apt-get install letsencrypt
apt-get install python-letsencrypt-apache
Pour créer ou renew :
letsencrypt certonly --manual --renew-by-default --email admin@site.fr -d site.fr
This creates a directory: /etc/letsencrypt/live/example.com/ containing certificate files:
cert.pem
chain.pem
fullchain.pem
privkey.pem
Pour renew automatique (cron) :
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
0 0 1 * * ( /usr/sbin/apachectl stop && /usr/bin/letsencrypt certonly --renew-by-default --email contact@ideaz.world -d ideaz.world ; /usr/sbin/apachectl restart ) > /root/letsencryptideaz.log.txt 2>&1
exemple complet vhost apache :
<VirtualHost *:80>
ServerName law.raphaelpiccolo.com
ServerAlias ordalis.fr
ServerAlias www.ordalis.fr
# to redirect to https
RewriteEngine on
RewriteRule ^/(.*) https://ordalis.fr/$1 [L,R]
</VirtualHost>
<VirtualHost *:443>
ServerName ordalis.fr
# for the certificates
SSLEngine on
SSLCertificateFile "/etc/letsencrypt/live/ordalis.fr/cert.pem"
SSLCertificateKeyFile "/etc/letsencrypt/live/ordalis.fr/privkey.pem"
SSLCertificateChainFile "/etc/letsencrypt/live/ordalis.fr/chain.pem"
# for A grade
SSLProtocol all -SSLv2 -SSLv3 -TLSv1
SSLHonorCipherOrder on
SSLCipherSuite "!ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:!ECDHE-ECDSA-AES128-SHA:!ECDHE-ECDSA-AES256-SHA:!ECDHE-ECDSA-AES128-SHA256:!ECDHE-ECDSA-AES256-SHA384:!ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:!ECDHE-RSA-AES128-SHA:!ECDHE-RSA-AES256-SHA:!ECDHE-RSA-AES128-SHA256:!ECDHE-RSA-AES256-SHA384:!DHE-RSA-AES128-GCM-SHA256:!DHE-RSA-AES256-GCM-SHA384:!DHE-RSA-AES128-SHA:!DHE-RSA-AES256-SHA:!DHE-RSA-AES128-SHA256:!DHE-RSA-AES256-SHA256"
Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"
# for the websockets
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/socket.io [NC]
RewriteCond %{QUERY_STRING} transport=websocket [NC]
RewriteRule /(.*) ws://localhost:10000/$1 [P,L]
# for the www removal
RewriteCond %{HTTP_HOST} ^www\.(.+)$
RewriteRule ^(.*) https://$1 [QSA,L,R=301]
# choose a method : nodejs / php
# to connect a nodejs server
ProxyRequests Off
ProxyPass / http://localhost:10000/
ProxyPassReverse / http://localhost:10000/
ProxyPreserveHost On
# to use php / html static
AssignUserId ordalis_prod ordalis_prod
DocumentRoot /home/ordalis_prod/site/
</VirtualHost>
Si ça merde :
find /etc/letsencrypt | grep projet | xargs rm -rf
et retenter.