Hotfix release available: 2025-05-14b "Librarian".
upgrade now! [56.2] (what's this?)
Hotfix release available: 2025-05-14a "Librarian".
upgrade now! [56.1] (what's this?)
New release available: 2025-05-14 "Librarian".
upgrade now! [56] (what's this?)
install
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| install [2021/04/02 21:37] – [KONFIMINE] rene | install [2024/08/05 17:28] (current) – rene | ||
|---|---|---|---|
| Line 327: | Line 327: | ||
| == Adding HTTPS to a new subomain == | == Adding HTTPS to a new subomain == | ||
| + | First make a copy of current files so that you can view diff afterwards: | ||
| + | |||
| + | cp / | ||
| + | cp / | ||
| + | |||
| + | Look at a sample conf for example for " | ||
| + | |||
| Make sure that in your apache conf (/ | Make sure that in your apache conf (/ | ||
| Line 334: | Line 341: | ||
| certbot --apache | certbot --apache | ||
| - | # NB! For some odd reason this process tends to mess up bernard.ee conf (change its ServerAlias to the new domain and also point certificate files wrongly). It is done in this file: / | + | # NB! For some odd reason this process tends to mess up bernard.ee conf (/ |
| + | - The main ServerAlias is changed to the new domain and also certificate files point wrongly. The wrong certificate locations should have been added to the new conf section, but they are missing from there Restore right values manually based on the diff with originla conf files. | ||
| + | - Make sure the new conf starts with "< | ||
| + | - Make sure the new conf section has " | ||
| # it does also add some rewrite rules into your own base conf (/ | # it does also add some rewrite rules into your own base conf (/ | ||
| + | |||
| + | == Renewal (new) == | ||
| + | Open up port 80 in Apache conf: | ||
| + | vi / | ||
| + | |||
| + | Generate new certs (select option " | ||
| + | certbot certonly --force-renewal -d bernard.ee | ||
| + | |||
| + | Check what was the new folder name created for new certs: | ||
| + | l / | ||
| + | |||
| + | Change cert folder in Apache conf (SSLCertificateFile / SSLCertificateKeyFile): | ||
| + | apache_conf | ||
| + | |||
| + | Restart apache: | ||
| + | apache_restart | ||
| + | |||
| + | If new cert works then remove old certs directory: | ||
| + | rm -rf / | ||
| + | |||
| + | |||
| + | # Updating rene.ee.... | ||
| + | NB! Ilmselt tuleb DNS'i verificationit kasutada, sest wildcard serti ei saa HTTP' | ||
| + | |||
| + | Disable index preview (as we need to make rene.ee publicly accessible for renewal) | ||
| + | / | ||
| + | apatche_restart | ||
| + | |||
| + | Removce htaccess to make rene.ee publicly accessible: | ||
| + | mv / | ||
| + | |||
| + | Rund the command (NB! Mind that it's wildcard!) (/ | ||
| + | certbot certonly --force-renewal -d *.rene.ee | ||
| + | |||
| + | Enable index htaccess | ||
| + | mv / | ||
| + | |||
| + | Enable index showing | ||
| + | / | ||
| + | apatche_restart | ||
| + | |||
| + | |||
| + | Clean up afterwards from here (not needed for web server): | ||
| + | / | ||
| + | |||
| + | Close port 80: | ||
| + | vi / | ||
| - | == Renewal == | + | == Renewal |
| - | Certificates expire in 90 days, but renewal is automatic. | + | Certificates expire in 90 days. Renewal can only be automatic |
| You can check that the daemon is working: | You can check that the daemon is working: | ||
install.1617388643.txt.gz · Last modified: 2021/04/02 21:37 by rene · Currently locked by: 216.73.217.121