You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
304 lines
6.9 KiB
304 lines
6.9 KiB
<!DOCTYPE html> |
|
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en-us"> |
|
<head> |
|
<title> |
|
Let's Encrypt // Hagfi.sh |
|
</title> |
|
|
|
<link href="http://gmpg.org/xfn/11" rel="profile"> |
|
<meta http-equiv="content-type" content="text/html; charset=utf-8"> |
|
|
|
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1"> |
|
|
|
<meta name="description" content=""> |
|
<meta name="keywords" content=""> |
|
<meta name="author" content=""> |
|
<meta name="generator" content="Hugo 0.18.1" /> |
|
|
|
<meta property="og:title" content="Let's Encrypt" /> |
|
<meta property="og:description" content="" /> |
|
<meta property="og:type" content="website" /> |
|
<meta property="og:locale" content="en_US" /> |
|
<meta property="og:url" content="https://hagfi.sh/administration/letsencrypt/" /> |
|
|
|
|
|
|
|
<link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/pure/0.5.0/base-min.css"> |
|
<link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/pure/0.5.0/pure-min.css"> |
|
|
|
|
|
<link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/pure/0.5.0/grids-responsive-min.css"> |
|
|
|
|
|
|
|
<link rel="stylesheet" href="https://hagfi.sh//css/redlounge.css"> |
|
<link href="//maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css" rel="stylesheet"> |
|
<link href='//fonts.googleapis.com/css?family=Raleway:400,200,100,700,300,500,600,800' rel='stylesheet' type='text/css'> |
|
<link href='//fonts.googleapis.com/css?family=Libre+Baskerville:400,700,400italic' rel='stylesheet' type='text/css'> |
|
|
|
|
|
<link rel="apple-touch-icon-precomposed" sizes="144x144" href="/touch-icon-144-precomposed.png"> |
|
<link rel="shortcut icon" type="image/x-icon" href="/img/favicon.png"> |
|
|
|
|
|
<link href="" rel="alternate" type="application/rss+xml" title="Hagfi.sh" /> |
|
|
|
|
|
|
|
<link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/highlight.js/8.7/styles/tomorrow-night-bright.min.css"> |
|
|
|
<script src="//cdnjs.cloudflare.com/ajax/libs/highlight.js/8.7/highlight.min.js"></script> |
|
<script>hljs.initHighlightingOnLoad();</script> |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
</head> |
|
|
|
<body> |
|
|
|
|
|
<div id="layout" class="pure-g"> |
|
<div class="sidebar pure-u-1 pure-u-md-1-4"> |
|
<div class="header"> |
|
|
|
|
|
|
|
|
|
<h1 class="brand-title">Hagfi.sh</h1> |
|
<h2 class="brand-tagline">Documentation</h2> |
|
|
|
<nav class="nav"> |
|
<ul class="nav-list"> |
|
<li class="nav-item"><span class="nav-item-separator">//</span><a href="https://hagfi.sh/">Home</a></li> |
|
|
|
<li class="nav-item"><span class="nav-item-separator">//</span><a href="/administration">Administration</a></li> |
|
|
|
<li class="nav-item"><span class="nav-item-separator">//</span><a href="/development">Development</a></li> |
|
|
|
<li class="nav-item"><span class="nav-item-separator">//</span><a href="/tools">Tools</a></li> |
|
|
|
</ul> |
|
</nav> |
|
|
|
|
|
|
|
</div> |
|
</div> |
|
|
|
|
|
|
|
|
|
<div class="content pure-u-1 pure-u-md-3-4"> |
|
<a name="top"></a> |
|
|
|
|
|
|
|
|
|
<div id="toc" class="pure-u-1 pure-u-md-1-4"> |
|
<small class="toc-label">Contents</small> |
|
<nav id="TableOfContents"> |
|
<ul> |
|
<li> |
|
<ul> |
|
<li><a href="#let-s-encrypt">Let’s Encrypt:</a> |
|
<ul> |
|
<li><a href="#apache-httpd">Apache / httpd</a></li> |
|
<li><a href="#nginx">Nginx</a></li> |
|
</ul></li> |
|
</ul></li> |
|
</ul> |
|
</nav> |
|
</div> |
|
|
|
|
|
<section class="post"> |
|
<h1 class="post-title"> |
|
<a href="/administration/letsencrypt/">Let's Encrypt</a> |
|
</h1> |
|
<h3 class="post-subtitle"> |
|
|
|
</h3> |
|
|
|
<span class="post-date"> |
|
<span class="post-date-day"><sup>25</sup></span><span class="post-date-separator">/</span><span class="post-date-month">Aug</span> <span class="post-date-year">2018</span> |
|
</span> |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<h2 id="let-s-encrypt">Let’s Encrypt:</h2> |
|
|
|
<ul> |
|
<li>Aanmaken / vernieuwen certificaat:</li> |
|
</ul> |
|
|
|
<pre><code>/opt/letsencrypt/letsencrypt-auto certonly |
|
--expand |
|
---email support@nucleus.be |
|
--agree-tos |
|
--webroot |
|
-w /var/www/vhosts/WEB/ROOT |
|
-d domain.tld |
|
-d domainalias.tld |
|
--dry-run |
|
</code></pre> |
|
|
|
<pre><code>/bin/certbot |
|
--text |
|
--agree-tos |
|
--non-interactive |
|
certonly |
|
-a webroot |
|
--webroot-path /var/www/vhosts/WEB/ROOT |
|
-d domain.tld |
|
-d domainalias.tld |
|
--dry-run |
|
</code></pre> |
|
|
|
<p><code>--dry-run</code> om het aanmaken te testen.</p> |
|
|
|
<h3 id="apache-httpd">Apache / httpd</h3> |
|
|
|
<ul> |
|
<li>(1) Voeg volgende regels toe aan de apache config:</li> |
|
</ul> |
|
|
|
<pre><code>Alias /.well-known /var/www/vhosts/letsencrypt/.well-known |
|
<Directory /var/www/vhosts/letsencrypt/.well-known> |
|
order allow,deny |
|
allow from all |
|
satisfy any |
|
</Directory> |
|
</code></pre> |
|
|
|
<ul> |
|
<li>Of (2) voeg volgende regels toe aan .htaccess:</li> |
|
</ul> |
|
|
|
<pre><code><IfModule mod_rewrite.c> |
|
RewriteEngine on |
|
#Allow Let's Encrypt SSL renewal |
|
RewriteRule ^.well-known/ - [L,NC] |
|
RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/ |
|
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L] |
|
</code></pre> |
|
|
|
<ul> |
|
<li>Combineer Basic Auth met Let’s Encrypt:<br /> |
|
<em>Dit moet je bekijken ale een if/else. (Ofwel valid-user ofwel REQUEST_URI)</em></li> |
|
</ul> |
|
|
|
<pre><code> <Directory /var/www/vhosts/WEB/ROOT> |
|
AuthType Basic |
|
AuthName protected |
|
AuthUserFile /etc/httpd/passwd/phpmyadmin.htpasswd |
|
require valid-user |
|
Require expr %{REQUEST_URI} =~ m#^/.well-known/acme-challenge/.*# |
|
</Directory> |
|
</code></pre> |
|
|
|
<h3 id="nginx">Nginx</h3> |
|
|
|
<ul> |
|
<li>Voeg volgende regels toe aan Nginx</li> |
|
</ul> |
|
|
|
<pre><code> location /.well-known { |
|
root /var/www/vhosts/WEB/ROOT; |
|
index index.html index.htm index.php; |
|
} |
|
</code></pre> |
|
|
|
<p>-</p> |
|
|
|
<ul> |
|
<li>Controleer DNS lijst domeinen:</li> |
|
</ul> |
|
|
|
<pre><code>while read LINE; |
|
do |
|
echo $LINE >> list_processed.txt && dig +short @9.9.9.9 $LINE >> list_processed.txt; |
|
done < list.txt |
|
</code></pre> |
|
|
|
<ul> |
|
<li>(WIP) |
|
<br /></li> |
|
</ul> |
|
|
|
<pre><code>#!/bin/bash |
|
|
|
#IP=<%= @default_ipadress %> |
|
IP=$(dig +short @9.9.9.9 $(hostname)) |
|
FILE=$1 |
|
|
|
while read LINE |
|
do |
|
CHK=$(dig +short @9.9.9.9 $LINE) |
|
if $IP -eq $CHK |
|
echo "$LINE|$CHK" >> /tmp/le-ok |
|
elif |
|
echo "$LINE|$CHK" >> /tmp/le-nok |
|
fi |
|
done < $FILE |
|
|
|
echo "Domains OK:" |
|
echo /tmp/le-ok | column |
|
echo "-------------------------------" |
|
echo "Domains NOT OK:" |
|
echo /tmp/le-nok | column |
|
|
|
rm -rf /tmp/le-ok |
|
rm -rf /tmp/le-nok |
|
</code></pre> |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<div class="paging"> |
|
<span class="paging-label">More Reading</span> |
|
|
|
|
|
|
|
<div class="paging-older"> |
|
<span class="dark-red">Older</span><span class="decorative-marker">//</span> |
|
<a class="paging-link" href="/administration/mysql_tuner/">MySQL Tuner</a> |
|
</div> |
|
|
|
</div> |
|
|
|
</section> |
|
|
|
|
|
|
|
|
|
|
|
</div> |
|
</div> |
|
|
|
|
|
|
|
|
|
|
|
</body> |
|
</html>
|
|
|