This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
ssl [2016/06/09 17:04] alex [Apache] |
ssl [2017/10/26 18:59] (current) mb [Standalone (non-HTTP)] |
||
---|---|---|---|
Line 8: | Line 8: | ||
/var/www/well-known | /var/www/well-known | ||
+-- example.com | +-- example.com | ||
- | \-- .well-known -> . | + | | \-- .well-known -> . |
+ | \-- www.example.com -> example.com | ||
</code> | </code> | ||
Line 24: | Line 25: | ||
</code> | </code> | ||
- | **N.B.** you can append many more sub-domains on there if you want to use use multiple domains in the same certificate, though you you will need to softlink ''/var/www/well-known/subdomain.example.com'' to ''/var/www/well-known/example.com'' | + | **N.B.** you can append many more sub-domains on there if you want to use use multiple domains in the same certificate |
Now go back to your ''<VirtualHost/>'' block for your domain and make the opening look like: | Now go back to your ''<VirtualHost/>'' block for your domain and make the opening look like: | ||
Line 44: | Line 45: | ||
Finally, do one last reload and you should have a secure site (with your non-secure site redirecting to the secure one). | Finally, do one last reload and you should have a secure site (with your non-secure site redirecting to the secure one). | ||
+ | |||
+ | ===== Standalone (non-HTTP) ===== | ||
+ | |||
+ | Simply a case of running: | ||
+ | |||
+ | <code> | ||
+ | sudo certbot certonly --standalone --standalone-supported-challenges http-01 -d marmot.wormnet.eu -d imap.wormnet.eu -d smtp.wormnet.eu | ||
+ | </code> | ||
+ | |||
+ | You will need to shut down any webserver listening on ''80/tcp'' or ''443/tcp''. **N.B.** on marmot sslh is listening on 443; it's ok to shut down ''apache2'' only. | ||
+ | |||
+ | |||
+ | Then you can tie in the certs at: | ||
+ | |||
+ | * **''/etc/exim4/exim4.conf.template'':** ''tls_certificate'' and ''tls_privatekey'' | ||
+ | * **''/etc/imapd.conf'':** ''tls_cert_file'' and ''tls_key_file'' | ||
+ | * **''/etc/imapd-http.conf'':** ''tls_cert_file'' and ''tls_key_file'' |