From 5e8aca81d3d400af461877057ec5f2f9af059761 Mon Sep 17 00:00:00 2001 From: jadrevenge Date: Wed, 20 Sep 2017 10:25:32 +0100 Subject: [PATCH] Updated Deploy ssl certs to apache server (markdown) --- Deploy-ssl-certs-to-apache-server.md | 35 +++++++++++++++++++++++++++- 1 file changed, 34 insertions(+), 1 deletion(-) diff --git a/Deploy-ssl-certs-to-apache-server.md b/Deploy-ssl-certs-to-apache-server.md index 30404ce4..1bbed27c 100644 --- a/Deploy-ssl-certs-to-apache-server.md +++ b/Deploy-ssl-certs-to-apache-server.md @@ -1 +1,34 @@ -TODO \ No newline at end of file +## 1. run acme.sh to copy the certificates to the correct location on the disk + +### 1.1) create a sensible directory to store your apache certificates +I chose /etc/apache2/2.2/ssl + +``` +mkdir -p /etc/apache2/2.2/ssl +``` + +### 1.2) run acme.sh +A few notes: +* the parameters are stored in the .acme.sh configuration file, so get it right for your system as this file is read when the cron job runs +* "reloadcmd" is dependent on your operating system, system V Linux systems use the command "service apache2 force-reload", Solaris based systems use "svcadm restart apache22" or similar + +``` +acme.sh --install-cert -d online.domain.com \ +--cert-file /etc/apache2/2.2/ssl/online.domain.com-cert.pem \ +--key-file /etc/apache2/2.2/ssl/online.domain.com-key.pem \ +--fullchain-file /etc/apache2/2.2/ssl/letsencrypt.pem \ +--reloadcmd "service apache2 force-reload" +``` + +## 2. Set up your httpd.conf + +There are so many ways to do this, it would take a long list to write every variant, however the specific codes you will need to set in your httpd.conf (or ssl.conf, or httpd-ssl.conf) are: + +``` +SSLCertificateFile /etc/apache2/2.2/ssl/online.domain.com-cert.pem +SSLCertificateKeyFile /etc/apache2/2.2/ssl/online.domain.com-key.pem +SSLCertificateChainFile "/etc/apache2/2.2/ssl/letsencrypt.pem" + +SSLCACertificatePath "/etc/apache2/2.2/ssl/" +SSLCACertificateFile "/etc/apache2/2.2/ssl/letsencrypt.pem" +```