apt-get install letsencrypt apt-get install python-letsencrypt-apache
Pour créer ou renew :
letsencrypt certonly --manual --renew-by-default --email admin@site.fr -d site.fr
This creates a directory: /etc/letsencrypt/live/example.com/ containing certificate files:
cert.pem
chain.pem
fullchain.pem
privkey.pem
Pour renew automatique (cron) :
SHELL=/bin/sh PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 0 0 1 * * ( /usr/sbin/apachectl stop && /usr/bin/letsencrypt certonly --renew-by-default --email contact@ideaz.world -d ideaz.world ; /usr/sbin/apachectl restart ) > /root/letsencryptideaz.log.txt 2>&1
exemple complet vhost apache :
ServerName law.raphaelpiccolo.com ServerAlias ordalis.fr ServerAlias www.ordalis.fr # to redirect to https RewriteEngine on RewriteRule ^/(.*) https://ordalis.fr/$1 [L,R] ServerName ordalis.fr # for the certificates SSLEngine on SSLCertificateFile "/etc/letsencrypt/live/ordalis.fr/cert.pem" SSLCertificateKeyFile "/etc/letsencrypt/live/ordalis.fr/privkey.pem" SSLCertificateChainFile "/etc/letsencrypt/live/ordalis.fr/chain.pem" # for A grade SSLProtocol all -SSLv2 -SSLv3 -TLSv1 SSLHonorCipherOrder on SSLCipherSuite "!ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:!ECDHE-ECDSA-AES128-SHA:!ECDHE-ECDSA-AES256-SHA:!ECDHE-ECDSA-AES128-SHA256:!ECDHE-ECDSA-AES256-SHA384:!ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:!ECDHE-RSA-AES128-SHA:!ECDHE-RSA-AES256-SHA:!ECDHE-RSA-AES128-SHA256:!ECDHE-RSA-AES256-SHA384:!DHE-RSA-AES128-GCM-SHA256:!DHE-RSA-AES256-GCM-SHA384:!DHE-RSA-AES128-SHA:!DHE-RSA-AES256-SHA:!DHE-RSA-AES128-SHA256:!DHE-RSA-AES256-SHA256" Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains; preload" # for the websockets RewriteEngine On RewriteCond %{REQUEST_URI} ^/socket.io [NC] RewriteCond %{QUERY_STRING} transport=websocket [NC] RewriteRule /(.*) ws://localhost:10000/$1 [P,L] # for the www removal RewriteCond %{HTTP_HOST} ^www\.(.+)$ RewriteRule ^(.*) https://$1 [QSA,L,R=301] # choose a method : nodejs / php # to connect a nodejs server ProxyRequests Off ProxyPass / http://localhost:10000/ ProxyPassReverse / http://localhost:10000/ ProxyPreserveHost On # to use php / html static AssignUserId ordalis_prod ordalis_prod DocumentRoot /home/ordalis_prod/site/
Si ça merde :
find /etc/letsencrypt | grep projet | xargs rm -rf
et retenter.