu.tw/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/cgsh.tc.edu.tw/privkey.pem
SSLCACertificateFile /etc/letsencrypt/live/cgsh.tc.edu.tw/fullchain.pem

systemctl restart httpd

3.建立更新script檔並設定排程自動更新憑證

vi /etc/sh/renew_ssh.sh

#!/bin/sh
/usr/bin/certbot renew --quiet --agree-tos --post-hook "systemctl reload httpd"

chmod 755 /root/renew_ssh.sh


crontab -e


0 2 * * 1 /etc/sh/renew_ssl.sh > /dev/null 2>&1

4.Centos7 apache VirtualHost 80 port


/etc/httpd/conf.d/non-ssl.conf

<VirtualHost *:80>
        ServerName frogs.edu.tw
        Redirect "/" "https://frogs.edu.tw/"
        RewriteEngine on
        RewriteCond %{SERVER_NAME} =frogs.edu.tw
        RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

六、現代化網路協定檢測

https://check.twnic.tw/index.php

七、Windows server 2019 IIS 設定Let’s Encrypt

1.如何申請免費 Let’s Encrypt SSL 自動更新憑證,自架 IIS 站台適用

如何申請免費 Let’s Encrypt SSL 自動更新憑證,自架 IIS 站台適用

2.[ Windows Server ]如何使用 win-acme 申請 Let’s Encrypt SSL 並安裝到 IIS?

https://key.chtouch.com/cv.aspx?p=3539

3.IIS 站台 編輯繫結

4.Insecure cipher suites

We can disable 3DES and RC4 ciphers by removing them from registry

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Cryptography\Configuration\Local\SSL\00010002 and then restart the server.

https://docs.microsoft.com/en-us/answers/questions/348323/how-to-disable-3des-and-rc4-on-windows-server-2019.html

TLS_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_NULL_SHA256
TLS_RSA_WITH_NULL_SHA
TLS_PSK_WITH_AES_256_GCM_SHA384
TLS_PSK_WITH_AES_128_GCM_SHA256
TLS_PSK_WITH_AES_256_CBC_SHA384
TLS_PSK_WITH_AES_128_CBC_SHA256
TLS_PSK_WITH_NULL_SHA384
TLS_PSK_WITH_NULL_SHA256