Outils pour utilisateurs
cr:travaux-2019-06-07
Différences
Ci-dessous, les différences entre deux révisions de la page.
| Les deux révisions précédentes Révision précédente | |||
|
cr:travaux-2019-06-07 [2019/06/10 15:06] jyhem |
cr:travaux-2019-06-07 [2019/06/10 15:14] (Version actuelle) jyhem ancienne révision (2019/06/10 15:01) restaurée |
||
|---|---|---|---|
| Ligne 4: | Ligne 4: | ||
| ===== Objectif ===== | ===== Objectif ===== | ||
| - | https://hackstub.netlib.re/ n'est pas accessible | + | https://hackstub.netlib.re/ n'est pas accessible |
| Ref: https://www.sysnove.fr/blog/2016/03/utilisation-pratique-letsencrypt-acme-tiny.html | Ref: https://www.sysnove.fr/blog/2016/03/utilisation-pratique-letsencrypt-acme-tiny.html | ||
| Ligne 12: | Ligne 12: | ||
| On a déjà des sites en letsencrypt sur ce serveur. On ne fait qu'en rajouter un (des étapes vont sauter). | On a déjà des sites en letsencrypt sur ce serveur. On ne fait qu'en rajouter un (des étapes vont sauter). | ||
| - | ''root@web:/home/jmlibs# ll /etc/letsencrypt/'' | + | <code>root@web:/home/jmlibs# ll /etc/letsencrypt/ |
| - | ''total 32'' | + | total 32 |
| - | ''drw-r--r-x 6 root ssl-cert 4096 Mar 28 22:22 ./'' | + | drw-r--r-x 6 root ssl-cert 4096 Mar 28 22:22 ./ |
| - | ''drwxr-xr-x 92 root root 4096 May 14 20:44 ../'' | + | drwxr-xr-x 92 root root 4096 May 14 20:44 ../ |
| - | ''-rw-r--r-- 1 root root 1647 Jul 14 2017 intermediate.pem'' | + | -rw-r--r-- 1 root root 1647 Jul 14 2017 intermediate.pem |
| - | ''-r-------- 1 letsencrypt root 3247 Jul 11 2017 letsencrypt.key'' | + | -r-------- 1 letsencrypt root 3247 Jul 11 2017 letsencrypt.key |
| - | ''drwxr-xr-x 2 letsencrypt root 4096 May 25 01:00 netlib.re/'' | + | drwxr-xr-x 2 letsencrypt root 4096 May 25 01:00 netlib.re/ |
| - | ''drwxr-xr-x 2 letsencrypt root 4096 May 25 01:00 shaarli.arn-fai.net/'' | + | drwxr-xr-x 2 letsencrypt root 4096 May 25 01:00 shaarli.arn-fai.net/ |
| - | ''drwxr-xr-x 2 letsencrypt root 4096 Mar 28 22:57 vps.arn-fai.net/'' | + | drwxr-xr-x 2 letsencrypt root 4096 Mar 28 22:57 vps.arn-fai.net/ |
| - | ''drwxr-xr-x 2 letsencrypt root 4096 May 11 01:00 www.arn-fai.net/'' | + | drwxr-xr-x 2 letsencrypt root 4096 May 11 01:00 www.arn-fai.net/ |
| - | ''/etc/cron.d/letsencrypt'' | + | /etc/cron.d/letsencrypt |
| - | ''0 1 11,25 * * letsencrypt /usr/local/bin/letsencrypt-auto-renew.sh'' | + | 0 1 11,25 * * letsencrypt /usr/local/bin/letsencrypt-auto-renew.sh</code> |
| ===== Mise en place ===== | ===== Mise en place ===== | ||
| - | ''root@web:/home/jmlibs# mkdir /etc/letsencrypt/hackstub.netlib.re'' | + | <code>root@web:/home/jmlibs# mkdir /etc/letsencrypt/hackstub.netlib.re |
| - | ''root@web:/home/jmlibs# cd /etc/letsencrypt/hackstub.netlib.re'' | + | root@web:/home/jmlibs# cd /etc/letsencrypt/hackstub.netlib.re |
| - | ''root@web:/etc/letsencrypt/hackstub.netlib.re# openssl genrsa -out hackstub.netlib.re.key 4096'' | + | root@web:/etc/letsencrypt/hackstub.netlib.re# openssl genrsa -out hackstub.netlib.re.key 4096 |
| - | ''Generating RSA private key, 4096 bit long modulus'' | + | Generating RSA private key, 4096 bit long modulus |
| - | ''...............................................................................................................................++++'' | + | ...............................................................................................................................++++ |
| - | ''.....++++'' | + | .....++++ |
| - | ''e is 65537 (0x010001)'' | + | e is 65537 (0x010001) |
| - | ''root@web:/etc/letsencrypt/hackstub.netlib.re# openssl req -new -sha256 -key hackstub.netlib.re.key -subj "/CN=hackstub.netlib.re" -out hackstub.netlib.re.csr'' | + | root@web:/etc/letsencrypt/hackstub.netlib.re# openssl req -new -sha256 -key hackstub.netlib.re.key -subj "/CN=hackstub.netlib.re" -out hackstub.netlib.re.csr |
| - | ''root@web:/etc/letsencrypt# chown -R letsencrypt hackstub.netlib.re/'' | + | root@web:/etc/letsencrypt# chown -R letsencrypt hackstub.netlib.re/ |
| - | ''root@web:/etc/letsencrypt# chown root hackstub.netlib.re/*'' | + | root@web:/etc/letsencrypt# chown root hackstub.netlib.re/* |
| - | ''root@web:/etc/letsencrypt# ll hackstub.netlib.re/'' | + | root@web:/etc/letsencrypt# ll hackstub.netlib.re/ |
| - | ''total 16'' | + | total 16 |
| - | ''drwxr-xr-x 2 letsencrypt root 4096 Jun 8 00:19 ./'' | + | drwxr-xr-x 2 letsencrypt root 4096 Jun 8 00:19 ./ |
| - | ''drw-r--r-x 7 root ssl-cert 4096 Jun 8 00:14 ../'' | + | drw-r--r-x 7 root ssl-cert 4096 Jun 8 00:14 ../ |
| - | ''-rw-r--r-- 1 root root 1598 Jun 8 00:19 hackstub.netlib.re.csr'' | + | -rw-r--r-- 1 root root 1598 Jun 8 00:19 hackstub.netlib.re.csr |
| - | ''-rw------- 1 root root 3243 Jun 8 00:17 hackstub.netlib.re.key'' | + | -rw------- 1 root root 3243 Jun 8 00:17 hackstub.netlib.re.key</code> |
| + | <code>root@web:/etc/letsencrypt# python /usr/local/bin/acme_tiny.py --account-key /etc/letsencrypt/letsencrypt.key --csr /etc/letsencrypt/hackstub.netlib.re/hackstub.netlib.re.csr --acme-dir /var/www/acme-challenges/ > /etc/letsencrypt/hackstub.netlib.re/hackstub.netlib.re.crt | ||
| + | Parsing account key... | ||
| + | Parsing CSR... | ||
| + | Registering account... | ||
| + | Already registered! | ||
| + | Verifying hackstub.netlib.re... | ||
| + | hackstub.netlib.re verified! | ||
| + | Signing certificate... | ||
| + | Certificate signed! | ||
| - | ''root@web:/etc/letsencrypt# python /usr/local/bin/acme_tiny.py --account-key /etc/letsencrypt/letsencrypt.key --csr /etc/letsencrypt/hackstub.netlib.re/hackstub.netlib.re.csr --acme-dir /var/www/acme-challenges/ > /etc/letsencrypt/hackstub.netlib.re/hackstub.netlib.re.crt'' | + | root@web:/etc/letsencrypt# chown letsencrypt /etc/letsencrypt/hackstub.netlib.re/hackstub.netlib.re.crt |
| - | ''Parsing account key...'' | + | root@web:/etc/letsencrypt# ll /etc/letsencrypt/hackstub.netlib.re/ |
| - | ''Parsing CSR...'' | + | total 20 |
| - | ''Registering account...'' | + | drwxr-xr-x 2 letsencrypt root 4096 Jun 8 00:32 ./ |
| - | ''Already registered!'' | + | drw-r--r-x 7 root ssl-cert 4096 Jun 8 00:14 ../ |
| - | ''Verifying hackstub.netlib.re...'' | + | -rw-r--r-- 1 letsencrypt root 2269 Jun 8 00:32 hackstub.netlib.re.crt |
| - | ''hackstub.netlib.re verified!'' | + | -rw-r--r-- 1 root root 1598 Jun 8 00:19 hackstub.netlib.re.csr |
| - | ''Signing certificate...'' | + | -rw------- 1 root root 3243 Jun 8 00:17 hackstub.netlib.re.key |
| - | ''Certificate signed!'' | + | |
| - | ''root@web:/etc/letsencrypt# chown letsencrypt /etc/letsencrypt/hackstub.netlib.re/hackstub.netlib.re.crt'' | + | root@web:/etc/letsencrypt# cat hackstub.netlib.re/hackstub.netlib.re.crt intermediate.pem > hackstub.netlib.re/hackstub.netlib.re.crt+chain</code> |
| - | ''root@web:/etc/letsencrypt# ll /etc/letsencrypt/hackstub.netlib.re/'' | + | |
| - | ''total 20'' | + | |
| - | ''drwxr-xr-x 2 letsencrypt root 4096 Jun 8 00:32 ./'' | + | |
| - | ''drw-r--r-x 7 root ssl-cert 4096 Jun 8 00:14 ../'' | + | |
| - | ''-rw-r--r-- 1 letsencrypt root 2269 Jun 8 00:32 hackstub.netlib.re.crt'' | + | |
| - | ''-rw-r--r-- 1 root root 1598 Jun 8 00:19 hackstub.netlib.re.csr'' | + | |
| - | ''-rw------- 1 root root 3243 Jun 8 00:17 hackstub.netlib.re.key'' | + | |
| - | ''root@web:/etc/letsencrypt# cat hackstub.netlib.re/hackstub.netlib.re.crt intermediate.pem > hackstub.netlib.re/hackstub.netlib.re.crt+chain'' | + | <code>root@web:/etc/letsencrypt# vi /etc/apache2/sites-enabled/hackstub.netlib.re.conf</code> |
| - | + | ||
| - | + | ||
| - | ''root@web:/etc/letsencrypt# vi /etc/apache2/sites-enabled/hackstub.netlib.re.conf'' | + | |
| (décommenter la section ssl) | (décommenter la section ssl) | ||
| - | ''root@web:/etc/letsencrypt# apachectl restart'' | + | <code>root@web:/etc/letsencrypt# apachectl restart</code> |
| Et c'est bon, https://hackstub.netlib.re/ est accessible | Et c'est bon, https://hackstub.netlib.re/ est accessible | ||
| + | |||
cr/travaux-2019-06-07.txt · Dernière modification: 2019/06/10 15:14 par jyhem
Outils de la page
Sauf mention contraire, le contenu de ce wiki est placé sous les termes de la licence suivante : CC Attribution-Share Alike 4.0 International
