let_s_encrypt
Différences
Ci-dessous, les différences entre deux révisions de la page.
Les deux révisions précédentesRévision précédenteProchaine révision | Révision précédente | ||
let_s_encrypt [2018/02/13 09:46] – simon | let_s_encrypt [Date inconnue] (Version actuelle) – supprimée - modification externe (Date inconnue) 127.0.0.1 | ||
---|---|---|---|
Ligne 1: | Ligne 1: | ||
- | ====== Let's Encrypt ====== | ||
- | [[https:// | ||
- | ===== Configuration des certificats Let's Encrypt ===== | ||
- | J'ai configuré les certificats pour plusieurs noms de domaines et voici la procédure suivie, pour le domaine fictif " | ||
- | |||
- | On commence par activer les backports (sous Stretch) afin de bénéficier de la version de [[certbot]] la plus récente. | ||
- | |||
- | <code bash> | ||
- | # vim / | ||
- | # | ||
- | # Backports repository | ||
- | deb http:// | ||
- | </ | ||
- | |||
- | Dans mon cas, après installation sans les backports, certbot était en version 0.10 alors qu' | ||
- | |||
- | <code bash> | ||
- | # apt-get -t stretch-backports install python-certbot-apache | ||
- | </ | ||
- | |||
- | <code bash> | ||
- | # certbot --version | ||
- | certbot 0.19.0 | ||
- | </ | ||
- | |||
- | <code bash> | ||
- | # certbot --apache | ||
- | Saving debug log to / | ||
- | Plugins selected: Authenticator apache, Installer apache | ||
- | |||
- | Which names would you like to activate HTTPS for? | ||
- | ------------------------------------------------------------------------------- | ||
- | 1: plouf.com | ||
- | 2: chat.plouf.com | ||
- | 3: wiki.plouf.com | ||
- | ------------------------------------------------------------------------------- | ||
- | Select the appropriate numbers separated by commas and/or spaces, or leave input | ||
- | blank to select all options shown (Enter ' | ||
- | Obtaining a new certificate | ||
- | Performing the following challenges: | ||
- | tls-sni-01 challenge for caliban.be | ||
- | Enabled Apache socache_shmcb module | ||
- | Enabled Apache ssl module | ||
- | Waiting for verification... | ||
- | Cleaning up challenges | ||
- | Created an SSL vhost at / | ||
- | Enabled Apache socache_shmcb module | ||
- | Enabled Apache ssl module | ||
- | Deploying Certificate for caliban.be to VirtualHost / | ||
- | Enabling available site: / | ||
- | |||
- | Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access. | ||
- | ------------------------------------------------------------------------------- | ||
- | 1: No redirect - Make no further changes to the webserver configuration. | ||
- | 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for | ||
- | new sites, or if you're confident your site works on HTTPS. You can undo this | ||
- | change by editing your web server' | ||
- | ------------------------------------------------------------------------------- | ||
- | Select the appropriate number [1-2] then [enter] (press ' | ||
- | Redirecting vhost in / | ||
- | |||
- | ------------------------------------------------------------------------------- | ||
- | Congratulations! You have successfully enabled https:// | ||
- | |||
- | You should test your configuration at: | ||
- | https:// | ||
- | ------------------------------------------------------------------------------- | ||
- | |||
- | IMPORTANT NOTES: | ||
- | - Congratulations! Your certificate and chain have been saved at: | ||
- | / | ||
- | Your key file has been saved at: | ||
- | / | ||
- | Your cert will expire on 2018-04-10. To obtain a new or tweaked | ||
- | | ||
- | with the " | ||
- | your certificates, | ||
- | - If you like Certbot, please consider supporting our work by: | ||
- | |||
- | | ||
- | | ||
- | </ | ||
- | |||
- | On peut tester un renouvellement des certificats avec la commande suivante : | ||
- | <code bash> | ||
- | # certbot renew --dry-run | ||
- | </ | ||
- | |||
- | Actuellement, | ||
- | |||
- | ===== Sources ===== | ||
- | * [[https:// |