Wealthxin.com 服务器 SSL 配置总结

一、Let’s Encrypt 安装

在 Ubuntu 上安装 Certbot：

sudo apt update
sudo apt install certbot

二、申请多域名证书（standalone 模式）

例如：

• www.wealthxin.com
• bbs.wealthxin.com

一次性申请：

sudo certbot certonly --standalone --agree-tos --email eXXXX@gmail.com -d www.wealthxin.com -d bbs.wealthxin.com

生成路径：

/etc/letsencrypt/live/www.wealthxin.com/
    cert.pem
    chain.pem
    fullchain.pem
    privkey.pem

三、XAMPP 配置 SSL

目录结构

将证书复制到：

/opt/lampp/etc/ssl/www.wealthxin.com/

复制命令：

sudo mkdir -p /opt/lampp/etc/ssl/www.wealthxin.com

sudo cp /etc/letsencrypt/live/www.wealthxin.com/fullchain.pem       /opt/lampp/etc/ssl/www.wealthxin.com/fullchain.pem

sudo cp /etc/letsencrypt/live/www.wealthxin.com/privkey.pem         /opt/lampp/etc/ssl/www.wealthxin.com/privkey.pem

四、Apache VirtualHost 配置

www.wealthxin.com

HTTP 跳转到 HTTPS：

<VirtualHost *:80>
    ServerName www.wealthxin.com
    Redirect permanent / https://www.wealthxin.com/
    ErrorLog "logs/www.wealthxin.com-error_log"
    CustomLog "logs/www.wealthxin.com-access_log" common
</VirtualHost>

HTTPS：

<VirtualHost *:443>
    ServerName www.wealthxin.com
    DocumentRoot "/opt/lampp/htdocs/wealthxincom"

    SSLEngine on
    SSLCertificateFile "/opt/lampp/etc/ssl/www.wealthxin.com/fullchain.pem"
    SSLCertificateKeyFile "/opt/lampp/etc/ssl/www.wealthxin.com/privkey.pem"

    <Directory "/opt/lampp/htdocs/wealthxincom">
        AllowOverride All
        Require all granted
    </Directory>

    ErrorLog "logs/www.wealthxin.com-error_log"
    CustomLog "logs/www.wealthxin.com-access_log" common
</VirtualHost>

bbs.wealthxin.com

HTTP 跳转到 HTTPS：

<VirtualHost *:80>
    ServerName bbs.wealthxin.com
    Redirect permanent / https://bbs.wealthxin.com/
    ErrorLog "logs/bbs.wealthxin.com-error_log"
    CustomLog "logs/bbs.wealthxin.com-access_log" common
</VirtualHost>

HTTPS：

<VirtualHost *:443>
    ServerName bbs.wealthxin.com
    DocumentRoot "/opt/lampp/htdocs/bbswealthxincom"

    SSLEngine on
    SSLCertificateFile "/opt/lampp/etc/ssl/www.wealthxin.com/fullchain.pem"
    SSLCertificateKeyFile "/opt/lampp/etc/ssl/www.wealthxin.com/privkey.pem"

    <Directory "/opt/lampp/htdocs/bbswealthxincom">
        AllowOverride All
        Require all granted
    </Directory>

    ErrorLog "logs/bbs.wealthxin.com-error_log"
    CustomLog "logs/bbs.wealthxin.com-access_log" common
</VirtualHost>

五、自动续期脚本

创建renew_ssl.sh脚本

命令为：

sudo nano /usr/local/bin/renew_ssl.sh

内容：

#!/bin/bash

certbot renew --quiet --no-self-upgrade

if [ $? -eq 0 ]; then
    echo "$(date) - Certificates renewed successfully. Restarting XAMPP..." >> /var/log/letsencrypt-renew.log
    /opt/lampp/lampp restart
else
    echo "$(date) - Certbot renew failed." >> /var/log/letsencrypt-renew.log
fi

赋予renew_ssl.sh可执行权限：

sudo chmod +x /usr/local/bin/renew_ssl.sh

配置 Cron

编辑 crontab：

sudo crontab -e

添加：

0 2 * * * /usr/local/bin/renew_ssl.sh >> /var/log/letsencrypt-renew.log 2>&1

六、常用检查命令

检查 Apache 配置

sudo /opt/lampp/bin/apachectl -t

测试 SSL 证书

openssl s_client -connect www.wealthxin.com:443 -servername www.wealthxin.com -showcerts

查看 Cron 配置

sudo crontab -l

测试续期（Dry-run）

sudo certbot renew --dry-run

写在最后：经过一天的折腾终于搞定了财富辛博客网站及论坛的SSL设置，目前还为发生异常，继续观察中。安装过程中，还是有很多弯路的，不过那是我自己不熟悉的原因，也反复了好多次，最后折腾下来，应该就是上面的步骤内容和命令。

系统配置环境是Ubuntu V24.04, 及lampp。