lets encrypt certs

Jan 24, 07:15 AM

### LETS-ENCRYPT ON VIRTUALMIN (2-18-02-04)

1 – use virtualmin to turn website into a https site
2 – edit-virtual-server, enabled-features, check “Apache SSL website enabled?” ## no more certbot-auto! its the same as regular certbot:

dnf —assumeyes —enablerepo=epel-testing install certbot ;

####3 – ./certbot-auto, enter number of domains to be certified (stand ready to scroll since we have many names)
####4 – certbot-auto will “edit” httpd.conf file to point to the new names.
5 – manually start https: apachectl configtest ; systemctl restart httpd ; systemctl stop httpd ; systemctl start httpd ;

6) certbot-auto renew; renews all certbot certs

NOTE: answering the question “2: Redirect – Make all requests redirect to secure HTTPS access.” will put the new 443 ssl site into a separate file at “/etc/httpd/conf/httpd-le-ssl.conf” and add an “Include” at the bottom of “/etc/httpd/conf/httpd.conf”. it will also add the “RewriteCond/RewriteRule” directly into the httpd.conf file rather than put it into (dot)htaccess.

### INITIAL STUFF TO GET APACHE WORKING: (2018-01-24)

sudo yum —assumeyes update ; ## always a good idea!
sudo yum —assumeyes install httpd ; ## install apache
sudo systemctl start httpd.service; ## start running apache
sudo systemctl enable http.service ; ## (optional) start at boot

### ESTABLISHING A VIRTUAL HOST:

## we first have to create a virtual host: (wow godaddy has something useful, surprisingly….)
## https://www.godaddy.com/help/configure-apache-virtual-hosts-centos-7-17338

## ERROR!
https://unix.stackexchange.com/questions/229192/apache-wont-restart-after-configuring-virtual-hosts
QUOTE: I had a similar issue and it turns out that Apache didn’t like the ErrorLog and CustomLog lines ### in the VirtualHost container. I commented them out and service started without a problem.

1) commend out ErrorLog and CustomLog: /etc/httpd/sites-available/canyonverde.church.conf

2) add this line to every virtual host:
SSLProtocol all -SSLv2 -SSLv3

## OPTIONAL FIREWALL:
sudo firewall-cmd —zone=public —add-port=80/tcp —permanent; sudo firewall-cmd —reload ;
sudo firewall-cmd —zone=public —add-port443/tcp —permanent; sudo firewall-cmd —reload ;
sudo systemctl restart httpd.service ; ## is this really necessary?

### lets encrypt stuff

sudo yum -y install yum-utils ;
sudo yum-config-manager —enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optional ;
sudo yum —assumeyes install certbot-apache ;

sudo certbot —version ;

optionally: https://certbot.eff.org/all-instructions/#web-hosting-service-none-of-the-above

sudo yum —assumeyes install wget;
sudo wget https://dl.eff.org/certbot-auto ;
sudo chmod a+x certbot-auto ; mv ./certbot-auto /usr/local/bin ; ## 2020-10-15

./certbot-auto —test-cert ; ## notice —test-cert option!

Mark Edwards

,

---

Commenting is closed for this article.

---