tag:dreamwidth.org,2017-04-25:3165654Kevin Reid's blogKevin ReidKevin Reid2018-06-28T18:06:12Ztag:dreamwidth.org,2017-04-25:3165654:53011HTTPS, finally2018-06-28T17:43:13Z2018-06-28T18:06:12Zpublic0<p>In further news of updating my personal web presence, I have finally set up HTTPS for <a href="https://switchb.org/kpreid/">switchb.org</a>. As I write this I'm working on updating all the links to it that I control.
<p>The thing I found underdocumented in Let's Encrypt/Certbot is: if you want to (or must) manually edit the HTTP configuration, what should the edits be? What I concluded was:</p>
<pre><code><VirtualHost *:443>
ServerName <var>YOUR DOMAIN NAME</var>
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/<var>YOUR DOMAIN OR CERT NAME</var>/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/<var>YOUR DOMAIN OR CERT NAME</var>/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/<var>YOUR DOMAIN OR CERT NAME</var>/chain.pem
<var>...rest of configuration for this virtual host...</var>
</VirtualHost></code></pre>
<p>Notes:
<ul>
<li><code>/etc/letsencrypt/options-ssl-apache.conf</code> (which of course may be in a different location depending on your OS and package manager) contains the basic configuration to enable SSL (<code>SSLEngine on</code>) and certbot-recommended cipher options.
<li>You have to have a separate VirtualHost entry for *:443 and *:80; there's no way to copy the common configuration as far as I heard.
<li>By "<var>CERT NAME</var>" I mean the name assigned to a multi-domain-name certificate if you have requested one. You can find out the certificate names with the command <kbd>certbot certificates</kbd>. For a single domain it will be identical to the domain name.
</li></li></li></ul></p></p><br /><br /><img src="https://www.dreamwidth.org/tools/commentcount?user=kpreid&ditemid=53011" width="30" height="12" alt="comment count unavailable" style="vertical-align: middle;"/> comments