this is a small guide how to setup letsencrypt on apache and on linux
first we need to download a letsencrypt tool and move the sample config to the right position
cd /opt git clone https://github.com/lukas2511/letsencrypt.sh mkdir -p /etc/letsencrypt.sh mkdir -p /var/www/letsencrypt.sh/ chown www-data:www-data /var/www/letsencrypt.sh cp /opt/letsencrypt.sh/docs/examples/config /opt/letsencrypt.sh/config cp /opt/letsencrypt.sh/docs/examples/domains.txt /opt/letsencrypt.sh/domains.txt
configure the letsencrypt config file
/opt/letsencrypt.sh/config.sh
BASEDIR="/etc/letsencrypt.sh/" WELLKNOWN="/var/www/letsencrypt.sh/" PRIVATE_KEY="${BASEDIR}/private_key.pem" HOOK="${BASEDIR}/hook.sh" CONTACT_EMAIL="my@mail.com"
configure theletsencrypt alias for apache
/etc/apache2/conf.d/letsencrypt
Alias /.well-known/acme-challenge /var/www/letsencrypt.sh/ Options None AllowOverride None Order allow,deny Allow from all
configure the hook.sh file for reloading the apache
/etc/letsencrypt.sh/hook.sh
#!/bin/bash if [ ${1} == "deploy_cert" ]; then echo " + Hook: Restarting Apache..." /etc/init.d/apache2 reload else echo " + Hook: Nothing to do..." fi
change the mod of this file
chmod +x /opt/letsencrypt.sh/hook.sh
configure the domain file
/opt/letsencrypt.sh/domains
www.mosandl.eu storage.mosandl.eu
run letsencrypt
/opt/letsencrypt.sh/dehydrated -c
create a crontjob that the certs will be generated every week
1 1 * * * root /opt/letsencrypt.sh/dehydrated -c
vhost
SSLEngine On SSLCertificateFile /etc/letsencrypt.sh/certs/storage.mosandl.eu/cert.pem SSLCertificateKeyFile /etc/letsencrypt.sh/certs/storage.mosandl.eu/privkey.pem SSLCertificateChainFile /etc/letsencrypt.sh/certs/storage.mosandl.eu/chain.pem SSLCACertificateFile /etc/letsencrypt.sh/certs/storage.mosandl.eu/fullchain.pem SSLHonorCipherOrder On SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
rewrites
RewriteEngine On RewriteCond %{REQUEST_URI} !^/.well-known Alias /.well-known/acme-challenge /var/www/letsencrypt.sh/ RewriteCond %{HTTPS} !=on RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
proxy pass
ProxyPass /.well-known ! Alias /.well-known/acme-challenge /var/www/letsencrypt.sh/
Errors