> Am 22.04.2023 um 19:48 schrieb Patrick O'Callaghan <pocallaghan@xxxxxxxxx>:
>
> On Sat, 2023-04-22 at 18:27 +0200, Peter Boy wrote:
>>
>>
>>> Am 22.04.2023 um 14:11 schrieb Patrick O'Callaghan
>>> <pocallaghan@xxxxxxxxx>:
>>>
>>> I'm trying to set up a simple web server for personal use, using
>>> Apache, and want to enable HTTPS access. This involves getting an
>>> SSL
>>> certificate and I'll be using LetsEncrypt (www.letsencrypt.org).
>>>
>>> The recommended way to do this is with Certbot, but I can't get
>>> past
>>> this error:
>>
>>
>> With apache you have the advantage that you don't need certbot at
>> all, but apache does everything itself with the help of the md
>> module. Configure as follows:
>>
>> # Letsencrypt certificate management via Apache mod_md
>> # By default, automatically all alternative names get included.
>> MDomain MY_DOMAIN.TLD
>> MDContactEmail ME@MY_DOMAIN.TLD
>> MDCertificateAgreement accepted
>> <VirtualHost *:443>
>> ServerName MY_DOMAIN.TLD
>> ServerAlias www.MY_DOMAIN.TLD
>> ServerAlias demo.MY_DOMAIN.TLD
>> …
>> …
>> </VirtualHost>
>>
>> After adding the above configuration restart apache. Wait some
>> minutes and restart again. You should now see in the logs the
>> certificates.
>>
>> Apache cares about the 3-monthly renewing. You don’t need to do
>> anything.
>
> That's interesting, but seems to contradict what the LetsEncrypt site
> seems to say (as far as I understand it). How does Apache set up a
> certificate if it's only reachable via port 443, which requires a
> certificate?
Apache developed mod_md which is, among others, yet another implementation of the certbot protocol, but manages everything inside apache. The module knows it has to renew every 3 months and it manages the communication with lets encrypt by its own. I didn’t check, but - as it works - mod_md knows about the ports and chooses the appropriate.
I should have send the complete config, it says further down:
<VirtualHost *:80>
# Production Web Site Fiction meets Science
ServerName MY_DOMAIN.TLD
ServerAlias www.MY_DOMAIN.TLD
RewriteEngine On
RewriteRule ^(.*)$ https://MY_DOMAIN.TLD$1 [R=301,L]
</VirtualHost>
But of course, I use Fedora Server.
--
Peter Boy
https://fedoraproject.org/wiki/User:Pboy
pboy@xxxxxxxxxxxxxxxxx
Timezone: CET (UTC+1) / CEST (UTC+2)
Fedora Server Edition Working Group member
Fedora docs team contributor
Java developer and enthusiast
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
