This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
letsencrypt_certbot [2023/09/11 11:51] val |
letsencrypt_certbot [2024/05/03 11:18] val [Настройка DNS] |
||
---|---|---|---|
Line 4: | Line 4: | ||
* [[https://certbot.eff.org/|Certbot]] | * [[https://certbot.eff.org/|Certbot]] | ||
+ | ===== Настройка DNS ===== | ||
<code> | <code> | ||
- | val@val:~$ mkdir mgtu | + | $ host host2.mgtu.ru |
+ | host2.mgtu.ru has address 195.19.40.152 | ||
+ | </code> | ||
+ | |||
+ | ===== Создание сайта ===== | ||
+ | <code> | ||
+ | val@val:~$ mkdir host1.mgtu | ||
- | val@val:~$ cat mgtu/index.html | + | val@val:~$ cat host1.mgtu/index.html |
</code><code> | </code><code> | ||
- | <h1>val.mgtu.ru</h1> | + | <h1>host1.mgtu.ru</h1> |
</code><code> | </code><code> | ||
- | root@val:~# cat /etc/apache2/sites-available/val.mgtu.ru.conf | + | root@val:~# cat /etc/apache2/sites-available/host1.mgtu.ru.conf |
</code><code> | </code><code> | ||
<VirtualHost *:80> | <VirtualHost *:80> | ||
- | ServerName val.mgtu.ru | + | ServerName host1.mgtu.ru |
- | DocumentRoot /home/val/mgtu | + | DocumentRoot /home/val/host1.mgtu |
- | <Directory /home/val/mgtu> | + | <Directory /home/val/host1.mgtu> |
Require all granted | Require all granted | ||
</Directory> | </Directory> | ||
</VirtualHost> | </VirtualHost> | ||
</code><code> | </code><code> | ||
- | root@val:~# a2ensite val.mgtu.ru | + | root@val:~# a2ensite host1.mgtu.ru |
root@val:~# systemctl reload apache2 | root@val:~# systemctl reload apache2 | ||
</code> | </code> | ||
- | * http://val.mgtu.ru | + | * http://host1.mgtu.ru |
+ | ===== Запрос сертификата ===== | ||
<code> | <code> | ||
root@val:~# snap install --classic certbot | root@val:~# snap install --classic certbot | ||
- | root@val:~# certbot certonly --manual | + | root@val:~# certbot certonly --manual -d host1.mgtu.ru |
+ | </code><code> | ||
+ | ... | ||
+ | Create a file containing just this data: | ||
- | val@val:~$ mkdir -p mgtu/.well-known/acme-challenge/ | + | MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM |
- | val@val:~$ cat mgtu/.well-known/acme-challenge/NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN | + | And make it available on your web server at this URL: |
+ | |||
+ | http://val.mgtu.ru/.well-known/acme-challenge/NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN | ||
+ | ... | ||
+ | Press Enter to Continue | ||
+ | ... | ||
+ | </code><code> | ||
+ | val@val:~$ mkdir -p host1.mgtu/.well-known/acme-challenge/ | ||
+ | |||
+ | val@val:~$ cat host1.mgtu/.well-known/acme-challenge/NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN | ||
</code><code> | </code><code> | ||
MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM | MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM | ||
</code><code> | </code><code> | ||
- | root@val:~# cat /etc/apache2/sites-available/val.mgtu.ru.conf | + | val@val:~$ ###curl http://host1.mgtu.ru/.well-known/acme-challenge/NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN |
+ | </code><code> | ||
+ | ... | ||
+ | Press Enter to Continue | ||
+ | |||
+ | Successfully received certificate. | ||
+ | Certificate is saved at: /etc/letsencrypt/live/host1.mgtu.ru/fullchain.pem | ||
+ | Key is saved at: /etc/letsencrypt/live/host1.mgtu.ru/privkey.pem | ||
+ | ... | ||
+ | </code> | ||
+ | |||
+ | ===== Настройка SSL для сайта ===== | ||
+ | |||
+ | <code> | ||
+ | root@val:~# cat /etc/apache2/sites-available/host1.mgtu.ru.conf | ||
</code><code> | </code><code> | ||
... | ... | ||
<IfModule mod_ssl.c> | <IfModule mod_ssl.c> | ||
<VirtualHost *:443> | <VirtualHost *:443> | ||
- | ServerName val.mgtu.ru | + | ServerName host1.mgtu.ru |
- | DocumentRoot /home/val/mgtu | + | DocumentRoot /home/val/host1.mgtu |
- | <Directory /home/val/mgtu> | + | <Directory /home/val/host1.mgtu> |
- | Require all granted | + | Require all granted |
- | </Directory> | + | </Directory> |
SSLEngine on | SSLEngine on | ||
- | SSLCertificateFile /etc/letsencrypt/live/val.mgtu.ru/fullchain.pem | + | SSLCertificateFile /etc/letsencrypt/live/host1.mgtu.ru/fullchain.pem |
- | SSLCertificateKeyFile /etc/letsencrypt/live/val.mgtu.ru/privkey.pem | + | SSLCertificateKeyFile /etc/letsencrypt/live/host1.mgtu.ru/privkey.pem |
</VirtualHost> | </VirtualHost> | ||
+ | </code><code> | ||
+ | root@val:~# apachectl -t | ||
+ | |||
+ | root@val:~# systemctl reload apache2 | ||
</code> | </code> | ||
- | * https://val.mgtu.ru | + | * https://host1.mgtu.ru |
+ | ===== Продление сертификата ===== | ||
+ | <code> | ||
+ | root@val:~# certbot certonly --manual -d host1.mgtu.ru | ||
+ | </code><code> | ||
+ | Renewing an existing certificate for host1.mgtu.ru | ||
+ | |||
+ | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | ||
+ | Create a file containing just this data: | ||
+ | |||
+ | MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM | ||
+ | |||
+ | And make it available on your web server at this URL: | ||
+ | |||
+ | http://host1.mgtu.ru/.well-known/acme-challenge/NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN | ||
+ | |||
+ | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | ||
+ | Press Enter to Continue | ||
+ | </code><code> | ||
+ | val@val:~$ vim host1.mgtu/.well-known/acme-challenge/NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN | ||
+ | </code><code> | ||
+ | MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM | ||
+ | </code><code> | ||
+ | val@val:~$ ###curl http://host1.mgtu.ru/.well-known/acme-challenge/NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN | ||
+ | |||
+ | root@val:~# service apache2 reload | ||
+ | </code> | ||