WormNet Wiki

User Tools

Site Tools

Trace:
ssl

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
ssl [2016/06/09 16:26] – created alexssl [2017/10/26 18:59] (current) – [Standalone (non-HTTP)] mb
Line 8: Line 8:
 /var/www/well-known /var/www/well-known
 +-- example.com +-- example.com
-    \-- .well-known -> .+|   \-- .well-known -> . 
 +\-- www.example.com -> example.com 
 +</code>
  
 For your regular HTTP site (non-SSL) add the following to your ''<VirtualHost/>'' block: For your regular HTTP site (non-SSL) add the following to your ''<VirtualHost/>'' block:
Line 20: Line 22:
 Finally run: Finally run:
 <code> <code>
-sudo certbot certonly --webroot -w /var/www/well-known/coremem.com -d example.com -d www.example.com+sudo certbot certonly --webroot -w /var/www/well-known/example.com -d example.com -d www.example.com
 </code> </code>
 +
 +**N.B.** you can append many more sub-domains on there if you want to use use multiple domains in the same certificate
 +
 +Now go back to your ''<VirtualHost/>'' block for your domain and make the opening look like:
 +<code>
 +<VirtualHost *:80 *:443>
 +</code>
 +
 +Now slip into in the following lines into the block its-self:
 +<code>
 +SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
 +SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
 +SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
 +Include /etc/letsencrypt/options-ssl-apache.conf
 +
 +RewriteEngine on
 +RewriteCond %{HTTPS} off
 +RewriteRule . https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
 +</code>
 +
 +Finally, do one last reload and you should have a secure site (with your non-secure site redirecting to the secure one).
 +
 +===== Standalone (non-HTTP) =====
 +
 +Simply a case of running:
 +
 +<code>
 +sudo certbot certonly --standalone --standalone-supported-challenges http-01 -d marmot.wormnet.eu -d imap.wormnet.eu -d smtp.wormnet.eu
 +</code>
 +
 +You will need to shut down any webserver listening on ''80/tcp'' or ''443/tcp''. **N.B.** on marmot sslh is listening on 443; it's ok to shut down ''apache2'' only. 
 +
 +
 +Then you can tie in the certs at:
 +
 +  * **''/etc/exim4/exim4.conf.template'':** ''tls_certificate'' and ''tls_privatekey''
 +  * **''/etc/imapd.conf'':** ''tls_cert_file'' and ''tls_key_file''
 +  * **''/etc/imapd-http.conf'':** ''tls_cert_file'' and ''tls_key_file''
ssl.1465489564.txt.gz · Last modified: 2016/06/09 16:26 by alex