Differences

This shows you the differences between two versions of the page.

--- ssl [2016/06/09 16:43] – [Apache] alex
+++ ssl [2017/10/26 18:59] (current) – [Standalone (non-HTTP)] mb
@@ Line 8: / Line 8: @@
 /var/www/well-known
 +-- example.com
-    \-- .well-known -> .
+|   \-- .well-known -> .
+\-- www.example.com -> example.com
 </code>
@@ Line 24: / Line 25: @@
 </code>
-**N.B.** you can append many more sub-domains on there if you want to use use multiple domains in the same certificate, though you might have to play with ''mod_rewrite'' in ''/etc/apache2/conf-available/well-known.conf'' to line things up.
+**N.B.** you can append many more sub-domains on there if you want to use use multiple domains in the same certificate
 Now go back to your ''<VirtualHost/>'' block for your domain and make the opening look like:
@@ Line 44: / Line 45: @@
 Finally, do one last reload and you should have a secure site (with your non-secure site redirecting to the secure one).
+===== Standalone (non-HTTP) =====
+Simply a case of running:
+<code>
+sudo certbot certonly --standalone --standalone-supported-challenges http-01 -d marmot.wormnet.eu -d imap.wormnet.eu -d smtp.wormnet.eu
+</code>
+You will need to shut down any webserver listening on ''80/tcp'' or ''443/tcp''. **N.B.** on marmot sslh is listening on 443; it's ok to shut down ''apache2'' only.
+Then you can tie in the certs at:
+  * **''/etc/exim4/exim4.conf.template'':** ''tls_certificate'' and ''tls_privatekey''
+  * **''/etc/imapd.conf'':** ''tls_cert_file'' and ''tls_key_file''
+  * **''/etc/imapd-http.conf'':** ''tls_cert_file'' and ''tls_key_file''