====== Letsencrypt Certbot ====== * [[https://letsencrypt.org/ru/getting-started/|Приступая к работе]] * [[https://certbot.eff.org/|Certbot]] ===== Настройка DNS ===== $ host host3.mgtu.ru host3.mgtu.ru has address 195.19.40.152 ===== Создание сайта ===== val@val:~$ mkdir hostN.mgtu val@val:~$ cat hostN.mgtu/index.html

hostN.mgtu.ru

 root@val:~# cat /etc/apache2/sites-available/hostN.mgtu.ru.conf ServerName hostN.mgtu.ru DocumentRoot /home/val/hostN.mgtu Require all granted root@val:~# a2ensite hostN.mgtu.ru root@val:~# apachectl -t root@val:~# systemctl reload apache2 * http://hostN.mgtu.ru ===== Запрос сертификата ===== ubuntu# snap install --classic certbot debian# apt install certbot python3-certbot-apache root@val:~# certbot certonly --manual -d hostN.mgtu.ru Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): val@bmstu.ru ... Create a file containing just this data: MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM And make it available on your web server at this URL: http://val.mgtu.ru/.well-known/acme-challenge/NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN ... Press Enter to Continue * !!! Оставляем эту и открываем новую консоль !!! val@val:~$ mkdir -p hostN.mgtu/.well-known/acme-challenge/ val@val:~$ cat hostN.mgtu/.well-known/acme-challenge/NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM val@val:~$ curl http://hostN.mgtu.ru/.well-known/acme-challenge/NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN * !!! Возвращаемся в предыдущую консоль !!! ... Press Enter to Continue Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/hostN.mgtu.ru/fullchain.pem Key is saved at: /etc/letsencrypt/live/hostN.mgtu.ru/privkey.pem ... ===== Настройка SSL для сайта ===== root@val:~# cat /etc/apache2/sites-available/hostN.mgtu.ru.conf ... ServerName hostN.mgtu.ru DocumentRoot /home/val/hostN.mgtu Require all granted SSLEngine on SSLCertificateFile /etc/letsencrypt/live/hostN.mgtu.ru/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/hostN.mgtu.ru/privkey.pem root@val:~# apachectl -t root@val:~# systemctl reload apache2 * https://hostN.mgtu.ru ===== Продление сертификата ===== root@val:~# certbot certonly --manual -d hostN.mgtu.ru Renewing an existing certificate for hostN.mgtu.ru - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Create a file containing just this data: MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM And make it available on your web server at this URL: http://hostN.mgtu.ru/.well-known/acme-challenge/NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Press Enter to Continue val@val:~$ vim hostN.mgtu/.well-known/acme-challenge/NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM val@val:~$ ###curl http://hostN.mgtu.ru/.well-known/acme-challenge/NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN root@val:~# service apache2 reload