Letsencrpyt Ubuntu 16.04: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Thomas (Diskussion | Beiträge) |
(→Config) |
||
| (15 dazwischenliegende Versionen von 2 Benutzern werden nicht angezeigt) | |||
| Zeile 1: | Zeile 1: | ||
=Install= | =Install= | ||
*sudo apt-get update | *sudo apt-get update | ||
| − | *sudo apt-get install software-properties-common | + | *sudo apt-get -y install software-properties-common |
| − | *sudo add-apt-repository ppa:certbot/certbot | + | *sudo add-apt-repository -y ppa:certbot/certbot |
*sudo apt-get update | *sudo apt-get update | ||
| − | *sudo apt-get install python-certbot-apache | + | *sudo apt-get install -y python-certbot-apache |
| + | |||
=Get the cert= | =Get the cert= | ||
| − | *sudo certbot --apache certonly | + | ==With Apache== |
| + | *sudo certbot certonly --apache -d www.domain.de | ||
| + | |||
| + | ==Standalone== | ||
| + | *certbot certonly --standalone | ||
| + | |||
=Certs Directory= | =Certs Directory= | ||
*tree /etc/letsencrypt/ | *tree /etc/letsencrypt/ | ||
| Zeile 19: | Zeile 25: | ||
│ └── regr.json | │ └── regr.json | ||
├── archive | ├── archive | ||
| − | │ └── sun. | + | │ └── sun.xmn.de |
│ ├── cert1.pem | │ ├── cert1.pem | ||
│ ├── chain1.pem | │ ├── chain1.pem | ||
| Zeile 29: | Zeile 35: | ||
│ └── 0000_key-certbot.pem | │ └── 0000_key-certbot.pem | ||
├── live | ├── live | ||
| − | │ └── sun. | + | │ └── sun.xmn.de |
│ ├── cert.pem -> ../../archive/sun.xmn.de/cert1.pem | │ ├── cert.pem -> ../../archive/sun.xmn.de/cert1.pem | ||
│ ├── chain.pem -> ../../archive/sun.xmn.de/chain1.pem | │ ├── chain.pem -> ../../archive/sun.xmn.de/chain1.pem | ||
| Zeile 43: | Zeile 49: | ||
└── pre | └── pre | ||
</pre> | </pre> | ||
| + | =Apache= | ||
| + | ==To do== | ||
| + | *cd /etc/apache2/mods-enabled | ||
| + | *ln -s ../mods-available/socache_* . | ||
| + | *ln -s ../mods-available/ssl* . | ||
| + | *mkdir -p /var/log/apache2/sun.xmn.de/ | ||
| + | *chown www-data.www-data /var/log/apache2/sun.xmn.de/ | ||
| + | ==Config== | ||
| + | *cat /etc/apache2/sites-available/sun.xmn.de.conf | ||
| + | <pre> | ||
| + | <IfModule mod_ssl.c> | ||
| + | <VirtualHost _default_:443> | ||
| + | ServerName sun.xmn.de | ||
| + | ServerAdmin technik@xinux.de | ||
| + | DocumentRoot /mnt/md0/media/sun.xmn.de | ||
| + | ErrorLog ${APACHE_LOG_DIR}/sun.xmn.de/error.log | ||
| + | CustomLog ${APACHE_LOG_DIR}/sun.xmn.de/access.log combined | ||
| + | SSLCertificateFile /etc/letsencrypt/live/sun.xmn.de/fullchain.pem | ||
| + | SSLCertificateKeyFile /etc/letsencrypt/live/sun.xmn.de/privkey.pem | ||
| + | Include /etc/letsencrypt/options-ssl-apache.conf | ||
| + | <Directory "/mnt/md0/media/sun.xmn.de"> | ||
| + | Options +Indexes +FollowSymLinks | ||
| + | Require all granted | ||
| + | </Directory> | ||
| + | <FilesMatch "\.(cgi|shtml|phtml|php)$"> | ||
| + | SSLOptions +StdEnvVars | ||
| + | </FilesMatch> | ||
| + | <Directory /usr/lib/cgi-bin> | ||
| + | SSLOptions +StdEnvVars | ||
| + | </Directory> | ||
| + | BrowserMatch "MSIE [2-6]" \ | ||
| + | nokeepalive ssl-unclean-shutdown \ | ||
| + | downgrade-1.0 force-response-1.0 | ||
| + | BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown | ||
| + | |||
| + | </VirtualHost> | ||
| + | </IfModule> | ||
| + | </pre> | ||
| + | |||
| + | ==Set links== | ||
| + | *ln -s /etc/apache2/sites-available/sun.xmn.de.conf /etc/apache2/sites-enabled/ | ||
| + | ==Restart== | ||
| + | *systemctl restart apache2 | ||
| + | |||
| + | =Cronjob= | ||
| + | 0 */6 * * * /usr/bin/certbot renew --no-self-upgrade --pre-hook "systemctl stop apache2" --post-hook "systemctl start apache2" | ||
| + | *[[Systemd Certbot Apache Timer]] | ||
| + | =Seite Checken= | ||
| + | *https://www.sslshopper.com/s | ||
Aktuelle Version vom 7. März 2018, 10:54 Uhr
Install
- sudo apt-get update
- sudo apt-get -y install software-properties-common
- sudo add-apt-repository -y ppa:certbot/certbot
- sudo apt-get update
- sudo apt-get install -y python-certbot-apache
Get the cert
With Apache
- sudo certbot certonly --apache -d www.domain.de
Standalone
- certbot certonly --standalone
Certs Directory
- tree /etc/letsencrypt/
/etc/letsencrypt/
├── accounts
│ └── acme-v01.api.letsencrypt.org
│ └── directory
│ └── 7dadf2df086c13b39ec5fd10d0ba33e2
│ ├── meta.json
│ ├── private_key.json
│ └── regr.json
├── archive
│ └── sun.xmn.de
│ ├── cert1.pem
│ ├── chain1.pem
│ ├── fullchain1.pem
│ └── privkey1.pem
├── csr
│ └── 0000_csr-certbot.pem
├── keys
│ └── 0000_key-certbot.pem
├── live
│ └── sun.xmn.de
│ ├── cert.pem -> ../../archive/sun.xmn.de/cert1.pem
│ ├── chain.pem -> ../../archive/sun.xmn.de/chain1.pem
│ ├── fullchain.pem -> ../../archive/sun.xmn.de/fullchain1.pem
│ ├── privkey.pem -> ../../archive/sun.xmn.de/privkey1.pem
│ └── README
├── options-ssl-apache.conf
├── renewal
│ └── sun.xmn.de.conf
└── renewal-hooks
├── deploy
├── post
└── pre
Apache
To do
- cd /etc/apache2/mods-enabled
- ln -s ../mods-available/socache_* .
- ln -s ../mods-available/ssl* .
- mkdir -p /var/log/apache2/sun.xmn.de/
- chown www-data.www-data /var/log/apache2/sun.xmn.de/
Config
- cat /etc/apache2/sites-available/sun.xmn.de.conf
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerName sun.xmn.de
ServerAdmin technik@xinux.de
DocumentRoot /mnt/md0/media/sun.xmn.de
ErrorLog ${APACHE_LOG_DIR}/sun.xmn.de/error.log
CustomLog ${APACHE_LOG_DIR}/sun.xmn.de/access.log combined
SSLCertificateFile /etc/letsencrypt/live/sun.xmn.de/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/sun.xmn.de/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
<Directory "/mnt/md0/media/sun.xmn.de">
Options +Indexes +FollowSymLinks
Require all granted
</Directory>
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>
Set links
- ln -s /etc/apache2/sites-available/sun.xmn.de.conf /etc/apache2/sites-enabled/
Restart
- systemctl restart apache2
Cronjob
0 */6 * * * /usr/bin/certbot renew --no-self-upgrade --pre-hook "systemctl stop apache2" --post-hook "systemctl start apache2"