This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
ssl [2016/06/09 19:10] alex [Apache] |
ssl [2017/10/26 19:59] (current) mb [Standalone (non-HTTP)] |
||
---|---|---|---|
Line 7: | Line 7: | ||
$ sudo tree -a /var/www/well-known | $ sudo tree -a /var/www/well-known | ||
/var/www/well-known | /var/www/well-known | ||
- | +-- digriz.org.uk | + | +-- example.com |
- | | \-- .well-known | + | | \-- .well-known -> . |
- | \-- www.digriz.org.uk -> digriz.org.uk | + | \-- www.example.com -> example.com |
</code> | </code> | ||
Line 45: | Line 45: | ||
Finally, do one last reload and you should have a secure site (with your non-secure site redirecting to the secure one). | Finally, do one last reload and you should have a secure site (with your non-secure site redirecting to the secure one). | ||
+ | |||
+ | ===== Standalone (non-HTTP) ===== | ||
+ | |||
+ | Simply a case of running: | ||
+ | |||
+ | <code> | ||
+ | sudo certbot certonly --standalone --standalone-supported-challenges http-01 -d marmot.wormnet.eu -d imap.wormnet.eu -d smtp.wormnet.eu | ||
+ | </code> | ||
+ | |||
+ | You will need to shut down any webserver listening on ''80/tcp'' or ''443/tcp''. **N.B.** on marmot sslh is listening on 443; it's ok to shut down ''apache2'' only. | ||
+ | |||
+ | |||
+ | Then you can tie in the certs at: | ||
+ | |||
+ | * **''/etc/exim4/exim4.conf.template'':** ''tls_certificate'' and ''tls_privatekey'' | ||
+ | * **''/etc/imapd.conf'':** ''tls_cert_file'' and ''tls_key_file'' | ||
+ | * **''/etc/imapd-http.conf'':** ''tls_cert_file'' and ''tls_key_file'' |