On Sat, 2023-04-22 at 20:35 +0200, Peter Boy wrote: > > > > Am 22.04.2023 um 19:48 schrieb Patrick O'Callaghan > > <pocallaghan@xxxxxxxxx>: > > > > On Sat, 2023-04-22 at 18:27 +0200, Peter Boy wrote: > > > > > > > > > > Am 22.04.2023 um 14:11 schrieb Patrick O'Callaghan > > > > <pocallaghan@xxxxxxxxx>: > > > > > > > > I'm trying to set up a simple web server for personal use, > > > > using > > > > Apache, and want to enable HTTPS access. This involves getting > > > > an > > > > SSL > > > > certificate and I'll be using LetsEncrypt > > > > (www.letsencrypt.org). > > > > > > > > The recommended way to do this is with Certbot, but I can't get > > > > past > > > > this error: > > > > > > > > > With apache you have the advantage that you don't need certbot at > > > all, but apache does everything itself with the help of the md > > > module. Configure as follows: > > > > > > # Letsencrypt certificate management via Apache mod_md > > > # By default, automatically all alternative names get included. > > > MDomain MY_DOMAIN.TLD > > > MDContactEmail ME@MY_DOMAIN.TLD > > > MDCertificateAgreement accepted > > > <VirtualHost *:443> > > > ServerName MY_DOMAIN.TLD > > > ServerAlias www.MY_DOMAIN.TLD > > > ServerAlias demo.MY_DOMAIN.TLD > > > … > > > … > > > </VirtualHost> > > > > > > After adding the above configuration restart apache. Wait some > > > minutes and restart again. You should now see in the logs the > > > certificates. > > > > > > Apache cares about the 3-monthly renewing. You don’t need to do > > > anything. > > > > That's interesting, but seems to contradict what the LetsEncrypt > > site > > seems to say (as far as I understand it). How does Apache set up a > > certificate if it's only reachable via port 443, which requires a > > certificate? > > Apache developed mod_md which is, among others, yet another > implementation of the certbot protocol, but manages everything inside > apache. The module knows it has to renew every 3 months and it > manages the communication with lets encrypt by its own. I didn’t > check, but - as it works - mod_md knows about the ports and chooses > the appropriate. > > I should have send the complete config, it says further down: > > <VirtualHost *:80> > # Production Web Site Fiction meets Science > ServerName MY_DOMAIN.TLD > ServerAlias www.MY_DOMAIN.TLD > RewriteEngine On > RewriteRule ^(.*)$ https://MY_DOMAIN.TLD$1 ; > [R=301,L] > </VirtualHost> It's documented in https://httpd.apache.org/docs/2.4/mod/mod_md.html so I may try it. poc _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
