User Tools

Site Tools


ssl

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
ssl [2016/06/09 16:30]
alex [Apache]
ssl [2017/10/26 18:59] (current)
mb [Standalone (non-HTTP)]
Line 8: Line 8:
 /​var/​www/​well-known /​var/​www/​well-known
 +-- example.com +-- example.com
- ​   ​\-- .well-known -> .+|   \-- .well-known -> . 
 +\-- www.example.com -> example.com
 </​code>​ </​code>​
  
Line 21: Line 22:
 Finally run: Finally run:
 <​code>​ <​code>​
-sudo certbot certonly --webroot -w /​var/​www/​well-known/​coremem.com -d example.com -d www.example.com+sudo certbot certonly --webroot -w /​var/​www/​well-known/​example.com -d example.com -d www.example.com
 </​code>​ </​code>​
  
-'''​N.B.''' ​you can add append many more sub-domains on there if you want to use use multiple domains in the same certificate, though you might have to play with ''​mod_rewrite''​ in ''/​etc/​apache2/​conf-available/​well-known.conf''​ to line things up.+**N.B.** you can append many more sub-domains on there if you want to use use multiple domains in the same certificate
  
-Now go back to your Apache configuration section and add a new ''<​VirtualHost/>''​ block for your domain ​but create your HTTPS section ​and insert ​the following lines into it:+Now go back to your ''<​VirtualHost/>''​ block for your domain and make the opening look like: 
 +<​code>​ 
 +<​VirtualHost *:80 *:443> 
 +</​code>​ 
 + 
 +Now slip into in the following lines into the block its-self:
 <​code>​ <​code>​
 SSLCertificateFile /​etc/​letsencrypt/​live/​example.com/​cert.pem SSLCertificateFile /​etc/​letsencrypt/​live/​example.com/​cert.pem
Line 32: Line 38:
 SSLCertificateChainFile /​etc/​letsencrypt/​live/​example.com/​chain.pem SSLCertificateChainFile /​etc/​letsencrypt/​live/​example.com/​chain.pem
 Include /​etc/​letsencrypt/​options-ssl-apache.conf Include /​etc/​letsencrypt/​options-ssl-apache.conf
 +
 +RewriteEngine on
 +RewriteCond %{HTTPS} off
 +RewriteRule . https://​%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
 </​code>​ </​code>​
  
-Finally, do one last reload and you should have a secure site.+Finally, do one last reload and you should have a secure site (with your non-secure site redirecting to the secure one). 
 + 
 +===== Standalone (non-HTTP) ===== 
 + 
 +Simply a case of running: 
 + 
 +<​code>​ 
 +sudo certbot certonly --standalone --standalone-supported-challenges http-01 -d marmot.wormnet.eu -d imap.wormnet.eu -d smtp.wormnet.eu 
 +</​code>​ 
 + 
 +You will need to shut down any webserver listening on ''​80/​tcp''​ or ''​443/​tcp''​. **N.B.** on marmot sslh is listening on 443; it's ok to shut down ''​apache2''​ only.  
 + 
 + 
 +Then you can tie in the certs at: 
 + 
 +  * **''/​etc/​exim4/​exim4.conf.template'':​** ''​tls_certificate''​ and ''​tls_privatekey''​ 
 +  * **''/​etc/​imapd.conf'':​** ''​tls_cert_file''​ and ''​tls_key_file''​ 
 +  * **''/​etc/​imapd-http.conf'':​** ''​tls_cert_file''​ and ''​tls_key_file''​
ssl.1465489831.txt.gz · Last modified: 2016/06/09 16:30 by alex