Let's Encrypt
25/Aug 2018
Let’s Encrypt:
- Aanmaken / vernieuwen certificaat:
/opt/letsencrypt/letsencrypt-auto certonly
--expand
---email support@domain.tld
--agree-tos
--webroot
-w /var/www/vhosts/WEB/ROOT
-d domain.tld
-d domainalias.tld
--dry-run
/bin/certbot
--text
--agree-tos
--non-interactive
certonly
-a webroot
--webroot-path /var/www/vhosts/WEB/ROOT
-d domain.tld
-d domainalias.tld
--dry-run
--dry-run om het aanmaken te testen.
Apache / httpd
- (1) Voeg volgende regels toe aan de apache config:
Alias /.well-known /var/www/vhosts/letsencrypt/.well-known
<Directory /var/www/vhosts/letsencrypt/.well-known>
order allow,deny
allow from all
satisfy any
</Directory>
- Of (2) voeg volgende regels toe aan .htaccess:
<IfModule mod_rewrite.c>
RewriteEngine on
#Allow Let's Encrypt SSL renewal
RewriteRule ^.well-known/ - [L,NC]
RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]
- Combineer Basic Auth met Let’s Encrypt:
Dit moet je bekijken ale een if/else. (Ofwel valid-user ofwel REQUEST_URI)
<Directory /var/www/vhosts/WEB/ROOT>
AuthType Basic
AuthName protected
AuthUserFile /etc/httpd/passwd/phpmyadmin.htpasswd
require valid-user
Require expr %{REQUEST_URI} =~ m#^/.well-known/acme-challenge/.*#
</Directory>
Nginx
- Voeg volgende regels toe aan Nginx
location /.well-known {
root /var/www/vhosts/WEB/ROOT;
index index.html index.htm index.php;
}
- Controleer DNS lijst domeinen:
while read LINE;
do
echo $LINE >> list_processed.txt && dig +short @9.9.9.9 $LINE >> list_processed.txt;
done < list.txt
- (WIP)
#!/bin/bash
#IP=<%= @default_ipadress %>
IP=$(dig +short @9.9.9.9 $(hostname))
FILE=$1
while read LINE
do
CHK=$(dig +short @9.9.9.9 $LINE)
if $IP -eq $CHK
echo "$LINE|$CHK" >> /tmp/le-ok
elif
echo "$LINE|$CHK" >> /tmp/le-nok
fi
done < $FILE
echo "Domains OK:"
echo /tmp/le-ok | column
echo "-------------------------------"
echo "Domains NOT OK:"
echo /tmp/le-nok | column
rm -rf /tmp/le-ok
rm -rf /tmp/le-nok