Let\’s Encrypt 是一个非营利性的证书颁发机构，它提供证书，以便您的网站可以使用安全连接。Certbot是一个开源软件工具，用于在 Web 上集成和管理 Let\’s Encrypt 证书以启用安全的 HTTPS 协议。它将自动为您管理 Let\’s Encrypt 证书。

在 Ubuntu 22.04 LTS Jammy Jellyfish 上使用 Let\’s Encrypt 安装 Apache

apt步骤 1. 首先，通过在终端中运行以下命令，确保所有系统包都是最新的。

sudo apt update
sudo apt upgrade

步骤 2. 在 Ubuntu 22.04 上安装 Apache HTTP 服务器。

默认情况下，Apache 在 Ubuntu 22.04 基础存储库中可用。现在运行以下命令将最新版本的 Apache 安装到您的 Ubuntu 系统：

sudo apt install apache2

成功安装后，启用 Apache（系统启动时自动启动），启动，并使用以下命令验证状态：

sudo systemctl enable apache2
sudo systemctl start apache2
sudo systemctl status apache2

您可以使用以下命令确认 Apache2 版本：

apache2 -v

步骤 3. 配置防火墙。

现在，我们使用 Apache 设置了一个简单防火墙 (UFW)，以允许对 HTTP 和 HTTPS 的默认 Web 端口进行公共访问：

sudo ufw allow OpenSSH
sudo ufw allow \'Apache Full\'
sudo ufw enable

步骤 4. 访问 Apache Web 服务器。

成功安装后，打开系统上的 Web 浏览器并在地址栏中输入服务器的 IP。您将获得默认的 Apache 服务器页面：

步骤 5. 创建 Apache 虚拟主机。

首先，创建一个根目录来保存您网站的文件：

sudo mkdir -p /var/www/html/domain.com/

然后，更改目录的所有权和组：

sudo chown -R www-data:www-data /var/www/html/domain.com/

之后，我们创建一个 Apache 虚拟主机来为网站的 HTTP 版本提供服务：

sudo nano /etc/apache2/sites-available/www.domain.com.conf

添加以下文件：

   ServerName domain.com
   ServerAlias www.domain.com
   ServerAdmin admin@domain.com
   DocumentRoot /var/www/html/www.domain.com

   ErrorLog ${APACHE_LOG_DIR}/www.domain.com_error.log
   CustomLog ${APACHE_LOG_DIR}/www.domain.com_access.log combined

   
      Options FollowSymlinks
      AllowOverride All
      Require all granted
   

保存并关闭文件，然后重新启动 Apache 网络服务器以进行更改：

sudo a2ensite www.domain.com.conf
sudo a2enmod ssl rewrite
sudo systemctl restart apache2

步骤 6. 在 Ubuntu 22.04 上使用 Let\’s Encrypt 保护 Apache。

首先，您需要安装 Certbot 以使用 Let\’s Encrypt 获取 SSL 证书：

sudo apt install certbot python3-certbot-apache

接下来，按照以下步骤使用 Let\’s Encrypt 获取您的 SSL 证书：

sudo certbot --apache

您将需要按照交互式提示安装证书。由于我有两个域，我将为这两个域安装 SSL 证书：

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
 (Enter \'c\' to cancel): admin@domain.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let\'s Encrypt project and the non-profit organization that
develops Certbot? We\'d like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N
Account registered.

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: domain.com
2: www.domain.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter \'c\' to cancel): 1,2
Requesting a certificate for domain.com and www.domain.com
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/domain.com/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/domain.com/privkey.pem
This certificate expires on 2022-12-10.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate
Successfully deployed certificate for domain.com to /etc/apache2/sites-available/www.domain.com-le-ssl.conf
Successfully deployed certificate for www.domain.com to /etc/apache2/sites-available/www.domain.com-le-ssl.conf
Congratulations! You have successfully enabled HTTPS on https://domain.com and https://www.domain.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let\'s Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

步骤 7. 自动续订 SSL。

Let\’s Encrypt 证书的有效期为 90 天，强烈建议在证书到期前更新证书。您可以通过运行以下命令来测试证书的自动续订：

sudo certbot renew --dry-run

输出：

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/domain.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Account registered.
Simulating renewal of an existing certificate for domain.com and www.domain.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations, all simulated renewals succeeded: 
  /etc/letsencrypt/live/domain.com/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

步骤 8. 测试 SSL。

使用 Let\’s Encrypt SSL 成功完成安全 Apache 后，现在转到ssllabs.com/ssltest/并在您的域上运行 SSL 测试：

感谢您使用本教程在 Ubuntu 22.04 LTS Jammy Jellyfish 系统上使用 Let\’s Encrypt TLS/SSL 安装 Apache。如需更多帮助或有用信息，我们建议您查看Apache 官方网站。