Les deux révisions précédentes
Révision précédente
|
|
cr:travaux-2019-06-07 [2019/06/10 15:06] jyhem |
cr:travaux-2019-06-07 [2019/06/10 15:14] (Version actuelle) jyhem ancienne révision (2019/06/10 15:01) restaurée |
===== Objectif ===== | ===== Objectif ===== |
| |
https://hackstub.netlib.re/ n'est pas accessible | https://hackstub.netlib.re/ n'est pas accessible |
| |
Ref: https://www.sysnove.fr/blog/2016/03/utilisation-pratique-letsencrypt-acme-tiny.html | Ref: https://www.sysnove.fr/blog/2016/03/utilisation-pratique-letsencrypt-acme-tiny.html |
On a déjà des sites en letsencrypt sur ce serveur. On ne fait qu'en rajouter un (des étapes vont sauter). | On a déjà des sites en letsencrypt sur ce serveur. On ne fait qu'en rajouter un (des étapes vont sauter). |
| |
''root@web:/home/jmlibs# ll /etc/letsencrypt/'' | <code>root@web:/home/jmlibs# ll /etc/letsencrypt/ |
''total 32'' | total 32 |
''drw-r--r-x 6 root ssl-cert 4096 Mar 28 22:22 ./'' | drw-r--r-x 6 root ssl-cert 4096 Mar 28 22:22 ./ |
''drwxr-xr-x 92 root root 4096 May 14 20:44 ../'' | drwxr-xr-x 92 root root 4096 May 14 20:44 ../ |
''-rw-r--r-- 1 root root 1647 Jul 14 2017 intermediate.pem'' | -rw-r--r-- 1 root root 1647 Jul 14 2017 intermediate.pem |
''-r-------- 1 letsencrypt root 3247 Jul 11 2017 letsencrypt.key'' | -r-------- 1 letsencrypt root 3247 Jul 11 2017 letsencrypt.key |
''drwxr-xr-x 2 letsencrypt root 4096 May 25 01:00 netlib.re/'' | drwxr-xr-x 2 letsencrypt root 4096 May 25 01:00 netlib.re/ |
''drwxr-xr-x 2 letsencrypt root 4096 May 25 01:00 shaarli.arn-fai.net/'' | drwxr-xr-x 2 letsencrypt root 4096 May 25 01:00 shaarli.arn-fai.net/ |
''drwxr-xr-x 2 letsencrypt root 4096 Mar 28 22:57 vps.arn-fai.net/'' | drwxr-xr-x 2 letsencrypt root 4096 Mar 28 22:57 vps.arn-fai.net/ |
''drwxr-xr-x 2 letsencrypt root 4096 May 11 01:00 www.arn-fai.net/'' | drwxr-xr-x 2 letsencrypt root 4096 May 11 01:00 www.arn-fai.net/ |
| |
''/etc/cron.d/letsencrypt'' | /etc/cron.d/letsencrypt |
''0 1 11,25 * * letsencrypt /usr/local/bin/letsencrypt-auto-renew.sh'' | 0 1 11,25 * * letsencrypt /usr/local/bin/letsencrypt-auto-renew.sh</code> |
| |
| |
===== Mise en place ===== | ===== Mise en place ===== |
| |
''root@web:/home/jmlibs# mkdir /etc/letsencrypt/hackstub.netlib.re'' | <code>root@web:/home/jmlibs# mkdir /etc/letsencrypt/hackstub.netlib.re |
''root@web:/home/jmlibs# cd /etc/letsencrypt/hackstub.netlib.re'' | root@web:/home/jmlibs# cd /etc/letsencrypt/hackstub.netlib.re |
''root@web:/etc/letsencrypt/hackstub.netlib.re# openssl genrsa -out hackstub.netlib.re.key 4096'' | root@web:/etc/letsencrypt/hackstub.netlib.re# openssl genrsa -out hackstub.netlib.re.key 4096 |
''Generating RSA private key, 4096 bit long modulus'' | Generating RSA private key, 4096 bit long modulus |
''...............................................................................................................................++++'' | ...............................................................................................................................++++ |
''.....++++'' | .....++++ |
''e is 65537 (0x010001)'' | e is 65537 (0x010001) |
| |
''root@web:/etc/letsencrypt/hackstub.netlib.re# openssl req -new -sha256 -key hackstub.netlib.re.key -subj "/CN=hackstub.netlib.re" -out hackstub.netlib.re.csr'' | root@web:/etc/letsencrypt/hackstub.netlib.re# openssl req -new -sha256 -key hackstub.netlib.re.key -subj "/CN=hackstub.netlib.re" -out hackstub.netlib.re.csr |
''root@web:/etc/letsencrypt# chown -R letsencrypt hackstub.netlib.re/'' | root@web:/etc/letsencrypt# chown -R letsencrypt hackstub.netlib.re/ |
| |
''root@web:/etc/letsencrypt# chown root hackstub.netlib.re/*'' | root@web:/etc/letsencrypt# chown root hackstub.netlib.re/* |
''root@web:/etc/letsencrypt# ll hackstub.netlib.re/'' | root@web:/etc/letsencrypt# ll hackstub.netlib.re/ |
''total 16'' | total 16 |
''drwxr-xr-x 2 letsencrypt root 4096 Jun 8 00:19 ./'' | drwxr-xr-x 2 letsencrypt root 4096 Jun 8 00:19 ./ |
''drw-r--r-x 7 root ssl-cert 4096 Jun 8 00:14 ../'' | drw-r--r-x 7 root ssl-cert 4096 Jun 8 00:14 ../ |
''-rw-r--r-- 1 root root 1598 Jun 8 00:19 hackstub.netlib.re.csr'' | -rw-r--r-- 1 root root 1598 Jun 8 00:19 hackstub.netlib.re.csr |
''-rw------- 1 root root 3243 Jun 8 00:17 hackstub.netlib.re.key'' | -rw------- 1 root root 3243 Jun 8 00:17 hackstub.netlib.re.key</code> |
| |
| <code>root@web:/etc/letsencrypt# python /usr/local/bin/acme_tiny.py --account-key /etc/letsencrypt/letsencrypt.key --csr /etc/letsencrypt/hackstub.netlib.re/hackstub.netlib.re.csr --acme-dir /var/www/acme-challenges/ > /etc/letsencrypt/hackstub.netlib.re/hackstub.netlib.re.crt |
| Parsing account key... |
| Parsing CSR... |
| Registering account... |
| Already registered! |
| Verifying hackstub.netlib.re... |
| hackstub.netlib.re verified! |
| Signing certificate... |
| Certificate signed! |
| |
''root@web:/etc/letsencrypt# python /usr/local/bin/acme_tiny.py --account-key /etc/letsencrypt/letsencrypt.key --csr /etc/letsencrypt/hackstub.netlib.re/hackstub.netlib.re.csr --acme-dir /var/www/acme-challenges/ > /etc/letsencrypt/hackstub.netlib.re/hackstub.netlib.re.crt'' | root@web:/etc/letsencrypt# chown letsencrypt /etc/letsencrypt/hackstub.netlib.re/hackstub.netlib.re.crt |
''Parsing account key...'' | root@web:/etc/letsencrypt# ll /etc/letsencrypt/hackstub.netlib.re/ |
''Parsing CSR...'' | total 20 |
''Registering account...'' | drwxr-xr-x 2 letsencrypt root 4096 Jun 8 00:32 ./ |
''Already registered!'' | drw-r--r-x 7 root ssl-cert 4096 Jun 8 00:14 ../ |
''Verifying hackstub.netlib.re...'' | -rw-r--r-- 1 letsencrypt root 2269 Jun 8 00:32 hackstub.netlib.re.crt |
''hackstub.netlib.re verified!'' | -rw-r--r-- 1 root root 1598 Jun 8 00:19 hackstub.netlib.re.csr |
''Signing certificate...'' | -rw------- 1 root root 3243 Jun 8 00:17 hackstub.netlib.re.key |
''Certificate signed!'' | |
| |
''root@web:/etc/letsencrypt# chown letsencrypt /etc/letsencrypt/hackstub.netlib.re/hackstub.netlib.re.crt'' | root@web:/etc/letsencrypt# cat hackstub.netlib.re/hackstub.netlib.re.crt intermediate.pem > hackstub.netlib.re/hackstub.netlib.re.crt+chain</code> |
''root@web:/etc/letsencrypt# ll /etc/letsencrypt/hackstub.netlib.re/'' | |
''total 20'' | |
''drwxr-xr-x 2 letsencrypt root 4096 Jun 8 00:32 ./'' | |
''drw-r--r-x 7 root ssl-cert 4096 Jun 8 00:14 ../'' | |
''-rw-r--r-- 1 letsencrypt root 2269 Jun 8 00:32 hackstub.netlib.re.crt'' | |
''-rw-r--r-- 1 root root 1598 Jun 8 00:19 hackstub.netlib.re.csr'' | |
''-rw------- 1 root root 3243 Jun 8 00:17 hackstub.netlib.re.key'' | |
| |
''root@web:/etc/letsencrypt# cat hackstub.netlib.re/hackstub.netlib.re.crt intermediate.pem > hackstub.netlib.re/hackstub.netlib.re.crt+chain'' | <code>root@web:/etc/letsencrypt# vi /etc/apache2/sites-enabled/hackstub.netlib.re.conf</code> |
| |
| |
''root@web:/etc/letsencrypt# vi /etc/apache2/sites-enabled/hackstub.netlib.re.conf'' | |
(décommenter la section ssl) | (décommenter la section ssl) |
| |
''root@web:/etc/letsencrypt# apachectl restart'' | <code>root@web:/etc/letsencrypt# apachectl restart</code> |
| |
Et c'est bon, https://hackstub.netlib.re/ est accessible | Et c'est bon, https://hackstub.netlib.re/ est accessible |
| |