Letsencrpyt Ubuntu 16.04

Aus xinux.net
Zur Navigation springen Zur Suche springen

Install

  • sudo apt-get update
  • sudo apt-get -y install software-properties-common
  • sudo add-apt-repository -y ppa:certbot/certbot
  • sudo apt-get update
  • sudo apt-get install -y python-certbot-apache

Get the cert

With Apache

  • sudo certbot certonly --apache -d www.domain.de

Standalone

  • certbot certonly --standalone

Certs Directory

  • tree /etc/letsencrypt/
/etc/letsencrypt/
├── accounts
│   └── acme-v01.api.letsencrypt.org
│       └── directory
│           └── 7dadf2df086c13b39ec5fd10d0ba33e2
│               ├── meta.json
│               ├── private_key.json
│               └── regr.json
├── archive
│   └── sun.xmn.de
│       ├── cert1.pem
│       ├── chain1.pem
│       ├── fullchain1.pem
│       └── privkey1.pem
├── csr
│   └── 0000_csr-certbot.pem
├── keys
│   └── 0000_key-certbot.pem
├── live
│   └── sun.xmn.de
│       ├── cert.pem -> ../../archive/sun.xmn.de/cert1.pem
│       ├── chain.pem -> ../../archive/sun.xmn.de/chain1.pem
│       ├── fullchain.pem -> ../../archive/sun.xmn.de/fullchain1.pem
│       ├── privkey.pem -> ../../archive/sun.xmn.de/privkey1.pem
│       └── README
├── options-ssl-apache.conf
├── renewal
│   └── sun.xmn.de.conf
└── renewal-hooks
    ├── deploy
    ├── post
    └── pre

Apache

To do

  • cd /etc/apache2/mods-enabled
  • ln -s ../mods-available/socache_* .
  • ln -s ../mods-available/ssl* .
  • mkdir -p /var/log/apache2/sun.xmn.de/
  • chown www-data.www-data /var/log/apache2/sun.xmn.de/

Config

  • cat /etc/apache2/sites-available/sun.xmn.de.conf
<IfModule mod_ssl.c>
        <VirtualHost _default_:443>
                ServerName sun.xmn.de
                ServerAdmin technik@xinux.de
                DocumentRoot /mnt/md0/media/sun.xmn.de
                ErrorLog ${APACHE_LOG_DIR}/sun.xmn.de/error.log
                CustomLog ${APACHE_LOG_DIR}/sun.xmn.de/access.log combined
                SSLCertificateFile /etc/letsencrypt/live/sun.xmn.de/fullchain.pem
                SSLCertificateKeyFile /etc/letsencrypt/live/sun.xmn.de/privkey.pem
                Include /etc/letsencrypt/options-ssl-apache.conf
                <Directory "/mnt/md0/media/sun.xmn.de">
                Options +Indexes +FollowSymLinks
                Require all granted
                </Directory>
                <FilesMatch "\.(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                </FilesMatch>
                <Directory /usr/lib/cgi-bin>
                                SSLOptions +StdEnvVars
                </Directory>
                BrowserMatch "MSIE [2-6]" \
                                nokeepalive ssl-unclean-shutdown \
                                downgrade-1.0 force-response-1.0
                BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

        </VirtualHost>
</IfModule>

Set links

  • ln -s /etc/apache2/sites-available/sun.xmn.de.conf /etc/apache2/sites-enabled/

Restart

  • systemctl restart apache2

Cronjob

0 */6 * * * /usr/bin/certbot renew --no-self-upgrade --pre-hook "systemctl stop apache2" --post-hook "systemctl start apache2"

Seite Checken

Abgerufen von „https://xinux.net/index.php?title=Letsencrpyt_Ubuntu_16.04&oldid=16743