在Ubuntu上配置SSL证书,一般可按以下步骤进行:
更新系统软件包并安装必要的依赖,如OpenSSL:
sudo apt update sudo apt install openssl 可使用Let’s Encrypt免费获取,安装Certbot工具:
sudo apt install certbot python3-certbot-nginx # 用于Nginx sudo apt install certbot python3-certbot-apache # 用于Apache 然后运行Certbot获取证书,以Nginx为例:
sudo certbot --nginx -d example.com -d www.example.com /etc/nginx/sites-available/。确保配置中包含监听443端口、指定证书和私钥文件路径等内容,如:server { listen 443 ssl; server_name example.com; ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # 其他配置... } 修改后测试配置并重新加载Nginx:
sudo nginx -t sudo systemctl reload nginx /etc/apache2/sites-available/。确保包含类似以下内容:<VirtualHost *:443> ServerName example.com SSLEngine on SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem # 其他配置... </VirtualHost> 然后启用站点并重启Apache:
sudo a2ensite example.com.conf sudo systemctl restart apache2 Let’s Encrypt证书有效期为90天,Certbot可自动续期。可手动测试续期:
sudo certbot renew --dry-run 若要设置定时任务自动续期,可编辑crontab:
sudo crontab -e 添加如下内容(每天检查两次):
0 12 * * * /usr/bin/certbot renew --quiet 0 0 * * * /usr/bin/certbot renew --quiet 
