摘自:阿里云https配置教程

  1. 证书文件214179346500845.pem,包含两段内容,请不要删除任何一段内容。
  2. 如果是证书系统创建的CSR,还包含:证书私钥文件214179346500845.key、证书公钥文件public.pem、证书链文件chain.pem。
( 1 ) 在Apache的安装目录下创建cert目录,并且将下载的全部文件拷贝到cert目录中。如果申请证书时是自己创建的CSR文件,请将对应的私钥文件放到cert目录下并且命名为214179346500845.key;
( 2 ) 打开 apache 安装目录下 conf 目录中的 httpd.conf 文件,找到以下内容并去掉“#”:

#LoadModule ssl_module modules/mod_ssl.so (如果找不到请确认是否编译过 openssl 插件) 我是硬写进去的
#Include conf/extra/httpd-ssl.conf
( 3 ) 打开 apache 安装目录下 conf/extra/httpd-ssl.conf 文件 (也可能是conf.d/ssl.conf,与操作系统及安装方式有关), 在配置文件中查找以下配置语句:
# 添加 SSL 协议支持协议,去掉不安全的协议
SSLProtocol all -SSLv2 -SSLv3
# 修改加密套件如下
SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
SSLHonorCipherOrder on
# 证书公钥配置
SSLCertificateFile cert/public.pem
# 证书私钥配置
SSLCertificateKeyFile cert/214179346500845.key
# 证书链配置,如果该属性开头有 '#'字符,请删除掉
SSLCertificateChainFile cert/chain.pem
( 4 ) 重启 Apache。 
OK,恭喜你可以正常使用HTTPS来访问你的根目录了。

因为转lnmp了,贴下之前配置/usr/local/apache/conf/httpd.conf:

ServerRoot "/usr/local/apache"
Timeout 60
KeepAlive Off
MaxKeepAliveRequests 100
KeepAliveTimeout 15
Listen 80
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule reqtimeout_module modules/mod_reqtimeout.so
LoadModule filter_module modules/mod_filter.so
LoadModule mime_module modules/mod_mime.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule env_module modules/mod_env.so
LoadModule headers_module modules/mod_headers.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
LoadModule unixd_module modules/mod_unixd.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so

#配置https
LoadModule ssl_module modules/mod_ssl.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
#Include conf/extra/httpd-ssl.conf

<IfModule mpm_prefork_module>
</IfModule>
<IfModule !mpm_prefork_module>
</IfModule>
LoadModule dir_module modules/mod_dir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule php7_module        modules/libphp7.so
AddType application/x-httpd-php .php
<IfModule unixd_module>
User daemon
Group daemon
</IfModule>

ServerAdmin you@example.com
ServerName www.example.com:80
<Directory />
    AllowOverride All
    Require all denied
    #Require all granted
</Directory>


#DocumentRoot "/data/www/typecho"
<Directory "/data/www/typecho">
    Options FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>

<Directory "/data/www/wiki">
    Options FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>

#尝试配置443
<VirtualHost *:443>
    SSLEngine on
    SSLCertificateFile     /usr/local/apache/cert/public.pem
    SSLCertificateKeyFile  /usr/local/apache/cert/214179346500845.key
    <Directory /var/www/html/virtual-web>
        AllowOverride All
    </Directory>
    ServerAdmin email@example.com
    DocumentRoot /data/www/typecho
    ServerName  tyrad.cc
</VirtualHost>


<VirtualHost *:443>
    SSLEngine on
    SSLCertificateFile  /usr/local/apache/wikiCer/public.pem
    SSLCertificateKeyFile /usr/local/apache/wikiCer/214186353460845.key
    <Directory /var/www/html/virtual-web>
        AllowOverride All
    </Directory>
    ServerAdmin email@example.com
    DocumentRoot /data/www/wiki
    ServerName wiki.tyrad.cc
</VirtualHost>


#单个站点强制使用https (没必要)
#<VirtualHost *:80>
#    ServerName tyrad.cc
#    Redirect permanent / https://tyrad.cc
#</VirtualHost>




<IfModule dir_module>
    DirectoryIndex index.php index.html
</IfModule>
<Files ".ht*">
    Require all denied
</Files>
ErrorLog "logs/error_log"
LogLevel warn
<IfModule log_config_module>
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common
    <IfModule logio_module>
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>
    CustomLog "logs/access_log" common
</IfModule>
<IfModule alias_module>
    ScriptAlias /cgi-bin/ "/usr/local/apache/cgi-bin/"
</IfModule>
<IfModule cgid_module>
</IfModule>
<Directory "/usr/local/apache/cgi-bin">
    AllowOverride None
    Options None
    Require all granted
</Directory>
<IfModule headers_module>
    RequestHeader unset Proxy early
</IfModule>
<IfModule mime_module>
    TypesConfig conf/mime.types
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz
</IfModule>
<IfModule proxy_html_module>
Include conf/extra/proxy-html.conf
</IfModule>

#配置https
Include conf/extra/httpd-ssl.conf

<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>

#尝试配置多个域名(发现这个没什么用)
#Include conf/extra/httpd-vhosts.conf

#尝试配置多个域名
#NameVirtualHost *:80(这句apache  2.4 废弃不需要)
<VirtualHost *:80>
   ServerAdmin admin@example.com
   DocumentRoot "/data/www/typecho"
   ServerName www.tyrad.cc
   #ErrorLog "/usr/local/httpd/logs/error.log"
   # CustomLog "/usr/local/httpd/logs/custom.log" combined
</VirtualHost>

<VirtualHost *:80>
   ServerAdmin admin@example.com
   DocumentRoot "/data/www/wiki"
   ServerName wiki.tyrad.cc
   #ErrorLog "/usr/local/httpd/logs/blog_error.log"
   #CustomLog "/usr/local/httpd/logs/blog_custom.log" combined
</VirtualHost>


#配置ngrok的反向代理

#加载转发模块
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so


<VirtualHost *:80>
ServerName main.tunnel.tyrad.cc
ServerAlias *.tunnel.tyrad.cc
RewriteEngine On
RewriteRule ^/(.*) http://%{HTTP_HOST}:8080/$1 [P]
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
</VirtualHost>