====== Letsencrypt Certbot ======
* [[https://letsencrypt.org/ru/getting-started/|Приступая к работе]]
* [[https://certbot.eff.org/|Certbot]]
===== Настройка DNS =====
$ host host2.mgtu.ru
host2.mgtu.ru has address 195.19.40.152
===== Создание сайта =====
val@val:~$ mkdir host1.mgtu
val@val:~$ cat host1.mgtu/index.html
host1.mgtu.ru
root@val:~# cat /etc/apache2/sites-available/host1.mgtu.ru.conf
ServerName host1.mgtu.ru
DocumentRoot /home/val/host1.mgtu
Require all granted
root@val:~# a2ensite host1.mgtu.ru
root@val:~# systemctl reload apache2
* http://host1.mgtu.ru
===== Запрос сертификата =====
ubuntu# snap install --classic certbot
debian# apt install certbot python3-certbot-apache
root@val:~# certbot certonly --manual -d host1.mgtu.ru
Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel): val@bmstu.ru
...
Create a file containing just this data:
MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
And make it available on your web server at this URL:
http://val.mgtu.ru/.well-known/acme-challenge/NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
...
Press Enter to Continue
...
val@val:~$ mkdir -p host1.mgtu/.well-known/acme-challenge/
val@val:~$ cat host1.mgtu/.well-known/acme-challenge/NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
val@val:~$ ###curl http://host1.mgtu.ru/.well-known/acme-challenge/NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
...
Press Enter to Continue
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/host1.mgtu.ru/fullchain.pem
Key is saved at: /etc/letsencrypt/live/host1.mgtu.ru/privkey.pem
...
===== Настройка SSL для сайта =====
root@val:~# cat /etc/apache2/sites-available/host1.mgtu.ru.conf
...
ServerName host1.mgtu.ru
DocumentRoot /home/val/host1.mgtu
Require all granted
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/host1.mgtu.ru/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/host1.mgtu.ru/privkey.pem
root@val:~# apachectl -t
root@val:~# systemctl reload apache2
* https://host1.mgtu.ru
===== Продление сертификата =====
root@val:~# certbot certonly --manual -d host1.mgtu.ru
Renewing an existing certificate for host1.mgtu.ru
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Create a file containing just this data:
MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
And make it available on your web server at this URL:
http://host1.mgtu.ru/.well-known/acme-challenge/NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
val@val:~$ vim host1.mgtu/.well-known/acme-challenge/NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
val@val:~$ ###curl http://host1.mgtu.ru/.well-known/acme-challenge/NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
root@val:~# service apache2 reload