Raspberry Pi Apache2 Lets Encrypt SSL

From Chorke Wiki
Revision as of 18:20, 4 September 2019 by Shahed (talk | contribs)
Jump to navigation Jump to search

Search

apt search install python-certbot-apache
: '
Sorting... Done
Full Text Search... Done
python-certbot-apache/stable 0.31.0-1 all
  transitional dummy package

python-certbot-apache-doc/stable 0.31.0-1 all
  Apache plugin documentation for Certbot
'

Install

apt search install python-certbot-apache
: '
apt install python-certbot-apache
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following additional packages will be installed:
  augeas-lenses certbot libaugeas0 python-pyicu python3-acme python3-asn1crypto python3-augeas python3-certbot python3-certbot-apache python3-cffi-backend python3-configargparse python3-configobj python3-cryptography python3-distutils
  python3-future python3-josepy python3-lib2to3 python3-mock python3-openssl python3-parsedatetime python3-pbr python3-requests-toolbelt python3-rfc3339 python3-setuptools python3-tz python3-zope.component python3-zope.event
  python3-zope.hookable python3-zope.interface
Suggested packages:
  augeas-doc python3-certbot-nginx python-certbot-doc augeas-tools python-acme-doc python-certbot-apache-doc python-configobj-doc python-cryptography-doc python3-cryptography-vectors python-future-doc python-mock-doc python-openssl-doc
  python3-openssl-dbg python-setuptools-doc
The following NEW packages will be installed:
  augeas-lenses certbot libaugeas0 python-certbot-apache python-pyicu python3-acme python3-asn1crypto python3-augeas python3-certbot python3-certbot-apache python3-cffi-backend python3-configargparse python3-configobj
  python3-cryptography python3-distutils python3-future python3-josepy python3-lib2to3 python3-mock python3-openssl python3-parsedatetime python3-pbr python3-requests-toolbelt python3-rfc3339 python3-setuptools python3-tz
  python3-zope.component python3-zope.event python3-zope.hookable python3-zope.interface
0 upgraded, 30 newly installed, 0 to remove and 18 not upgraded.
Need to get 3,010 kB of archives.
After this operation, 14.3 MB of additional disk space will be used.
Do you want to continue? [Y/n] Y
'

Setup

certbot --apache -m [email protected] -d dev.chorke.org -d www.dev.chorke.org
: '
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for dev.chorke.org
http-01 challenge for www.dev.chorke.org
Enabled Apache rewrite module
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/apache2/mods-available/proxy-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/mods-available/proxy-le-ssl.conf
Enabling available site: /etc/apache2/mods-available/proxy-le-ssl.conf

We were unable to find a vhost with a ServerName or Address of www.dev.chorke.org.
Which virtual host would you like to choose?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: proxy.conf                     | Multiple Names        |       | Enabled
2: 000-default.conf               | piw.dev.chorke.org    |       | Enabled
3: default-ssl.conf               |                       | HTTPS | Enabled
4: proxy-le-ssl.conf              | Multiple Names        | HTTPS | Enabled
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-4] then [enter] (press 'c' to cancel): 4
Deploying Certificate to VirtualHost /etc/apache2/mods-available/proxy-le-ssl.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Enabled Apache rewrite module
Redirecting vhost in /etc/apache2/mods-enabled/proxy.conf to ssl vhost in /etc/apache2/mods-available/proxy-le-ssl.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://dev.chorke.org and
https://www.dev.chorke.org

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=dev.chorke.org
https://www.ssllabs.com/ssltest/analyze.html?d=www.dev.chorke.org
'

Crontab

Add cron expression: 0 1 * * * /usr/bin/certbot renew & > /dev/null to crontab 

crontab -e
: '
no crontab for root - using an empty one

Select an editor.  To change later, run 'select-editor'.
  1. /bin/nano        <---- easiest
  2. /usr/bin/vim.tiny
  3. /bin/ed

Choose 1-3 [1]: 1
crontab: installing new crontab
'
Retrieved from "https://cdn.chorke.org/weke/index.php?title=Raspberry_Pi_Apache2_Lets_Encrypt_SSL&oldid=1761"