27/07/2017
lets encrypt https vhost apache
apt-get install letsencrypt
apt-get install python-letsencrypt-apache

Pour créer ou renew :

letsencrypt certonly --manual --renew-by-default --email admin@site.fr -d site.fr

This creates a directory: /etc/letsencrypt/live/example.com/ containing certificate files:
cert.pem
chain.pem
fullchain.pem
privkey.pem
Pour renew automatique (cron) :

SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
0 0 1 * * ( /usr/sbin/apachectl stop && /usr/bin/letsencrypt certonly --renew-by-default --email contact@ideaz.world -d ideaz.world ; /usr/sbin/apachectl restart ) > /root/letsencryptideaz.log.txt 2>&1

exemple complet vhost apache :

<VirtualHost *:80>
    ServerName law.raphaelpiccolo.com
    ServerAlias ordalis.fr
    ServerAlias www.ordalis.fr
    
    # to redirect to https
    RewriteEngine on
    RewriteRule ^/(.*) https://ordalis.fr/$1 [L,R]
</VirtualHost>

<VirtualHost *:443>
    ServerName ordalis.fr

    # for the certificates
    SSLEngine on
    SSLCertificateFile "/etc/letsencrypt/live/ordalis.fr/cert.pem"
    SSLCertificateKeyFile "/etc/letsencrypt/live/ordalis.fr/privkey.pem"
    SSLCertificateChainFile "/etc/letsencrypt/live/ordalis.fr/chain.pem"

    # for A grade
    SSLProtocol all -SSLv2 -SSLv3 -TLSv1
    SSLHonorCipherOrder on
    SSLCipherSuite "!ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:!ECDHE-ECDSA-AES128-SHA:!ECDHE-ECDSA-AES256-SHA:!ECDHE-ECDSA-AES128-SHA256:!ECDHE-ECDSA-AES256-SHA384:!ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:!ECDHE-RSA-AES128-SHA:!ECDHE-RSA-AES256-SHA:!ECDHE-RSA-AES128-SHA256:!ECDHE-RSA-AES256-SHA384:!DHE-RSA-AES128-GCM-SHA256:!DHE-RSA-AES256-GCM-SHA384:!DHE-RSA-AES128-SHA:!DHE-RSA-AES256-SHA:!DHE-RSA-AES128-SHA256:!DHE-RSA-AES256-SHA256"
    Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"

    # for the websockets
    RewriteEngine On
    RewriteCond %{REQUEST_URI} ^/socket.io [NC]
    RewriteCond %{QUERY_STRING} transport=websocket [NC]
    RewriteRule /(.*) ws://localhost:10000/$1 [P,L]

    # for the www removal
    RewriteCond %{HTTP_HOST} ^www\.(.+)$
    RewriteRule ^(.*) https://$1 [QSA,L,R=301]

    # choose a method : nodejs / php

    # to connect a nodejs server
    ProxyRequests Off
    ProxyPass / http://localhost:10000/
    ProxyPassReverse / http://localhost:10000/
    ProxyPreserveHost On
    
    # to use php / html static
    AssignUserId ordalis_prod ordalis_prod
    DocumentRoot /home/ordalis_prod/site/
</VirtualHost>

Si ça merde :

find /etc/letsencrypt | grep projet | xargs rm -rf

et retenter.