[GCP] 在 Bitnami 網站上,啟用 Let’s Encrypt 的 HTTPS 憑證
之前在 Bitnami WordPress 網站上啟用 HTTPS 時,
我是使用 SSL for free 的服務,
一直以來用的也都還 OK,
只是每三個月要定時重新申請一次 SSL 憑證,
手動步驟有點多,我還寫了個 script 來輔助加速…
這次不知道為什麼,沒有收到三個月憑證到期的通知信,
所以我的網站就直接被 Chrome 說是過期的憑證了…
上去 SSL for free 的網站上想重新申請,
卻發現它似乎被 ZeroSSL 買走了,帳號要重新申請,
而且要輸入多個域名的話,似乎要 PRO 付費版才可以…
想起之前看過的 Let’s Encrypt,這是另一個很有名的免費 SSL 憑證服務。
上去看了一下,本來照它的說明裝了 certbot,
不過產生憑證時卻出現了許多錯誤,而且好像又會自己去改 Apache 的設定檔…
我是用 Google Cloud Platform 上的 Bitnami 機器架的 WordPress,
實在有點擔心 certbot 改變的東西在 Bitnami 上可能位置也不同…
搜尋了一下 Bitnami 文件,這才發現它本來就有一個指令 bncert-tool,
可以直接支援 Let’s Encrypt~ (這個好東西我怎麼現在才知道呢?)
登入 GCP 上的虛擬機器後,執行 /opt/bitnami/bncert-tool:
testuser@wordpress-multisite-1-vm:~$ sudo /opt/bitnami/bncert-tool Warning: Custom redirections are not supported in the Bitnami WordPress Multisite Stack. This tool will not be able to enable/disable redirections. Press [Enter] to continue:
接著輸入憑證的網域名稱,多個的話可以用空白隔開,
像我是輸入 ephrain.net travel.ephrain.net hiro.ephrain.net 這樣三個網域名。
當然如果可以用 wildcard 域名是最好的,
不過也許免費版的 Let’s Encrypt 不支援吧 (不確定)~
---------------------------------------------------------------------------- Welcome to the Bitnami HTTPS Configuration tool. ---------------------------------------------------------------------------- Domains Please provide a valid space-separated list of domains for which you wish to configure your web server. Domain list []: ephrain.net travel.ephrain.net hiro.ephrain.net
問說是否也要支援 www. 開頭的域名,
這我都沒有在用,所以就選 No:
The following domains were not included: www.ephrain.net www.travel.ephrain.net www.hiro.ephrain.net. Do you want to add them? [Y/n]: n
接著它會列出將要執行的工作,
包含設定網頁伺服器、設定排程工作定期更新憑證 (太棒了!) 等等:
---------------------------------------------------------------------------- Changes to perform The following changes will be performed to your Bitnami installation: 1. Stop web server 2. Configure web server to use a free Let's Encrypt certificate for the domains: ephrain.net travel.ephrain.net hiro.ephrain.net 3. Configure a cron job to automatically renew the certificate each month 4. Configure web server name to: ephrain.net 5. Start web server once all changes have been performed Do you agree to these changes? [Y/n]: y
接著輸入一個電子郵件信箱:
---------------------------------------------------------------------------- Create a free HTTPS certificate with Let's Encrypt Please provide a valid e-mail address for which to associate your Let's Encrypt certificate. Domain list: ephrain.net travel.ephrain.net hiro.ephrain.net Server name: ephrain.net E-mail address []: [email protected]
同意 Let’s Encrypt 的使用說明:
The Let's Encrypt Subscriber Agreement can be found at: https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf Do you agree to the Let's Encrypt Subscriber Agreement? [Y/n]: y
接著它就開始執行,非常快速地就完成了設定:
---------------------------------------------------------------------------- Performing changes to your installation The Bitnami HTTPS Configuration Tool will perform any necessary actions to your Bitnami installation. This may take some time, please be patient. ---------------------------------------------------------------------------- Success The Bitnami HTTPS Configuration Tool succeeded in modifying your installation. The configuration report is shown below. Backup files: * /opt/bitnami/apache2/conf/httpd.conf.back.202007030700 * /opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf.back.202007030700 * /opt/bitnami/apache2/conf/bitnami/bitnami.conf.back.202007030700 Find more details in the log file: /tmp/bncert-202007030700.log If you find any issues, please check Bitnami Support forums at: https://community.bitnami.com Press [Enter] to continue:
這時再用 Chrome 瀏覽我的網站,發現已經使用了新建立的憑證,
而且有效日期也是 3 個月:
這個 bncert-tool 用起來真的很方便又快速,省下我不少苦功,
如果它之後真的能定期自動更新憑證的話,
就不用再煩惱憑證過期啦~
參考資料:Generate and Install a Let’s Encrypt SSL Certificate for a Bitnami ApplicationGenerate and Install a Let’s Encrypt SSL Certificate for a Bitnami Application