La procédure se déroule sous l'utilisateur 'root'.
root@serverdia:/home/admin# apt-get install apache2
root@serverdia:/home/admin# apt-get install python-certbot-apache
root@serverdia:/home/admin# service apache2 stop
root@serverdia:/home/admin# certbot certonly --standalone
root@serverdia:/home/admin# a2enmod rewrite
root@serverdia:/home/admin# a2enmod proxy
root@serverdia:/home/admin# a2enmod proxy_http
root@serverdia:/home/admin# a2enmod headers
root@serverdia:/home/admin# a2enmod ssl
root@serverdia:/home/admin# a2enmod proxy_balancer
root@serverdia:/home/admin# a2enmod lbmethod_byrequests
Ouvrir :
/etc/apache2/sites-enabled/000-default.conf
Tout supprimer. Ajouter :
<virtualHost *:80>
ServerName les-sardines.hackardennes.com
RewriteEngine on
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</virtualHost>
<virtualHost *:443>
ServerName les-sardines.hackardennes.com
DocumentRoot /var/www/html
<directory /var/www/html>
Options -Indexes
AllowOverride all
Order allow,deny
allow from all
</directory>
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/les-sardines.hackardennes.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/les-sardines.hackardennes.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/les-sardines.hackardennes.com/chain.pem
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCompression off
SSLOptions +StrictRequire
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
LogLevel warn
ErrorLog ${APACHE_LOG_DIR}/les-sardines.hackardennes.com-error.log
CustomLog ${APACHE_LOG_DIR}/les-sardines.hackardennes.com-access.log combined
</virtualHost>
root@serverdia:/home/admin# apachectl configtest
root@serverdia:/home/admin# systemctl restart apache2
https://les-sardines.hackardennes.com/
https://www.memoinfo.fr/tutoriels-linux/configurer-lets-encrypt-apache/ http://rockstarninja.labak.xyz/installation-du-reseau-social-diaspora-sous-debian-8-avec-apache2-support-lets-encrypt-et-mysql/