====== Lets Encrypt SSL ======
===== Apache =====
Set up the following directory structure (look at the others there as an example):
$ sudo tree -a /var/www/well-known
/var/www/well-known
+-- example.com
| \-- .well-known -> .
\-- www.example.com -> example.com
For your regular HTTP site (non-SSL) add the following to your '''' block:
Include /etc/apache2/conf-available/well-known.conf
Now reload Apache for your configuration to take effect.
Finally run:
sudo certbot certonly --webroot -w /var/www/well-known/example.com -d example.com -d www.example.com
**N.B.** you can append many more sub-domains on there if you want to use use multiple domains in the same certificate
Now go back to your '''' block for your domain and make the opening look like:
Now slip into in the following lines into the block its-self:
SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
Include /etc/letsencrypt/options-ssl-apache.conf
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule . https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Finally, do one last reload and you should have a secure site (with your non-secure site redirecting to the secure one).
===== Standalone (non-HTTP) =====
Simply a case of running:
sudo certbot certonly --standalone --standalone-supported-challenges http-01 -d marmot.wormnet.eu -d imap.wormnet.eu -d smtp.wormnet.eu
You will need to shut down any webserver listening on ''80/tcp'' or ''443/tcp''. **N.B.** on marmot sslh is listening on 443; it's ok to shut down ''apache2'' only.
Then you can tie in the certs at:
* **''/etc/exim4/exim4.conf.template'':** ''tls_certificate'' and ''tls_privatekey''
* **''/etc/imapd.conf'':** ''tls_cert_file'' and ''tls_key_file''
* **''/etc/imapd-http.conf'':** ''tls_cert_file'' and ''tls_key_file''