Différences
Ci-dessous, les différences entre deux révisions de la page.
systemes:web:https_letsencrypts [2016/01/21 13:27] william |
systemes:web:https_letsencrypts [2019/02/06 14:03] |
||
---|---|---|---|
Ligne 1: | Ligne 1: | ||
- | ====== Certificats Let's Encrypt ====== | ||
- | ===== Introduction ===== | ||
- | |||
- | Dès à présent les certificats ssl deviennent gratuits grâce à Let's Encrypt qui révolutionne vraiment ce domaine. | ||
- | |||
- | ===== Installation d'un certificat ===== | ||
- | |||
- | ==== Récupération des sources ==== | ||
- | |||
- | <code bash> | ||
- | git clone https:// | ||
- | cd / | ||
- | </ | ||
- | |||
- | ==== Génération du certificat ==== | ||
- | |||
- | <code bash> | ||
- | ./ | ||
- | </ | ||
- | * La racine du web doit être une partie accessible depuis le nom de domaine, car la génération du certificat doit ce faire avec un échange de fichiers via ce répertoire. | ||
- | |||
- | |||
- | |||
- | ==== Préparation du vhost ( apache2) ==== | ||
- | |||
- | <code bash> | ||
- | vim / | ||
- | |||
- | < | ||
- | ServerAdmin contact@domaine.fr | ||
- | ServerName domaine.fr | ||
- | ServerAlias www.domaine.fr | ||
- | |||
- | |||
- | |||
- | SSLEngine on | ||
- | |||
- | SSLProtocol | ||
- | SSLCipherSuite | ||
- | SSLHonorCipherOrder | ||
- | SSLCompression | ||
- | |||
- | |||
- | |||
- | |||
- | SSLCertificateFile / | ||
- | SSLCertificateKeyFile / | ||
- | SSLCertificateChainFile / | ||
- | |||
- | |||
- | DocumentRoot / | ||
- | < | ||
- | Options FollowSymLinks | ||
- | AllowOverride None | ||
- | </ | ||
- | < | ||
- | Options Indexes FollowSymLinks MultiViews | ||
- | AllowOverride none | ||
- | Order allow,deny | ||
- | allow from all | ||
- | </ | ||
- | |||
- | |||
- | ErrorLog / | ||
- | |||
- | # Possible values include: debug, info, notice, warn, error, crit, | ||
- | # alert, emerg. | ||
- | LogLevel warn | ||
- | |||
- | CustomLog / | ||
- | |||
- | |||
- | </ | ||
- | </ | ||
- | |||
- | |||
- | <code bash> | ||
- | a2enmod ssl | ||
- | a2ensite ssl-www.domaine.fr | ||
- | service apache2 reload | ||
- | </ | ||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | ===== Tests de fonctionnement ===== | ||
- | |||
- | |||
- | https:// | ||
- | |||
- | |||
- | |||
- | ===== Renouvellement automatique ===== | ||
- | |||
- | * Let's Encrypt fourni des certificats valide durant 90 jours. Voici un petit script afin d' | ||
- | |||
- | <code bash> | ||
- | mkdir / | ||
- | cd / | ||
- | </ | ||
- | |||
- | |||
- | <code bash> | ||
- | vim / | ||
- | |||
- | authenticator = webroot | ||
- | webroot-path = / | ||
- | renew-by-default | ||
- | agree-tos | ||
- | email = meme_mail_que_demander_a_l_install@domaine.com | ||
- | |||
- | </ | ||
- | |||
- | <code bash> | ||
- | vim renew_certs_letsencrypts.sh | ||
- | |||
- | # | ||
- | |||
- | cd / | ||
- | ./ | ||
- | |||
- | |||
- | if [ $? -ne 0 ] | ||
- | then | ||
- | ERRORLOG=`tail / | ||
- | echo -e " | ||
- | |||
- | else | ||
- | service apache2 reload | ||
- | echo -e " | ||
- | |||
- | fi | ||
- | |||
- | |||
- | </ | ||
- | |||
- | <code bash> | ||
- | chmod +x renew_certs_letsencrypts.sh | ||
- | crontab -e | ||
- | |||
- | @monthly / | ||
- | |||
- | </ | ||
- | |||
- | |||
- | |||
- | Source : letsencrypt.readthedocs.org | ||
- | |||
- | |||
- | [[systemes: |