Outils pour utilisateurs

Outils du site


cr:travaux-2019-06-07

Ceci est une ancienne révision du document !


Letsencrypt sur hackstub

Objectif

Situation

On a déjà des sites en letsencrypt sur ce serveur. On ne fait qu'en rajouter un (des étapes vont sauter).

root@web:/home/jmlibs# ll /etc/letsencrypt/ total 32 drw-r–r-x 6 root ssl-cert 4096 Mar 28 22:22 ./ drwxr-xr-x 92 root root 4096 May 14 20:44 ../ -rw-r–r– 1 root root 1647 Jul 14 2017 intermediate.pem -r——– 1 letsencrypt root 3247 Jul 11 2017 letsencrypt.key drwxr-xr-x 2 letsencrypt root 4096 May 25 01:00 netlib.re/ drwxr-xr-x 2 letsencrypt root 4096 May 25 01:00 shaarli.arn-fai.net/ drwxr-xr-x 2 letsencrypt root 4096 Mar 28 22:57 vps.arn-fai.net/ drwxr-xr-x 2 letsencrypt root 4096 May 11 01:00 www.arn-fai.net/

/etc/cron.d/letsencrypt 0 1 11,25 * * letsencrypt /usr/local/bin/letsencrypt-auto-renew.sh

Mise en place

root@web:/home/jmlibs# mkdir /etc/letsencrypt/hackstub.netlib.re root@web:/home/jmlibs# cd /etc/letsencrypt/hackstub.netlib.re root@web:/etc/letsencrypt/hackstub.netlib.re# openssl genrsa -out hackstub.netlib.re.key 4096 Generating RSA private key, 4096 bit long modulus ……………………………………………………………………………………………………………….++++ …..++++ e is 65537 (0x010001)

root@web:/etc/letsencrypt/hackstub.netlib.re# openssl req -new -sha256 -key hackstub.netlib.re.key -subj “/CN=hackstub.netlib.re” -out hackstub.netlib.re.csr root@web:/etc/letsencrypt# chown -R letsencrypt hackstub.netlib.re/

root@web:/etc/letsencrypt# chown root hackstub.netlib.re/* root@web:/etc/letsencrypt# ll hackstub.netlib.re/ total 16 drwxr-xr-x 2 letsencrypt root 4096 Jun 8 00:19 ./ drw-r–r-x 7 root ssl-cert 4096 Jun 8 00:14 ../ -rw-r–r– 1 root root 1598 Jun 8 00:19 hackstub.netlib.re.csr -rw——- 1 root root 3243 Jun 8 00:17 hackstub.netlib.re.key

root@web:/etc/letsencrypt# python /usr/local/bin/acme_tiny.py –account-key /etc/letsencrypt/letsencrypt.key –csr /etc/letsencrypt/hackstub.netlib.re/hackstub.netlib.re.csr –acme-dir /var/www/acme-challenges/ > /etc/letsencrypt/hackstub.netlib.re/hackstub.netlib.re.crt Parsing account key… Parsing CSR… Registering account… Already registered! Verifying hackstub.netlib.re… hackstub.netlib.re verified! Signing certificate… Certificate signed!

root@web:/etc/letsencrypt# chown letsencrypt /etc/letsencrypt/hackstub.netlib.re/hackstub.netlib.re.crt root@web:/etc/letsencrypt# ll /etc/letsencrypt/hackstub.netlib.re/ total 20 drwxr-xr-x 2 letsencrypt root 4096 Jun 8 00:32 ./ drw-r–r-x 7 root ssl-cert 4096 Jun 8 00:14 ../ -rw-r–r– 1 letsencrypt root 2269 Jun 8 00:32 hackstub.netlib.re.crt -rw-r–r– 1 root root 1598 Jun 8 00:19 hackstub.netlib.re.csr -rw——- 1 root root 3243 Jun 8 00:17 hackstub.netlib.re.key

root@web:/etc/letsencrypt# cat hackstub.netlib.re/hackstub.netlib.re.crt intermediate.pem > hackstub.netlib.re/hackstub.netlib.re.crt+chain

root@web:/etc/letsencrypt# vi /etc/apache2/sites-enabled/hackstub.netlib.re.conf (décommenter la section ssl)

root@web:/etc/letsencrypt# apachectl restart

Et c'est bon, https://hackstub.netlib.re/ est accessible

cr/travaux-2019-06-07.1560171983.txt.gz · Dernière modification: 2019/06/10 15:06 par jyhem