httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rich.gre...@hushmail.com
Subject Re: [users@httpd] LetsEncrypt.org with Virtual Hosting
Date Wed, 15 Jun 2016 08:28:44 GMT
Thanks for the tip.  I never knew about this feature (openssl, encryption in general is new
to me).  At the bottom of this reply is the first, and most interesting part of the standard
out.  Yes, it does return the cert for example.com, but I thought that example.info was included
with that in it's creation when I issued the command:

lentencrypt-auto --apache -d example.com
letsencrypt-auto --apache -d www.example.com -d example.info -d www.example.info

I would have combined them into a single command and tried that, but I didn't want to lose
on of the 5 precious keys per week.  Is the above not an acceptable method for creating a
key for multiple sites.

Output is below:

~$ openssl s_client -connect example.info:443
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = example.com
verify return:1
---
Certificate chain
 0 s:/CN=example.com
   i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
   i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---


On 6/14/2016 at 9:15 PM, "Filipe Cifali" <cifali.filipe@gmail.com> wrote:
>
>Your are probably hitting the wrong cert file, check with:
>
>openssl s_client -connect example.info:443
>
>You can also try to disable the first SSL and check if you hit the 
>right
>one after.
>
>On Tue, Jun 14, 2016 at 4:08 PM, <rich.greder@hushmail.com> wrote:
>
>> For some time, I have been hosting about 10 sites unencrypted.  
>But since
>> people other than just myself will be using my squirrelmail, I 
>decided to
>> encrypt my server.  I had delayed it simply because keys are too 
>expensive
>> to buy, but now I learned about LetsEncrypt.org and have been 
>working in
>> that direction.
>>
>> So far, I moved two websites over to this server, example.com and
>> example.info.  My first test of the LetsEncrypt software was of 
>the form
>> of:
>>
>> # letsencrypt-auto -apache -d example.com
>>
>> but I ran into a caveat with www.example.com not being accepted. 
> I
>> decided to re-run with the other domain included as well, so I 
>did the
>> remaining three combinations:
>>
>> #letsencrypt-auto -apache -d www.example.com -d example.info -d
>> www.example.info
>>
>> The conf files for the sites are fairly straight-forward in my 
>mind.
>> There are four of them:
>>
>> #/etc/apache2/sites-available/80-example.com
>> <IfModule mod_ssl.c>
>> <VirtualHost *:80>
>> ServerAdmin webmaster@localhost
>> DocumentRoot /var/www/example.com/public_html/
>> ErrorLog ${APACHE_LOG_DIR}/error.log
>> CustomLog ${APACHE_LOG_DIR}/access.log combined
>> ServerName example.com
>> ServerAlias www.example.com
>> </VirtualHost>
>> </IfModule>
>>
>> #/etc/apache2/sites-available/443-example.com
>> <IfModule mod_ssl.c>
>> <VirtualHost *:443>
>> ServerAdmin webmaster@example.com
>> DocumentRoot /var/www/example.com/public_html/
>> ErrorLog ${APACHE_LOG_DIR}/error.log
>> CustomLog ${APACHE_LOG_DIR}/access.log combined
>> SSLCertificateFile 
>/etc/letsencrypt/live/example.com/fullchain.pem
>> SSLCertificateKeyFile 
>/etc/letsencrypt/live/example.com/privkey.pem
>> Include /etc/letsencrypt/options-ssl-apache.conf
>> ServerName example.com
>> ServerAlias www.example.com
>> </VirtualHost>
>> </IfModule>
>>
>> #/etc/apache2/sites-available/80-example.info
>> <IfModule mod_ssl.c>
>> <VirtualHost *:80>
>> ServerAdmin webmaster@localhost
>> DocumentRoot /var/www/example.info/public_html/
>> ErrorLog ${APACHE_LOG_DIR}/error.log
>> CustomLog ${APACHE_LOG_DIR}/access.log combined
>> ServerName example.info
>> ServerAlias www.example.info
>> </VirtualHost>
>> </IfModule>
>>
>> #/etc/apache2/sites-available/443-example.info
>> <IfModule mod_ssl.c>
>> <VirtualHost *:443>
>> ServerAdmin webmaster@example.info
>> DocumentRoot /var/www/example.info/public_html/
>> ErrorLog ${APACHE_LOG_DIR}/error.log
>> CustomLog ${APACHE_LOG_DIR}/access.log combined
>> SSLCertificateFile 
>/etc/letsencrypt/live/example.com/fullchain.pem
>> SSLCertificateKeyFile 
>/etc/letsencrypt/live/example.com/privkey.pem
>> Include /etc/letsencrypt/options-ssl-apache.conf
>> ServerName example.info
>> ServerAlias www.example.info
>> </VirtualHost>
>>
>> Notice that SSLCertificateFile and SSLCertificateKeyFile are the 
>same for
>> both of the domains, because they use the same key of 
>example.com.  The
>> website, example.com works perfectly fine.  But example.info has 
>serious
>> problems (On the order of NET::ERR_CERT_COMMON_NAME_INVALID).  
>Who has an
>> idea on how to fix this?  I can't experiment too much because 
>I'm limited
>> to 5 keys per week so learning this myself is a very slow-track 
>process.
>>
>> There are a number of HOWTO documents out there, but there is 
>very wide
>> variance in their steps that I have little confidence in them, 
>but have
>> chosen one and decided to try at it.  Once I get this 
>established, I
>> promise to write a blog article explaining the procedure a 
>little bit better
>>
>>
>> -----------------------------------------------------------------
>----
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>
>
>-- 
>[ ]'s
>
>Filipe Cifali Stangler


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message