免费证书https://lamp.sh/ssl.html

https（全称：Hyper Text Transfer Protocol over Secure Socket Layer），是以安全为目标的 http 通道，简单讲是 http 的安全版。即 http 下加入 SSL 层，https 的安全基础是 SSL，所以加密的详细内容就须要 SSL。
LAMP 新增对 Let’s Encrypt 的支持，自动签发免费的证书，并添加自动任务到 crond，按期运行自动更新证书。
安装完 LAMP 后，lamp 命令就能够使用了，用法以下。

Usage: lamp [ add | del | list ]
add     Create new Apache Virtual Host
del     Delete Apache Virtual Host
list    List all of Apache Virtual Host

　

下面为使用 lamp 命令增长 SSL 证书支持的详细使用教程。

新增虚拟主机
注意：在新增虚拟主机以前，请务必确保域名已经解析到该服务器（VPS）的 IP 上，不然 Let’s Encrypt 验证没法经过。
使用命令：

lamp add

交互显示以下：

Please enter server names(example: www.lamp.sh lamp.sh): 此处输入网站域名
Please enter website root directory(default:/data/www/网站域名): 此处输入网站根目录路径，默认回车便可
Please enter Administrator Email address: 此处输入管理员邮箱地址
Administrator Email address: 此处显示上一步输入的邮箱地址
Do you want to create a database and mysql user with same name? [y/n]: 此处输入 y 或 n，表示建立或不建立数据库（输入 y）
Virtual host [网站域名] has been created
Website root directory is: /data/www/网站域名
Database [数据库名] and mysql user [数据库用户名] has been created // 数据库及同名用户建立成功
Reloading the apache config file...
Syntax OK
Reload success
Do you want to add a SSL certificate? [y/n]: 此处输入 y 或 n，表示添加或不添加证书（输入 y）
1: Use your own SSL Certificate and Key
2: Use Let's Encrypt to create SSL Certificate and Key
Please enter 1 or 2: 此处输入 1 或 2，表示使用本身的证书，或使用 Let's Encrypt 签发免费证书（输入 2）
You have already chosen Let's Encrypt
It will be processed automatically
Installing certbot command...
此处开始下载安装 certbot 命令
Starting create Let's Encrypt SSL Certificate...
此处开始安装 certbot 运行所需的依赖库等
Creating virtual environment...
Installing Python packages...
Installation succeeded.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for 网站域名
Using the webroot path /data/www/网站域名 for all unmatched domains.
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/网站域名/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/网站域名/privkey.pem
   Your cert will expire on 2018-02-02. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Let's encrypt crontab renew rule is not exist, create it!
Create Let's Encrypt SSL Certificate successfully
Reloading the apache config file...
Syntax OK
Reload success
All done

　

结束后，查看 crond 任务，命令以下：

crontab -l

确认返回值里包含如下语句：

0 3 */7 * * /bin/certbot renew --disable-hook-validation --renew-hook "/etc/init.d/httpd restart"

Let’s Encrypt 签发的证书和私钥路径：

/etc/letsencrypt/live/网站域名/fullchain.pem
/etc/letsencrypt/live/网站域名/privkey.pem

建立完虚拟主机后，网站的根目录为：

/data/www/网站域名

日志文件的目录为：

/data/wwwlog/网站域名

最后，别忘了将你的程序放到网站根目录下，便可使用。祝使用愉快！