Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
notes:solaris_tips [2021/04/30 11:29] admin [Let's encrypt] |
notes:solaris_tips [2021/05/01 09:48] admin [Let's encrypt] |
||
---|---|---|---|
Line 14: | Line 14: | ||
$ wget -O acme.sh https://get.acme.sh | $ wget -O acme.sh https://get.acme.sh | ||
$ ./acme.sh install | $ ./acme.sh install | ||
+ | $ crontab -l | ||
+ | 48 0 * * * "/home/dambi/.acme.sh"/acme.sh --cron --home "/home/dambi/.acme.sh" > /dev/null | ||
</code> | </code> | ||
* issue a certificate | * issue a certificate | ||
Line 19: | Line 21: | ||
# chmod a+w /var/apache2/2.4/htdocs/ | # chmod a+w /var/apache2/2.4/htdocs/ | ||
$ cd ~/.acme.sh | $ cd ~/.acme.sh | ||
- | $ | + | $ ./acme.sh --issue -d tio.ddns.net -w /var/apache2/2.4/htdocs/ |
</code> | </code> | ||
+ | * install the certificate to Apache | ||
+ | <code> | ||
+ | $ ./acme.sh --install-cert -d tio.ddns.net --cert-file /etc/apache2/2.4/letsencrypt/tio.ddns.net/cert.pem --key-file /etc/apache2/2.4/letsencrypt/tio.ddns.net/key.pem --fullchain-file /etc/apache2/2.4/letsencrypt/tio.ddns.net/fullchain.pem --reloadcmd "svcadm refresh apache24" | ||
+ | $ chmod a+r /etc/apache2/2.4/letsencrypt/tio.ddns.net/key.pem | ||
+ | </code> | ||
+ | === Configure Apache to use Let's Encrypt certificates === | ||
+ | * enable SSL in Apache | ||
+ | * [[https://cwiki.apache.org/confluence/display/httpd/RedirectSSL|redirect HTTP to HTTPS ]] | ||
+ | <code> | ||
+ | # vim /etc/apache2/2.4/httpd.conf | ||
+ | ... | ||
+ | Listen 80 | ||
+ | Listen 443 | ||
+ | ... | ||
+ | LoadModule ssl_module libexec/mod_ssl.so | ||
+ | ... | ||
+ | <VirtualHost *:80> | ||
+ | ServerName tio.ddns.net | ||
+ | Redirect / https://tio.ddns.net/ | ||
+ | </VirtualHost> | ||
+ | |||
+ | <VirtualHost *:443> | ||
+ | ServerName tio.ddns.net | ||
+ | Protocols h2 http/1.1 | ||
+ | |||
+ | SSLEngine on | ||
+ | SSLCertificateFile /etc/apache2/2.4/letsencrypt/tio.ddns.net/fullchain.pem | ||
+ | SSLCertificateKeyFile /etc/apache2/2.4/letsencrypt/tio.ddns.net/key.pem | ||
+ | </VirtualHost> | ||
+ | ... | ||
+ | # svcadm restart apache24 | ||
+ | </code> | ||
+ | Jako alternativa viz článek [[https://www.root.cz/clanky/apache-pridava-podporu-let-s-encrypt-pro-https-staci-jeden-radek-konfigurace/|Apache & Let's Encrypt]] na Rootu. | ||
===== Howto merge pdf documents ===== | ===== Howto merge pdf documents ===== | ||
<code> | <code> |