Distribution de travail : Ubuntu 14.04 64 bits LTS (HVM)
I) Pré-requis. 1/ Création d'une instance Simple Hosting de taille M 2/ Ajout du site internet/hôte virtuel correspondant au nom de domaine 3/ Récupération de la clé API II) Mise-en-place d'un serveur Ubuntu nouvellement créé. 1/ Mise-à-jour du serveur 2/ Installation des paquetages de base 3/ Installation du paquet de développement Python 4/ Modification des locales 5/ Installation de Python pip III) Configuration sécurisé de la connexion 1/ Génération des clé ssh 2/ Vérification 3/ Ajout de la clé publique ssh 'id_rsa.pub' à l'instance Simple Hosting 4/ Test de connexion en SFTP 5/ Ajout de la clé dans 'ssh-agent' 6/ 3ème connexion IV) Installation des applications de création de certificat 1/ Installation de 'Certbot' 2/ Téléchargement du plugin 'Let's encrypt Gandi' 3/ Mise-à-jour de 'Python-pip' 4/ Installation du plugin 'Let's Encrypt Gandi' 5/ Affichage du plugin Gandi V) Installation du certificat 'Let's encrypt' sur l'instance 1/ Installation du certificat 2/ Valider les informations suivantes 3/ Message suivant apparaît quand l'installation à réussie 4/ Test VI) Lien
https://www.gandi.net/hebergement/simple?language=php&db=mysql&grid=A
https://wiki.gandi.net/fr/simple/shs-dns_config/instance
https://www.gandi.net/admin/api_key
[~] ➔ ssh administrateur@46.226.166.30
administrateur@server01:~$ su
root@server01:/home/administrateur#
root@server01:/home/administrateur# apt-get update && apt-get upgrade
root@server01:/home/administrateur# apt-get install git-core mc screen links vim
root@server01:/home/administrateur# apt-get install python-dev
root@server01:/home/administrateur# python --version
Python 2.7.6
root@server01:/home/administrateur# export LC_ALL=C
root@server01:/home/administrateur# dpkg-reconfigure locales
root@server01:/home/administrateur# apt-get install python-pip
root@server01:/home/administrateur# pip install --upgrade pip
root@server01:/home/administrateur# exit
administrateur@server01:~$ ssh-keygen -t rsa -b 4096 -C "lesanglier@gmail.com"
Generating public/private rsa key pair.
Enter file in which to save the key (/home/administrateur/.ssh/id_rsa): <entrée>
Created directory '/home/administrateur/.ssh'.
Enter passphrase (empty for no passphrase): <la phrase de passe>
Enter same passphrase again: <la phrase de passe>
Your identification has been saved in /home/administrateur/.ssh/id_rsa.
Your public key has been saved in /home/administrateur/.ssh/id_rsa.pub.
The key fingerprint is:
45:b9:cf:c0:a4:e2:28:2f:81:c6:3b:54:a1:2b:8e:e4 lesanglierdesardennes@gmail.com
The key's randomart image is:
+--[ RSA 4096]----+
| .. |
| . .o |
| . . +.. |
| . . . ..+ |
|..o o .S + |
|o*o . . o |
|O .+ |
|.E. . |
| .. |
+-----------------+
administrateur@server01:~$ ls -l ~/.ssh/
total 8
-rw------- 1 administrateur users 3326 Aug 10 18:12 id_rsa
-rw-r--r-- 1 administrateur users 757 Aug 10 18:12 id_rsa.pub
Copier et coller la clé suivante :
administrateur@server01:~$ cat ~/.ssh/id_rsa.pub
https://wiki.gandi.net/fr/simple/ssh_key
administrateur@server01:~$ sftp 7027666@sftp.dc0.gpaas.net
The authenticity of host 'sftp.dc0.gpaas.net (2001:4b98:dc0:950::142)' can't be established.
RSA key fingerprint is 35:e0:5a:a9:54:12:55:6b:ce:41:8c:c1:9e:35:1d:f6.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'sftp.dc0.gpaas.net,2001:4b98:dc0:950::142' (RSA) to the list of known hosts.
Enter passphrase for key '/home/administrateur/.ssh/id_rsa':
Connected to sftp.dc0.gpaas.net.
sftp> exit
administrateur@server01:~$ sftp 7027666@sftp.dc0.gpaas.net
Enter passphrase for key '/home/administrateur/.ssh/id_rsa':
Connected to sftp.dc0.gpaas.net.
sftp> exit
administrateur@server01:~$ eval $(ssh-agent)
Agent pid 22535
administrateur@server01:~$ ssh-add
Enter passphrase for /home/administrateur/.ssh/id_rsa:
Identity added: /home/administrateur/.ssh/id_rsa (/home/administrateur/.ssh/id_rsa)
administrateur@server01:~$ sftp 7027666@sftp.dc0.gpaas.net
Connected to sftp.dc0.gpaas.net.
sftp> exit
administrateur@server01:~$ mkdir CERTBOT
administrateur@server01:~$ cd CERTBOT/
administrateur@server01:~/CERTBOT$ wget https://dl.eff.org/certbot-auto
administrateur@server01:~/CERTBOT$ chmod a+x certbot-auto
administrateur@server01:~/CERTBOT$ ./certbot-auto
...
Creating virtual environment...
Installing Python packages...
Installation succeeded.
Requesting root privileges to run certbot...
/home/administrateur/.local/share/letsencrypt/bin/letsencrypt
Password:
No installers seem to be present and working on your system; fix that or try running certbot with the "certonly" command
administrateur@server01:~/CERTBOT$ cd ..
administrateur@server01:~$
Lien : https://certbot.eff.org/#ubuntutrusty-other
administrateur@server01:~$ mkdir LETSENCRYPT
administrateur@server01:~$ cd LETSENCRYPT/
administrateur@server01:~/LETSENCRYPT$ git clone https://github.com/Gandi/letsencrypt-gandi.git
administrateur@server01:~/LETSENCRYPT$ cd letsencrypt-gandi/
administrateur@server01:~/LETSENCRYPT/letsencrypt-gandi$
administrateur@server01:~/LETSENCRYPT/letsencrypt-gandi$ ~/.local/share/letsencrypt/bin/pip install --upgrade pip
...
Installing collected packages: pip
Found existing installation: pip 8.0.3
Uninstalling pip-8.0.3:
Successfully uninstalled pip-8.0.3
Successfully installed pip-8.1.2
administrateur@server01:~/LETSENCRYPT/letsencrypt-gandi$ ~/.local/share/letsencrypt/bin/pip install -e .
Obtaining file:///home/administrateur/LETSENCRYPT/letsencrypt-gandi
Requirement already satisfied (use --upgrade to upgrade): setuptools in /home/administrateur/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt-gandi==0.0.1.dev0)
Requirement already satisfied (use --upgrade to upgrade): mock in /home/administrateur/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt-gandi==0.0.1.dev0)
Installing collected packages: letsencrypt-gandi
Running setup.py develop for letsencrypt-gandi
Successfully installed letsencrypt-gandi
administrateur@server01:~/LETSENCRYPT/letsencrypt-gandi$ cd
administrateur@server01:~$
administrateur@server01:~$ su
root@server01:/home/administrateur# .local/share/letsencrypt/bin/certbot plugins
...
* letsencrypt-gandi:gandi-shs
Description: Gandi Simple Hosting - Alpha
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: gandi-shs = letsencrypt_gandi.shs:GandiSHSConfigurator
...
root@server01:/home/administrateur# exit
root@server01:/home/administrateur# .local/share/letsencrypt/bin/certbot run \
--domains blackhacker.tech \
--authenticator letsencrypt-gandi:gandi-shs \
--letsencrypt-gandi:gandi-shs-name HebergementSSL \
--letsencrypt-gandi:gandi-shs-vhost blackhacker.tech \
--letsencrypt-gandi:gandi-shs-api-key tchYY6Vlb6ar159tEU2e6666H \
--installer letsencrypt-gandi:gandi-shs
Enter email address (used for urgent notices and lost key recovery) : lesanglier@gmail.com
Please read the Terms of Service : <agree>
Congratulations! You have successfully enabled
https://blackhacker.tech
https://www.ssllabs.com/ssltest/analyze.html?d=blackhacker.tech
Interface Gandi :
Site internet :

https://www.hostux.net/certificats-lets-encrypt-simple-hosting/