--- author: Olivier De Ram date: 2018-08-25T22:08:15+02:00 draft: false title: Let's Encrypt --- ## Let's Encrypt: * Aanmaken / vernieuwen certificaat: ``` /opt/letsencrypt/letsencrypt-auto certonly --expand ---email support@domain.tld --agree-tos --webroot -w /var/www/vhosts/WEB/ROOT -d domain.tld -d domainalias.tld --dry-run ``` ``` /bin/certbot --text --agree-tos --non-interactive certonly -a webroot --webroot-path /var/www/vhosts/WEB/ROOT -d domain.tld -d domainalias.tld --dry-run ``` `--dry-run` om het aanmaken te testen. ### Apache / httpd * (1) Voeg volgende regels toe aan de apache config: ``` Alias /.well-known /var/www/vhosts/letsencrypt/.well-known order allow,deny allow from all satisfy any ``` * Of (2) voeg volgende regels toe aan .htaccess: ``` RewriteEngine on #Allow Let's Encrypt SSL renewal RewriteRule ^.well-known/ - [L,NC] RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/ RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L] ``` * Combineer Basic Auth met Let's Encrypt: _Dit moet je bekijken ale een if/else. (Ofwel valid-user ofwel REQUEST\_URI)_ ``` AuthType Basic AuthName protected AuthUserFile /etc/httpd/passwd/phpmyadmin.htpasswd require valid-user Require expr %{REQUEST_URI} =~ m#^/.well-known/acme-challenge/.*# ``` ### Nginx * Voeg volgende regels toe aan Nginx ``` location /.well-known { root /var/www/vhosts/WEB/ROOT; index index.html index.htm index.php; } ``` - * Controleer DNS lijst domeinen: ``` while read LINE; do echo $LINE >> list_processed.txt && dig +short @9.9.9.9 $LINE >> list_processed.txt; done < list.txt ``` * (WIP) ``` #!/bin/bash #IP=<%= @default_ipadress %> IP=$(dig +short @9.9.9.9 $(hostname)) FILE=$1 while read LINE do CHK=$(dig +short @9.9.9.9 $LINE) if $IP -eq $CHK echo "$LINE|$CHK" >> /tmp/le-ok elif echo "$LINE|$CHK" >> /tmp/le-nok fi done < $FILE echo "Domains OK:" echo /tmp/le-ok | column echo "-------------------------------" echo "Domains NOT OK:" echo /tmp/le-nok | column rm -rf /tmp/le-ok rm -rf /tmp/le-nok ```