Am 22.04.2023 um 19:48 schrieb Patrick O'Callaghan
<pocallaghan(a)gmail.com>:
On Sat, 2023-04-22 at 18:27 +0200, Peter Boy wrote:
>
>
>> Am 22.04.2023 um 14:11 schrieb Patrick O'Callaghan
>> <pocallaghan(a)gmail.com>:
>>
>> I'm trying to set up a simple web server for personal use, using
>> Apache, and want to enable HTTPS access. This involves getting an
>> SSL
>> certificate and I'll be using LetsEncrypt (
www.letsencrypt.org).
>>
>> The recommended way to do this is with Certbot, but I can't get
>> past
>> this error:
>
>
> With apache you have the advantage that you don't need certbot at
> all, but apache does everything itself with the help of the md
> module. Configure as follows:
>
> # Letsencrypt certificate management via Apache mod_md
> # By default, automatically all alternative names get included.
> MDomain MY_DOMAIN.TLD
> MDContactEmail ME(a)MY_DOMAIN.TLD
> MDCertificateAgreement accepted
> <VirtualHost *:443>
> ServerName MY_DOMAIN.TLD
> ServerAlias
www.MY_DOMAIN.TLD
> ServerAlias demo.MY_DOMAIN.TLD
> …
> …
> </VirtualHost>
>
> After adding the above configuration restart apache. Wait some
> minutes and restart again. You should now see in the logs the
> certificates.
>
> Apache cares about the 3-monthly renewing. You don’t need to do
> anything.
That's interesting, but seems to contradict what the LetsEncrypt site
seems to say (as far as I understand it). How does Apache set up a
certificate if it's only reachable via port 443, which requires a
certificate?
Apache developed mod_md which is, among others, yet another implementation of the certbot
protocol, but manages everything inside apache. The module knows it has to renew every 3
months and it manages the communication with lets encrypt by its own. I didn’t check, but
- as it works - mod_md knows about the ports and chooses the appropriate.
I should have send the complete config, it says further down:
<VirtualHost *:80>
# Production Web Site Fiction meets Science
ServerName MY_DOMAIN.TLD
ServerAlias
www.MY_DOMAIN.TLD
RewriteEngine On
RewriteRule ^(.*)$
https://MY_DOMAIN.TLD$1 [R=301,L]
</VirtualHost>
But of course, I use Fedora Server.
--
Peter Boy
https://fedoraproject.org/wiki/User:Pboy
pboy(a)fedoraproject.org
Timezone: CET (UTC+1) / CEST (UTC+2)
Fedora Server Edition Working Group member
Fedora docs team contributor
Java developer and enthusiast