ssl
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
|
ssl [2016/06/09 17:26] alex created |
ssl [2017/10/26 19:59] (current) mb [Standalone (non-HTTP)] |
||
|---|---|---|---|
| Line 8: | Line 8: | ||
| /var/www/well-known | /var/www/well-known | ||
| +-- example.com | +-- example.com | ||
| - | \-- .well-known -> . | + | | \-- .well-known -> . |
| + | \-- www.example.com -> example.com | ||
| + | </code> | ||
| For your regular HTTP site (non-SSL) add the following to your ''<VirtualHost/>'' block: | For your regular HTTP site (non-SSL) add the following to your ''<VirtualHost/>'' block: | ||
| Line 20: | Line 22: | ||
| Finally run: | Finally run: | ||
| <code> | <code> | ||
| - | sudo certbot certonly --webroot -w /var/www/well-known/coremem.com -d example.com -d www.example.com | + | sudo certbot certonly --webroot -w /var/www/well-known/example.com -d example.com -d www.example.com |
| </code> | </code> | ||
| + | |||
| + | **N.B.** you can append many more sub-domains on there if you want to use use multiple domains in the same certificate | ||
| + | |||
| + | Now go back to your ''<VirtualHost/>'' block for your domain and make the opening look like: | ||
| + | <code> | ||
| + | <VirtualHost *:80 *:443> | ||
| + | </code> | ||
| + | |||
| + | Now slip into in the following lines into the block its-self: | ||
| + | <code> | ||
| + | SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem | ||
| + | SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem | ||
| + | SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem | ||
| + | Include /etc/letsencrypt/options-ssl-apache.conf | ||
| + | |||
| + | RewriteEngine on | ||
| + | RewriteCond %{HTTPS} off | ||
| + | RewriteRule . https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] | ||
| + | </code> | ||
| + | |||
| + | Finally, do one last reload and you should have a secure site (with your non-secure site redirecting to the secure one). | ||
| + | |||
| + | ===== Standalone (non-HTTP) ===== | ||
| + | |||
| + | Simply a case of running: | ||
| + | |||
| + | <code> | ||
| + | sudo certbot certonly --standalone --standalone-supported-challenges http-01 -d marmot.wormnet.eu -d imap.wormnet.eu -d smtp.wormnet.eu | ||
| + | </code> | ||
| + | |||
| + | You will need to shut down any webserver listening on ''80/tcp'' or ''443/tcp''. **N.B.** on marmot sslh is listening on 443; it's ok to shut down ''apache2'' only. | ||
| + | |||
| + | |||
| + | Then you can tie in the certs at: | ||
| + | |||
| + | * **''/etc/exim4/exim4.conf.template'':** ''tls_certificate'' and ''tls_privatekey'' | ||
| + | * **''/etc/imapd.conf'':** ''tls_cert_file'' and ''tls_key_file'' | ||
| + | * **''/etc/imapd-http.conf'':** ''tls_cert_file'' and ''tls_key_file'' | ||
ssl.1465489564.txt.gz · Last modified: 2016/06/09 17:26 by alex
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
