Difference between revisions of "SSL Certs"
Line 20: | Line 20: | ||
For now... The old version is still on [[TinkerWiki:NetMan - SSL Certs#Getting proper certificates onto the machine{{!}}the TinkerNet Wiki]]. | For now... The old version is still on [[TinkerWiki:NetMan - SSL Certs#Getting proper certificates onto the machine{{!}}the TinkerNet Wiki]]. | ||
<span style="color: rgb(255, 0, 0);">'''[[Now Do A Backup!{{!}}Now Do A Backup!]]'''</span> | |||
[[Category:Network Management]] | [[Category:Network Management]] | ||
[[Category:WebServers]] | [[Category:WebServers]] |
Revision as of 16:39, 13 January 2022
On an Apache based server
From /usr/share/doc/apache2/README.Debian.gz
Enabling SSL
To enable SSL, type:
sudo a2ensite default-ssl
sudo a2enmod ssl
If you want to use self-signed certificates, you should install the ssl-cert
package (see below). Otherwise, just adjust the SSLCertificateKeyFile and SSLCertificateFile directives in '/etc/apache2/sites-available/default-ssl.conf' to point to your SSL certificate. Then restart apache:
sudo systemctl restart apache2
The SSL key file should only be readable by root; the certificate file may be globally readable. These files are read by the Apache parent process which runs as root, and it is therefore not necessary to make the files readable by the www-data user.
Getting proper certificates onto the machine
Sadly...
Between the time I wrote this up on the TinkerNet Wiki and now, Let's Encrypt has drastically changed things and certbot is now only supported if you want to deal with snapd...
Give me time & I'll work out new instructions.
For now... The old version is still on the TinkerNet Wiki.