httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rich.gre...@hushmail.com
Subject [users@httpd] LetsEncrypt.org with Virtual Hosting
Date Tue, 14 Jun 2016 19:08:39 GMT
For some time, I have been hosting about 10 sites unencrypted.  But since people other than
just myself will be using my squirrelmail, I decided to encrypt my server.  I had delayed
it simply because keys are too expensive to buy, but now I learned about LetsEncrypt.org and
have been working in that direction.

So far, I moved two websites over to this server, example.com and example.info.  My first
test of the LetsEncrypt software was of the form of:

# letsencrypt-auto -apache -d example.com

but I ran into a caveat with www.example.com not being accepted.  I decided to re-run with
the other domain included as well, so I did the remaining three combinations:

#letsencrypt-auto -apache -d www.example.com -d example.info -d www.example.info

The conf files for the sites are fairly straight-forward in my mind.  There are four of them:

#/etc/apache2/sites-available/80-example.com
<IfModule mod_ssl.c>
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/example.com/public_html/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ServerName example.com
ServerAlias www.example.com
</VirtualHost>
</IfModule>

#/etc/apache2/sites-available/443-example.com
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@example.com
DocumentRoot /var/www/example.com/public_html/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
ServerName example.com
ServerAlias www.example.com
</VirtualHost>
</IfModule>

#/etc/apache2/sites-available/80-example.info
<IfModule mod_ssl.c>
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/example.info/public_html/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ServerName example.info
ServerAlias www.example.info
</VirtualHost>
</IfModule>

#/etc/apache2/sites-available/443-example.info
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@example.info
DocumentRoot /var/www/example.info/public_html/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
ServerName example.info
ServerAlias www.example.info
</VirtualHost>

Notice that SSLCertificateFile and SSLCertificateKeyFile are the same for both of the domains,
because they use the same key of example.com.  The website, example.com works perfectly fine.
 But example.info has serious problems (On the order of NET::ERR_CERT_COMMON_NAME_INVALID).
 Who has an idea on how to fix this?  I can't experiment too much because I'm limited to 5
keys per week so learning this myself is a very slow-track process.

There are a number of HOWTO documents out there, but there is very wide variance in their
steps that I have little confidence in them, but have chosen one and decided to try at it.
 Once I get this established, I promise to write a blog article explaining the procedure a
little bit better


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message