vim /etc/apache2/sites-available/ssl-www.domaine.fr ServerAdmin contact@domaine.fr ServerName domaine.fr ServerAlias www.domaine.fr SSLEngine on # Regles SSL A+ sur ssllabs SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA SSLProtocol All -SSLv2 -SSLv3 -TLSv1 SSLHonorCipherOrder on SSLCompression off Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" SSLCompression off SSLCertificateFile /etc/letsencrypt/live/domaine.fr/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/domaine.fr/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/domaine.fr/fullchain.pem DocumentRoot /var/www/www.domaine.fr/ Options FollowSymLinks AllowOverride None Options Indexes FollowSymLinks MultiViews AllowOverride none Order allow,deny allow from all ErrorLog /var/log/apache2/error-www.domaine.fr-ssl.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access-www.domaine.fr-ssl.log combined