Методические материалы Лохтурова Вячеслава

User Tools

Site Tools

Trace:
letsencrypt_certbot

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
letsencrypt_certbot [2023/09/11 11:51]
val 		letsencrypt_certbot [2024/05/03 12:37]
val [Запрос сертификата]
Line 4: Line 4:
   * [[https://​certbot.eff.org/​|Certbot]]   * [[https://​certbot.eff.org/​|Certbot]]
  
 +===== Настройка DNS =====
 <​code>​ <​code>​
-val@val:~$ mkdir mgtu+$ host host2.mgtu.ru 
 +host2.mgtu.ru has address 195.19.40.152 
 +</​code>​ 
 + 
 +===== Создание сайта ===== 
 +<​code>​ 
 +val@val:~$ mkdir host1.mgtu
  
-val@val:~$ cat mgtu/​index.html+val@val:~$ cat host1.mgtu/​index.html
 </​code><​code>​ </​code><​code>​
-<h1>val.mgtu.ru</​h1>​+<h1>host1.mgtu.ru</​h1>​
 </​code><​code>​ </​code><​code>​
-root@val:~# cat /​etc/​apache2/​sites-available/​val.mgtu.ru.conf+root@val:~# cat /​etc/​apache2/​sites-available/​host1.mgtu.ru.conf
 </​code><​code>​ </​code><​code>​
 <​VirtualHost *:80> <​VirtualHost *:80>
-  ServerName ​val.mgtu.ru +  ServerName ​host1.mgtu.ru 
-  DocumentRoot /​home/​val/​mgtu +  DocumentRoot /home/val/host1.mgtu 
-  <​Directory /​home/​val/​mgtu>​+  <​Directory /home/val/host1.mgtu>
     Require all granted     Require all granted
   </​Directory>​   </​Directory>​
 </​VirtualHost>​ </​VirtualHost>​
 </​code><​code>​ </​code><​code>​
-root@val:~# a2ensite ​val.mgtu.ru+root@val:~# a2ensite ​host1.mgtu.ru
  
 root@val:~# systemctl reload apache2 root@val:~# systemctl reload apache2
 </​code>​ </​code>​
  
-  * http://val.mgtu.ru +  * http://host1.mgtu.ru 
 +===== Запрос сертификата =====
 <​code>​ <​code>​
-root@val:~# snap install --classic certbot+ubuntu# snap install --classic certbot
  
-root@val:~# certbot ​certonly ​--manual+debianapt install ​certbot ​python3-certbot-apache
  
-val@val:~$ mkdir -mgtu/.well-known/​acme-challenge/+root@val:~# certbot certonly ​--manual -d host1.mgtu.ru 
 +</code><​code>​ 
 +Enter email address (used for urgent renewal and security notices) 
 + ​(Enter '​c'​ to cancel): val@bmstu.ru 
 +... 
 +Create a file containing just this data:
  
-val@val:~$ cat mgtu/​.well-known/​acme-challenge/​NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN+MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM 
 + 
 +And make it available on your web server at this URL: 
 + 
 +http://​val.mgtu.ru/​.well-known/​acme-challenge/​NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN 
 +... 
 +Press Enter to Continue 
 +... 
 +</​code><​code>​ 
 +val@val:~$ mkdir -p host1.mgtu/​.well-known/​acme-challenge/​ 
 + 
 +val@val:~$ cat host1.mgtu/​.well-known/​acme-challenge/​NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
 </​code><​code>​ </​code><​code>​
 MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
 </​code><​code>​ </​code><​code>​
-root@val:~# cat /​etc/​apache2/​sites-available/​val.mgtu.ru.conf+val@val:~$ ###curl http://​host1.mgtu.ru/​.well-known/​acme-challenge/​NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN 
 +</​code><​code>​ 
 +... 
 +Press Enter to Continue 
 + 
 +Successfully received certificate. 
 +Certificate is saved at: /​etc/​letsencrypt/​live/​host1.mgtu.ru/​fullchain.pem 
 +Key is saved at:         /​etc/​letsencrypt/​live/​host1.mgtu.ru/​privkey.pem 
 +... 
 +</​code>​ 
 + 
 +===== Настройка SSL для сайта ===== 
 + 
 +<​code>​ 
 +root@val:~# cat /​etc/​apache2/​sites-available/​host1.mgtu.ru.conf
 </​code><​code>​ </​code><​code>​
 ... ...
 <​IfModule mod_ssl.c>​ <​IfModule mod_ssl.c>​
   <​VirtualHost *:443>   <​VirtualHost *:443>
-    ​ServerName ​val.mgtu.ru +  ​ServerName ​host1.mgtu.ru 
-    DocumentRoot /​home/​val/​mgtu +  DocumentRoot /home/val/host1.mgtu 
-    <​Directory /​home/​val/​mgtu>​ +  <​Directory /home/val/host1.mgtu> 
-      Require all granted +    Require all granted 
-    </​Directory>​+  </​Directory>​
     SSLEngine on     SSLEngine on
-    SSLCertificateFile /​etc/​letsencrypt/​live/​val.mgtu.ru/​fullchain.pem +    SSLCertificateFile /​etc/​letsencrypt/​live/​host1.mgtu.ru/​fullchain.pem 
-    SSLCertificateKeyFile /​etc/​letsencrypt/​live/​val.mgtu.ru/​privkey.pem+    SSLCertificateKeyFile /​etc/​letsencrypt/​live/​host1.mgtu.ru/​privkey.pem
 </​VirtualHost>​ </​VirtualHost>​
 +</​code><​code>​
 +root@val:~# apachectl -t
 +
 +root@val:~# systemctl reload apache2
 </​code>​ </​code>​
  
-  * https://val.mgtu.ru+  * https://host1.mgtu.ru
  
 +===== Продление сертификата =====
 +<​code>​
 +root@val:~# certbot certonly --manual -d host1.mgtu.ru
 +</​code><​code>​
 +Renewing an existing certificate for host1.mgtu.ru
 +
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +Create a file containing just this data:
 +
 +MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
 +
 +And make it available on your web server at this URL:
 +
 +http://​host1.mgtu.ru/​.well-known/​acme-challenge/​NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
 +
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +Press Enter to Continue
 +</​code><​code>​
 +val@val:~$ vim host1.mgtu/​.well-known/​acme-challenge/​NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
 +</​code><​code>​
 +MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
 +</​code><​code>​
 +val@val:~$ ###curl http://​host1.mgtu.ru/​.well-known/​acme-challenge/​NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
 +
 +root@val:~# service apache2 reload
 +</​code>​
  
letsencrypt_certbot.txt · Last modified: 2024/05/20 14:46 by val

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Run on Debian Driven by DokuWiki