====== Letsencrypt Certbot ====== * [[https://letsencrypt.org/ru/getting-started/|Приступая к работе]] * [[https://certbot.eff.org/|Certbot]] ===== Настройка DNS =====


$ host host2.mgtu.ru
host2.mgtu.ru has address 195.19.40.152

===== Создание сайта =====


val@val:~$ mkdir host1.mgtu

val@val:~$ cat host1.mgtu/index.html


host1.mgtu.ru


root@val:~# cat /etc/apache2/sites-available/host1.mgtu.ru.conf



  ServerName host1.mgtu.ru
  DocumentRoot /home/val/host1.mgtu
  
    Require all granted


root@val:~# a2ensite host1.mgtu.ru

root@val:~# systemctl reload apache2

* http://host1.mgtu.ru ===== Запрос сертификата =====


ubuntu# snap install --classic certbot

debian# apt install certbot python3-certbot-apache

root@val:~# certbot certonly --manual -d host1.mgtu.ru


Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel): val@bmstu.ru
...
Create a file containing just this data:

MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM

And make it available on your web server at this URL:

http://val.mgtu.ru/.well-known/acme-challenge/NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
...
Press Enter to Continue
...


val@val:~$ mkdir -p host1.mgtu/.well-known/acme-challenge/

val@val:~$ cat host1.mgtu/.well-known/acme-challenge/NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN


MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM


val@val:~$ ###curl http://host1.mgtu.ru/.well-known/acme-challenge/NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN


...
Press Enter to Continue

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/host1.mgtu.ru/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/host1.mgtu.ru/privkey.pem
...

===== Настройка SSL для сайта =====


root@val:~# cat /etc/apache2/sites-available/host1.mgtu.ru.conf


...

  
  ServerName host1.mgtu.ru
  DocumentRoot /home/val/host1.mgtu
  
    Require all granted
  
    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/host1.mgtu.ru/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/host1.mgtu.ru/privkey.pem


root@val:~# apachectl -t

root@val:~# systemctl reload apache2

* https://host1.mgtu.ru ===== Продление сертификата =====


root@val:~# certbot certonly --manual -d host1.mgtu.ru


Renewing an existing certificate for host1.mgtu.ru

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Create a file containing just this data:

MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM

And make it available on your web server at this URL:

http://host1.mgtu.ru/.well-known/acme-challenge/NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue


val@val:~$ vim host1.mgtu/.well-known/acme-challenge/NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN


MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM


val@val:~$ ###curl http://host1.mgtu.ru/.well-known/acme-challenge/NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN

root@val:~# service apache2 reload