User Tools

Site Tools


ssl

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
ssl [2016/06/09 17:04]
alex [Apache]
ssl [2017/10/26 18:59] (current)
mb [Standalone (non-HTTP)]
Line 8: Line 8:
 /​var/​www/​well-known /​var/​www/​well-known
 +-- example.com +-- example.com
- ​   ​\-- .well-known -> .+|   \-- .well-known -> . 
 +\-- www.example.com -> example.com
 </​code>​ </​code>​
  
Line 24: Line 25:
 </​code>​ </​code>​
  
-**N.B.** you can append many more sub-domains on there if you want to use use multiple domains in the same certificate, though you you will need to softlink ''/​var/​www/​well-known/​subdomain.example.com''​ to ''/​var/​www/​well-known/​example.com''​+**N.B.** you can append many more sub-domains on there if you want to use use multiple domains in the same certificate
  
 Now go back to your ''<​VirtualHost/>''​ block for your domain and make the opening look like: Now go back to your ''<​VirtualHost/>''​ block for your domain and make the opening look like:
Line 44: Line 45:
  
 Finally, do one last reload and you should have a secure site (with your non-secure site redirecting to the secure one). Finally, do one last reload and you should have a secure site (with your non-secure site redirecting to the secure one).
 +
 +===== Standalone (non-HTTP) =====
 +
 +Simply a case of running:
 +
 +<​code>​
 +sudo certbot certonly --standalone --standalone-supported-challenges http-01 -d marmot.wormnet.eu -d imap.wormnet.eu -d smtp.wormnet.eu
 +</​code>​
 +
 +You will need to shut down any webserver listening on ''​80/​tcp''​ or ''​443/​tcp''​. **N.B.** on marmot sslh is listening on 443; it's ok to shut down ''​apache2''​ only. 
 +
 +
 +Then you can tie in the certs at:
 +
 +  * **''/​etc/​exim4/​exim4.conf.template'':​** ''​tls_certificate''​ and ''​tls_privatekey''​
 +  * **''/​etc/​imapd.conf'':​** ''​tls_cert_file''​ and ''​tls_key_file''​
 +  * **''/​etc/​imapd-http.conf'':​** ''​tls_cert_file''​ and ''​tls_key_file''​
ssl.1465491851.txt.gz · Last modified: 2016/06/09 17:04 by alex