Mosandl

letsencrypt on apache and linux

von

Thomas Mosandl
in , , , ,

this is a small guide how to setup letsencrypt on apache and on linux

first we need to download a letsencrypt tool and move the sample config to the right position

cd /opt
git clone https://github.com/lukas2511/letsencrypt.sh
mkdir -p /etc/letsencrypt.sh
mkdir -p /var/www/letsencrypt.sh/
chown www-data:www-data /var/www/letsencrypt.sh
cp /opt/letsencrypt.sh/docs/examples/config /opt/letsencrypt.sh/config
cp /opt/letsencrypt.sh/docs/examples/domains.txt /opt/letsencrypt.sh/domains.txt

configure the letsencrypt config file

/opt/letsencrypt.sh/config.sh

BASEDIR="/etc/letsencrypt.sh/"
WELLKNOWN="/var/www/letsencrypt.sh/"
PRIVATE_KEY="${BASEDIR}/private_key.pem"
HOOK="${BASEDIR}/hook.sh"
CONTACT_EMAIL="my@mail.com"

 

configure theletsencrypt alias for apache

/etc/apache2/conf.d/letsencrypt

Alias /.well-known/acme-challenge /var/www/letsencrypt.sh/
Options None
AllowOverride None
Order allow,deny
Allow from all

configure the hook.sh file for reloading the apache

/etc/letsencrypt.sh/hook.sh

#!/bin/bash

if [ ${1} == "deploy_cert" ]; then
echo " + Hook: Restarting Apache..."
/etc/init.d/apache2 reload
else
echo " + Hook: Nothing to do..."
fi

change the mod of this file

chmod +x /opt/letsencrypt.sh/hook.sh

configure the domain file

/opt/letsencrypt.sh/domains

www.mosandl.eu
storage.mosandl.eu

run letsencrypt

/opt/letsencrypt.sh/dehydrated -c

create a crontjob that the certs will be generated every week

1  1	* * *	root	/opt/letsencrypt.sh/dehydrated -c

vhost

SSLEngine On
SSLCertificateFile      /etc/letsencrypt.sh/certs/storage.mosandl.eu/cert.pem
SSLCertificateKeyFile   /etc/letsencrypt.sh/certs/storage.mosandl.eu/privkey.pem
SSLCertificateChainFile /etc/letsencrypt.sh/certs/storage.mosandl.eu/chain.pem
SSLCACertificateFile    /etc/letsencrypt.sh/certs/storage.mosandl.eu/fullchain.pem
SSLHonorCipherOrder On
SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384

rewrites

RewriteEngine On
RewriteCond %{REQUEST_URI} !^/.well-known
Alias /.well-known/acme-challenge /var/www/letsencrypt.sh/
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

proxy pass

ProxyPass /.well-known !
Alias /.well-known/acme-challenge /var/www/letsencrypt.sh/

Errors