User Tools
letsencrypt_certbot
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
letsencrypt_certbot [2024/05/03 09:32] val |
letsencrypt_certbot [2024/05/03 12:37] (current) val [Запрос сертификата] |
||
|---|---|---|---|
| Line 4: | Line 4: | ||
| * [[https://certbot.eff.org/|Certbot]] | * [[https://certbot.eff.org/|Certbot]] | ||
| + | ===== Настройка DNS ===== | ||
| <code> | <code> | ||
| - | val@val:~$ mkdir mgtu | + | $ host host2.mgtu.ru |
| + | host2.mgtu.ru has address 195.19.40.152 | ||
| + | </code> | ||
| + | |||
| + | ===== Создание сайта ===== | ||
| + | <code> | ||
| + | val@val:~$ mkdir host1.mgtu | ||
| - | val@val:~$ cat mgtu/index.html | + | val@val:~$ cat host1.mgtu/index.html |
| </code><code> | </code><code> | ||
| - | <h1>val.mgtu.ru</h1> | + | <h1>host1.mgtu.ru</h1> |
| </code><code> | </code><code> | ||
| - | root@val:~# cat /etc/apache2/sites-available/val.mgtu.ru.conf | + | root@val:~# cat /etc/apache2/sites-available/host1.mgtu.ru.conf |
| </code><code> | </code><code> | ||
| <VirtualHost *:80> | <VirtualHost *:80> | ||
| - | ServerName val.mgtu.ru | + | ServerName host1.mgtu.ru |
| - | DocumentRoot /home/val/mgtu | + | DocumentRoot /home/val/host1.mgtu |
| - | <Directory /home/val/mgtu> | + | <Directory /home/val/host1.mgtu> |
| Require all granted | Require all granted | ||
| </Directory> | </Directory> | ||
| </VirtualHost> | </VirtualHost> | ||
| </code><code> | </code><code> | ||
| - | root@val:~# a2ensite val.mgtu.ru | + | root@val:~# a2ensite host1.mgtu.ru |
| root@val:~# systemctl reload apache2 | root@val:~# systemctl reload apache2 | ||
| </code> | </code> | ||
| - | * http://val.mgtu.ru | + | * http://host1.mgtu.ru |
| + | ===== Запрос сертификата ===== | ||
| <code> | <code> | ||
| - | root@val:~# snap install --classic certbot | + | ubuntu# snap install --classic certbot |
| - | root@val:~# certbot certonly --manual | + | debian# apt install certbot python3-certbot-apache |
| + | |||
| + | root@val:~# certbot certonly --manual -d host1.mgtu.ru | ||
| </code><code> | </code><code> | ||
| + | Enter email address (used for urgent renewal and security notices) | ||
| + | (Enter 'c' to cancel): val@bmstu.ru | ||
| ... | ... | ||
| Create a file containing just this data: | Create a file containing just this data: | ||
| Line 45: | Line 56: | ||
| ... | ... | ||
| </code><code> | </code><code> | ||
| - | val@val:~$ mkdir -p mgtu/.well-known/acme-challenge/ | + | val@val:~$ mkdir -p host1.mgtu/.well-known/acme-challenge/ |
| - | val@val:~$ cat mgtu/.well-known/acme-challenge/NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN | + | val@val:~$ cat host1.mgtu/.well-known/acme-challenge/NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN |
| </code><code> | </code><code> | ||
| MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM | MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM | ||
| </code><code> | </code><code> | ||
| - | root@val:~# cat /etc/apache2/sites-available/val.mgtu.ru.conf | + | val@val:~$ ###curl http://host1.mgtu.ru/.well-known/acme-challenge/NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN |
| + | </code><code> | ||
| + | ... | ||
| + | Press Enter to Continue | ||
| + | |||
| + | Successfully received certificate. | ||
| + | Certificate is saved at: /etc/letsencrypt/live/host1.mgtu.ru/fullchain.pem | ||
| + | Key is saved at: /etc/letsencrypt/live/host1.mgtu.ru/privkey.pem | ||
| + | ... | ||
| + | </code> | ||
| + | |||
| + | ===== Настройка SSL для сайта ===== | ||
| + | |||
| + | <code> | ||
| + | root@val:~# cat /etc/apache2/sites-available/host1.mgtu.ru.conf | ||
| </code><code> | </code><code> | ||
| ... | ... | ||
| <IfModule mod_ssl.c> | <IfModule mod_ssl.c> | ||
| <VirtualHost *:443> | <VirtualHost *:443> | ||
| - | ServerName val.mgtu.ru | + | ServerName host1.mgtu.ru |
| - | DocumentRoot /home/val/mgtu | + | DocumentRoot /home/val/host1.mgtu |
| - | <Directory /home/val/mgtu> | + | <Directory /home/val/host1.mgtu> |
| - | Require all granted | + | Require all granted |
| - | </Directory> | + | </Directory> |
| SSLEngine on | SSLEngine on | ||
| - | SSLCertificateFile /etc/letsencrypt/live/val.mgtu.ru/fullchain.pem | + | SSLCertificateFile /etc/letsencrypt/live/host1.mgtu.ru/fullchain.pem |
| - | SSLCertificateKeyFile /etc/letsencrypt/live/val.mgtu.ru/privkey.pem | + | SSLCertificateKeyFile /etc/letsencrypt/live/host1.mgtu.ru/privkey.pem |
| </VirtualHost> | </VirtualHost> | ||
| + | </code><code> | ||
| + | root@val:~# apachectl -t | ||
| + | |||
| + | root@val:~# systemctl reload apache2 | ||
| </code> | </code> | ||
| - | * https://val.mgtu.ru | + | * https://host1.mgtu.ru |
| + | ===== Продление сертификата ===== | ||
| + | <code> | ||
| + | root@val:~# certbot certonly --manual -d host1.mgtu.ru | ||
| + | </code><code> | ||
| + | Renewing an existing certificate for host1.mgtu.ru | ||
| + | |||
| + | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | ||
| + | Create a file containing just this data: | ||
| + | |||
| + | MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM | ||
| + | |||
| + | And make it available on your web server at this URL: | ||
| + | |||
| + | http://host1.mgtu.ru/.well-known/acme-challenge/NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN | ||
| + | |||
| + | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | ||
| + | Press Enter to Continue | ||
| + | </code><code> | ||
| + | val@val:~$ vim host1.mgtu/.well-known/acme-challenge/NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN | ||
| + | </code><code> | ||
| + | MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM | ||
| + | </code><code> | ||
| + | val@val:~$ ###curl http://host1.mgtu.ru/.well-known/acme-challenge/NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN | ||
| + | |||
| + | root@val:~# service apache2 reload | ||
| + | </code> | ||
letsencrypt_certbot.1714717956.txt.gz · Last modified: 2024/05/03 09:32 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
