免費證書https://lamp.sh/ssl.html

https（全稱：Hyper Text Transfer Protocol over Secure Socket Layer），是以安全爲目標的 http 通道，簡單講是 http 的安全版。即 http 下加入 SSL 層，https 的安全基礎是 SSL，所以加密的詳細內容就須要 SSL。
LAMP 新增對 Let’s Encrypt 的支持，自動簽發免費的證書，並添加自動任務到 crond，按期運行自動更新證書。
安裝完 LAMP 後，lamp 命令就能夠使用了，用法以下。

Usage: lamp [ add | del | list ]
add     Create new Apache Virtual Host
del     Delete Apache Virtual Host
list    List all of Apache Virtual Host

　

下面爲使用 lamp 命令增長 SSL 證書支持的詳細使用教程。

新增虛擬主機
注意：在新增虛擬主機以前，請務必確保域名已經解析到該服務器（VPS）的 IP 上，不然 Let’s Encrypt 驗證沒法經過。
使用命令：

lamp add

交互顯示以下：

Please enter server names(example: www.lamp.sh lamp.sh): 此處輸入網站域名
Please enter website root directory(default:/data/www/網站域名): 此處輸入網站根目錄路徑，默認回車便可
Please enter Administrator Email address: 此處輸入管理員郵箱地址
Administrator Email address: 此處顯示上一步輸入的郵箱地址
Do you want to create a database and mysql user with same name? [y/n]: 此處輸入 y 或 n，表示建立或不建立數據庫（輸入 y）
Virtual host [網站域名] has been created
Website root directory is: /data/www/網站域名
Database [數據庫名] and mysql user [數據庫用戶名] has been created // 數據庫及同名用戶建立成功
Reloading the apache config file...
Syntax OK
Reload success
Do you want to add a SSL certificate? [y/n]: 此處輸入 y 或 n，表示添加或不添加證書（輸入 y）
1: Use your own SSL Certificate and Key
2: Use Let's Encrypt to create SSL Certificate and Key
Please enter 1 or 2: 此處輸入 1 或 2，表示使用本身的證書，或使用 Let's Encrypt 簽發免費證書（輸入 2）
You have already chosen Let's Encrypt
It will be processed automatically
Installing certbot command...
此處開始下載安裝 certbot 命令
Starting create Let's Encrypt SSL Certificate...
此處開始安裝 certbot 運行所需的依賴庫等
Creating virtual environment...
Installing Python packages...
Installation succeeded.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for 網站域名
Using the webroot path /data/www/網站域名 for all unmatched domains.
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/網站域名/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/網站域名/privkey.pem
   Your cert will expire on 2018-02-02. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Let's encrypt crontab renew rule is not exist, create it!
Create Let's Encrypt SSL Certificate successfully
Reloading the apache config file...
Syntax OK
Reload success
All done

　

結束後，查看 crond 任務，命令以下：

crontab -l

確認返回值裏包含如下語句：

0 3 */7 * * /bin/certbot renew --disable-hook-validation --renew-hook "/etc/init.d/httpd restart"

Let’s Encrypt 簽發的證書和私鑰路徑：

/etc/letsencrypt/live/網站域名/fullchain.pem
/etc/letsencrypt/live/網站域名/privkey.pem

建立完虛擬主機後，網站的根目錄爲：

/data/www/網站域名

日誌文件的目錄爲：

/data/wwwlog/網站域名

最後，別忘了將你的程序放到網站根目錄下，便可使用。祝使用愉快！