https://hackstub.netlib.re/ n'est pas accessible
Ref: https://www.sysnove.fr/blog/2016/03/utilisation-pratique-letsencrypt-acme-tiny.html
On a déjà des sites en letsencrypt sur ce serveur. On ne fait qu'en rajouter un (des étapes vont sauter).
root@web:/home/jmlibs# ll /etc/letsencrypt/ total 32 drw-r--r-x 6 root ssl-cert 4096 Mar 28 22:22 ./ drwxr-xr-x 92 root root 4096 May 14 20:44 ../ -rw-r--r-- 1 root root 1647 Jul 14 2017 intermediate.pem -r-------- 1 letsencrypt root 3247 Jul 11 2017 letsencrypt.key drwxr-xr-x 2 letsencrypt root 4096 May 25 01:00 netlib.re/ drwxr-xr-x 2 letsencrypt root 4096 May 25 01:00 shaarli.arn-fai.net/ drwxr-xr-x 2 letsencrypt root 4096 Mar 28 22:57 vps.arn-fai.net/ drwxr-xr-x 2 letsencrypt root 4096 May 11 01:00 www.arn-fai.net/ /etc/cron.d/letsencrypt 0 1 11,25 * * letsencrypt /usr/local/bin/letsencrypt-auto-renew.sh
root@web:/home/jmlibs# mkdir /etc/letsencrypt/hackstub.netlib.re root@web:/home/jmlibs# cd /etc/letsencrypt/hackstub.netlib.re root@web:/etc/letsencrypt/hackstub.netlib.re# openssl genrsa -out hackstub.netlib.re.key 4096 Generating RSA private key, 4096 bit long modulus ...............................................................................................................................++++ .....++++ e is 65537 (0x010001) root@web:/etc/letsencrypt/hackstub.netlib.re# openssl req -new -sha256 -key hackstub.netlib.re.key -subj "/CN=hackstub.netlib.re" -out hackstub.netlib.re.csr root@web:/etc/letsencrypt# chown -R letsencrypt hackstub.netlib.re/ root@web:/etc/letsencrypt# chown root hackstub.netlib.re/* root@web:/etc/letsencrypt# ll hackstub.netlib.re/ total 16 drwxr-xr-x 2 letsencrypt root 4096 Jun 8 00:19 ./ drw-r--r-x 7 root ssl-cert 4096 Jun 8 00:14 ../ -rw-r--r-- 1 root root 1598 Jun 8 00:19 hackstub.netlib.re.csr -rw------- 1 root root 3243 Jun 8 00:17 hackstub.netlib.re.key
root@web:/etc/letsencrypt# python /usr/local/bin/acme_tiny.py --account-key /etc/letsencrypt/letsencrypt.key --csr /etc/letsencrypt/hackstub.netlib.re/hackstub.netlib.re.csr --acme-dir /var/www/acme-challenges/ > /etc/letsencrypt/hackstub.netlib.re/hackstub.netlib.re.crt Parsing account key... Parsing CSR... Registering account... Already registered! Verifying hackstub.netlib.re... hackstub.netlib.re verified! Signing certificate... Certificate signed! root@web:/etc/letsencrypt# chown letsencrypt /etc/letsencrypt/hackstub.netlib.re/hackstub.netlib.re.crt root@web:/etc/letsencrypt# ll /etc/letsencrypt/hackstub.netlib.re/ total 20 drwxr-xr-x 2 letsencrypt root 4096 Jun 8 00:32 ./ drw-r--r-x 7 root ssl-cert 4096 Jun 8 00:14 ../ -rw-r--r-- 1 letsencrypt root 2269 Jun 8 00:32 hackstub.netlib.re.crt -rw-r--r-- 1 root root 1598 Jun 8 00:19 hackstub.netlib.re.csr -rw------- 1 root root 3243 Jun 8 00:17 hackstub.netlib.re.key root@web:/etc/letsencrypt# cat hackstub.netlib.re/hackstub.netlib.re.crt intermediate.pem > hackstub.netlib.re/hackstub.netlib.re.crt+chain
root@web:/etc/letsencrypt# vi /etc/apache2/sites-enabled/hackstub.netlib.re.conf
(décommenter la section ssl)
root@web:/etc/letsencrypt# apachectl restart
Et c'est bon, https://hackstub.netlib.re/ est accessible