如何在 Amazon EC2 中安装 GoDaddy SSL 证书
我有一个 Godaddy 域,例如指向 amazon ec2 实例的 website.com.我从 Godaddy 为 website.com 购买了 ssl 证书.如何配置 ec2 实例以使 website.com https?
I have a Godaddy Domain for example , website.com which points to a amazon ec2 instance. I bought a ssl certificate from Godaddy for website.com . How can I configure ec2 instance to make website.com https?
如果您使用 Ubuntu 作为服务器实例,请遵循以下几点:
If you are using Ubuntu for the server instance, follow the following points:
使用ssh或putty登录ec2实例
Log in to the ec2 instance using ssh or putty
通过执行以下命令启用 ssl 模块:sudo a2enmod ssl
Enable ssl module by executing this command: sudo a2enmod ssl
您可能需要通过 systemctl 重新启动 apache 服务器:sudo systemctl restart apache2
You may have to restart the apache server through systemctl: sudo systemctl restart apache2
在你的 html 目录下创建一个 ssl 文件夹并打开它:sudo mkdir/var/www/html/my_ssl
cd/var/www/html/my_ssl
Make a ssl folder under your html directory and open it:
sudo mkdir /var/www/html/my_ssl
cd /var/www/html/my_ssl
生成 csr 和密钥文件:
Generate csr and key files:
sudo openssl req -nodes -newkey rsa:2048 -keyout my_website.key -out my_website.csr
您必须提供以下详细信息:国家、州、城市、组织、单位、FQDN、电子邮件、挑战密码、Optioanl 公司名称.请注意,FQDN 可以是 website.com 或 example.website.com
You'll have to provide these details: Country, State, City, Organization, Unit, FQDN, email, a challenge password, Optioanl company name. Note that the FQDN can be website.com or example.website.com
通过nano或vi打开csr文件,复制内容:vi/var/www/html/my_ssl/my_website.csr
Open the csr file through nano or vi and copy its contents: vi /var/www/html/my_ssl/my_website.csr
转到您的godaddy证书,单击新证书,选择处理csr的第二个选项,然后将内容粘贴到其中.如果没有发现问题,您可以继续下一步.
Go to your godaddy certificate, click on new certificate, choose the second option that handles csr, and paste the contents into it. If no problem is found, you can continue to the next step.
Godaddy 将向网站的标准管理员电子邮件之一发送电子邮件.如果它们都不存在,请确保创建它.证书从待处理状态变为有效状态大约需要半小时.
Godaddy will send an email to one of the standard admin emails of the site. If none of them exists, make sure you create it. It will take around half an hour for the certificate to change from pending to valid.
从godaddy下载key文件,放到apache ssl文件夹:/etc/apache2/ssl/certs
Download the key files from godaddy and put them in the apache ssl folder: /etc/apache2/ssl/certs
打开default-ssl.conf文件进行修改:sudo vi/etc/apache2/sites-available/default-ssl.conf
Open the default-ssl.conf file for modification : sudo vi /etc/apache2/sites-available/default-ssl.conf
添加您的网站名称,并更改 ServerAdmin 电子邮件、ServerAlias、DocumentRoot 的默认值,将 SSLEngine 设置为开启,以及 SSLCertificateFile、SSLCertificateKeyFile 和 SSLCertificateChainFile 的路径.
Add your website name, and change the default values for ServerAdmin email, ServerAlias, DocumentRoot, set SSLEngine on, and the paths of SSLCertificateFile, SSLCertificateKeyFile, and SSLCertificateChainFile.
最后将修改后的文件设置为默认配置并重启你的apache:
Finally set the modified file to be the default configuration and restart your apache:
sudo a2ensite default-ssl.conf
sudo service apache2 重启