Changes between Version 5 and Version 6 of Securing_a_website


Ignore:
Timestamp:
10/10/2023 12:26:19 AM (7 months ago)
Author:
Bruce Dubbs
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • Securing_a_website

    v5 v6  
    2525
    26261. certbot\\
    27    This is a feature-rich implementation of a client. It is the one recommended by LE. Due to the features built into the client, this package became quite big and has a large number of options.
    28 1. uacme\\
     27   This is a feature-rich implementation of a client. It is the one recommended by LE. Due to the features
     28   built into the client, this package became quite big and has a large number of options.
     292. uacme\\
    2930   Uacme is a nice and handy C-implementation which is quite easy to build and to use.
    3031
     
    3435
    3536=== Certbot
    36 Download: https://github.com/certbot/certbot/archive/refs/tags/v2.6.0/certbot-2.6.0.tar.gz\\
    37 MD5 checksum: d999b46e7aa1d26d2d636a92d1462864\\
    38 Dependencies: downloaded by pip\\
    39 
    40 ==== Installation
    41 Install the bot by running the following command as ''root'' user:
    42 {{{
    43 pip3 install certbot
    44 }}}
    45 Some additional packages might be downloaded while installation so a working internet connection is required.
    46 
    47 ==== Usage
    48 ... t.b.c. ...
     37To get https to work, first install certbot.  The instructions are at
     38https://certbot.eff.org/lets-encrypt/otherpip-apache
     39
     40Note that augeas will also need to be installed.  See below,
     41
     42The certbot looks for a certain configuration, even if 'Other Linux' is selected:
     43{{{
     44ln -s apachectl /usr/sbin/apache2ctl
     45ln -s httpd /etc/apache2
     46
     47mkdir -p /etc/httpd/sites-enabled
     48cd       /etc/httpd/sites-enabled
     49ln -s ../vhosts.d/<site.domain.topleveldomain>.conf
     50}}}
     51
     52In  /etc/httpd/httpd.conf ensure 'LoadModule rewrite_module...' is not commented.
     53
     54Now install augeas (http://download.augeas.net/http://download.augeas.net/)
     55
     56Run as root:
     57{{{
     58certbot --apache --must-staple --redirect --hsts --uir --staple-ocsp \
     59        -d <site.domain.topleveldomain>
     60}}}
     61
     62This will update vhosts.d/<site.domain.topleveldomain>.conf and add
     63         <site.domain.topleveldomain>-le-ssl.conf
     64
     65Restart apache
     66
    4967
    5068=== Uacme