# 使用 letsencrypt 為網址添加 SSL 憑證 ###### tags: `letsencrypt` `ssl` `https` `apache` 使用 [letsencrypt](https://github.com/win-acme/win-acme/releases/win-acme.v2.1.20.1185.arm64.trimmed.zip) 申請免費憑證 :::info :bulb: **注意:** 每三個月須要更新一次 ::: ## 環境 - XAMPP - Apache ## 事前準備 - 下載 [letsencrypt](https://github.com/win-acme/win-acme/releases/win-acme.v2.1.20.1185.arm64.trimmed.zip) 至 C:/letsencrypt，並以管理員執行命令提示字元輸入 C:/letsencrypt/wacs.exe ## 開始產生憑證 * **Please choose from the menu:** M: Create certificate (full options) * **How shall we determine the domain(s) to include in the certificate?:** 2: Manual input * **Host:** 你的網址 * **Friendly name '[Manual] 你的網址'. <Enter> to accept or type desired name:** <Enter> * **How would you like prove ownership for the domain(s)?:** 1: [http-01] Save verification files on (network) path * **Path:** C:\xampp\htdocs\網站資料夾名稱 * **Copy default web.config before validation? (y/n)** N * **What kind of private key should be used for the certificate?:** 2: RSA key * **How would you like to store the certificate?:** 2: PEM encoded files (Apache, nginx, etc.) * **File path:** C:\xampp\apache\conf * **Password to set for the private key .pem file.** 1 * **Would you like to store it in another way too?:** 5: No (additional) store steps * **Which installation step should run first?:** 3: No (additional) installation steps * **Do you want to specify the user the task will run as? (y/n)** N ## 修改 Apache 的檔案 http-ssl.conf ### C:\xampp\apache\conf\extra\httpd-ssl.conf * 更改 **SSLCertificateFile**： SSLCertificateFile C:\xampp\apache\conf\你的網址-chain.pem * 更改 **SSLCertificateKeyFile**： SSLCertificateKeyFile C:\xampp\apache\conf\你的網址-key.pem * 更改 **SSLCipherSuite**： SSLCipherSuite ECDH+AESGCM256:ECDH+CHACHA20:DH+AESGCM256:ECDH+AES256:DH+AES256:!aNULL:!MD5:!DSS * 更改 **SSLProxyCipherSuite**： SSLProxyCipherSuite ECDH+AESGCM256:ECDH+CHACHA20:DH+AESGCM256:ECDH+AES256:DH+AES256:!aNULL:!MD5:!DSS * 更改 SSL 協議 **SSLProtocol**： SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 * 更改 SSL 協議 **SSLProxyProtocol**： SSLProxyProtocol all -SSLv3 -TLSv1 -TLSv1.1