You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "@lbutlr" <kr...@kreme.com> on 2018/02/13 04:54:11 UTC
[users@httpd] Setting up Apache 2.4 with Letsencrypt
I have dehydrate properly renewing certs from Let's Encrypt (which I am using successfully for mail authentication) and I ma trying to get them working for Apache 2.4, but no luck so far.
I created aliases in /usr/local/etc/apache24/ pointing to the files in /usr/local/etc/dehydrated/certs/domain.tld/fullchain.pem and privkey.pem
in httpd.conf I have:
LoadModule ssl_module libexec/apache24/mod_ssl.so
Include etc/apache24/extra/httpd-ssl.conf
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
/etc/httpd/extra//httpd-ssl.conf:
Listen 443
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLPassPhraseDialog builtin
SSLSessionCache "dbm:/var/run/ssl_scache"
SSLSessionCacheTimeout 300
<VirtualHost _default_:443>
DocumentRoot "/usr/local/www/roundcube"
ServerName www.covisp.net:443
ServerAdmin admin@covisp.net
ErrorLog "/var/log/httpd-error.log"
TransferLog "/var/log/httpd-access.log"
SSLEngine on
SSLCertificateFile "/usr/local/etc/apache24/ssl.pem"
SSLCertificateKeyFile "/usr/local/etc/apache24/ssl.key"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/usr/local/www/apache24/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
CustomLog "/var/log/httpd-ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
# apachectl -S shows at the end:
*:443 is a NameVirtualHost
default server www.covisp.net (/usr/local/etc/apache24/extra/httpd-vhosts.conf:32)
port 443 namevhost www.covisp.net (/usr/local/etc/apache24/extra/httpd-vhosts.conf:32)
alias covisp.net
alias mail.covisp.net
alias webmail.covisp.net
port 443 namevhost www.covisp.net (/usr/local/etc/apache24/extra/httpd-ssl.conf:83)
But I just get a failed to load error and I don't see anything helpful in the logs.
I tried removing the links in the apache24 folder and copying the .pem files (privkey.pem to ssl.key), but still get an unable to establish secure connection error.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] Re: Setting up Apache 2.4 with Letsencrypt
Posted by "@lbutlr" <kr...@kreme.com>.
On 13 Feb 2018, at 06:43, Marat Khalili <mk...@rqc.ru> wrote:
> But I just get a failed to load error and I don't see anything helpful in the logs.
>>
>> I tried removing the links in the apache24 folder and copying the .pem files (privkey.pem to ssl.key), but still get an unable to establish secure connection error.
>
> You did not post exact errors,
I found nothing logged. All I get is the browser saying it couldn’t establish a secure connection. Nothing in /var/log/httpd-error.log
Thanks for the post, that got me most of the way there. I bypassed the httpd-ssl conf file entirely and just put this SSL enable and certificate paths directly into virtual host and it appears to be working.
Not sure what UserStapling requires, but enabling it cause apache to not startup, so I removed that line for now.
--
The night is always old. He'd walked too often down dark streets in the
secret hours and felt the night stretching away, and known in his blood
that while days and kings and empires come and go, the night is always
the same age, always aeons deep. Terrors unfolded in the velvet shadows
and while the nature of the talons may change, the nature of the beast
does not. --Jingo
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Setting up Apache 2.4 with Letsencrypt
Posted by Marat Khalili <mk...@rqc.ru>.
> But I just get a failed to load error and I don't see anything helpful in the logs.
>
> I tried removing the links in the apache24 folder and copying the .pem files (privkey.pem to ssl.key), but still get an unable to establish secure connection error.
You did not post exact errors, but just in case the following works here:
> SSLEngine on
> SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
> SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
> SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
> SSLUseStapling On
--
With Best Regards,
Marat Khalili
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org