### LETS-ENCRYPT ON VIRTUALMIN (2-18-02-04)
1 – use virtualmin to turn website into a https site
2 – edit-virtual-server, enabled-features, check “Apache SSL website enabled?”
## no more certbot-auto! its the same as regular certbot:
dnf —assumeyes —enablerepo=epel-testing install certbot ;
####3 – ./certbot-auto, enter number of domains to be certified (stand ready to scroll since we have many names)
####4 – certbot-auto will “edit” httpd.conf file to point to the new names.
5 – manually start https:
apachectl configtest ;
systemctl restart httpd ;
systemctl stop httpd ;
systemctl start httpd ;
6) certbot-auto renew; renews all certbot certs
NOTE: answering the question “2: Redirect – Make all requests redirect to secure HTTPS access.” will put the new 443 ssl site into a separate file at “/etc/httpd/conf/httpd-le-ssl.conf” and add an “Include” at the bottom of “/etc/httpd/conf/httpd.conf”. it will also add the “RewriteCond/RewriteRule” directly into the httpd.conf file rather than put it into (dot)htaccess.
### INITIAL STUFF TO GET APACHE WORKING: (2018-01-24)
sudo yum —assumeyes update ; ## always a good idea!
sudo yum —assumeyes install httpd ; ## install apache
sudo systemctl start httpd.service; ## start running apache
sudo systemctl enable http.service ; ## (optional) start at boot
### ESTABLISHING A VIRTUAL HOST:
## we first have to create a virtual host: (wow godaddy has something useful, surprisingly….)
## https://www.godaddy.com/help/configure-apache-virtual-hosts-centos-7-17338
## ERROR!
https://unix.stackexchange.com/questions/229192/apache-wont-restart-after-configuring-virtual-hosts
QUOTE: I had a similar issue and it turns out that Apache didn’t like the ErrorLog and CustomLog lines ### in the VirtualHost container. I commented them out and service started without a problem.
1) commend out ErrorLog and CustomLog: /etc/httpd/sites-available/canyonverde.church.conf
2) add this line to every virtual host:
SSLProtocol all -SSLv2 -SSLv3
## OPTIONAL FIREWALL:
sudo firewall-cmd —zone=public —add-port=80/tcp —permanent; sudo firewall-cmd —reload ;
sudo firewall-cmd —zone=public —add-port443/tcp —permanent; sudo firewall-cmd —reload ;
sudo systemctl restart httpd.service ; ## is this really necessary?
### lets encrypt stuff
sudo yum -y install yum-utils ;
sudo yum-config-manager —enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optional ;
sudo yum —assumeyes install certbot-apache ;
sudo certbot —version ;
optionally: https://certbot.eff.org/all-instructions/#web-hosting-service-none-of-the-above
sudo yum —assumeyes install wget;
sudo wget https://dl.eff.org/certbot-auto ;
sudo chmod a+x certbot-auto ;
mv ./certbot-auto /usr/local/bin ; ## 2020-10-15
./certbot-auto —test-cert ; ## notice —test-cert option!