WormNet Wiki

User Tools

Site Tools

Trace:
ssl

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
ssl [2016/06/09 16:30] – [Apache] alexssl [2017/10/26 18:59] (current) – [Standalone (non-HTTP)] mb
Line 8: Line 8:
 /var/www/well-known /var/www/well-known
 +-- example.com +-- example.com
-    \-- .well-known -> .+|   \-- .well-known -> . 
 +\-- www.example.com -> example.com
 </code> </code>
  
Line 21: Line 22:
 Finally run: Finally run:
 <code> <code>
-sudo certbot certonly --webroot -w /var/www/well-known/coremem.com -d example.com -d www.example.com+sudo certbot certonly --webroot -w /var/www/well-known/example.com -d example.com -d www.example.com
 </code> </code>
  
-'''N.B.''' you can add append many more sub-domains on there if you want to use use multiple domains in the same certificate, though you might have to play with ''mod_rewrite'' in ''/etc/apache2/conf-available/well-known.conf'' to line things up.+**N.B.** you can append many more sub-domains on there if you want to use use multiple domains in the same certificate
  
-Now go back to your Apache configuration section and add a new ''<VirtualHost/>'' block for your domain but create your HTTPS section and insert the following lines into it:+Now go back to your ''<VirtualHost/>'' block for your domain and make the opening look like: 
 +<code> 
 +<VirtualHost *:80 *:443> 
 +</code> 
 + 
 +Now slip into in the following lines into the block its-self:
 <code> <code>
 SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
Line 32: Line 38:
 SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
 Include /etc/letsencrypt/options-ssl-apache.conf Include /etc/letsencrypt/options-ssl-apache.conf
 +
 +RewriteEngine on
 +RewriteCond %{HTTPS} off
 +RewriteRule . https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
 </code> </code>
  
-Finally, do one last reload and you should have a secure site.+Finally, do one last reload and you should have a secure site (with your non-secure site redirecting to the secure one). 
 + 
 +===== Standalone (non-HTTP) ===== 
 + 
 +Simply a case of running: 
 + 
 +<code> 
 +sudo certbot certonly --standalone --standalone-supported-challenges http-01 -d marmot.wormnet.eu -d imap.wormnet.eu -d smtp.wormnet.eu 
 +</code> 
 + 
 +You will need to shut down any webserver listening on ''80/tcp'' or ''443/tcp''. **N.B.** on marmot sslh is listening on 443; it's ok to shut down ''apache2'' only.  
 + 
 + 
 +Then you can tie in the certs at: 
 + 
 +  * **''/etc/exim4/exim4.conf.template'':** ''tls_certificate'' and ''tls_privatekey'' 
 +  * **''/etc/imapd.conf'':** ''tls_cert_file'' and ''tls_key_file'' 
 +  * **''/etc/imapd-http.conf'':** ''tls_cert_file'' and ''tls_key_file''
ssl.1465489831.txt.gz · Last modified: 2016/06/09 16:30 by alex