Changes

From SME Server
Jump to navigationJump to search
322 bytes added ,  22:36, 6 December 2015
Corrected a couple of paths, formatted text, added backup section
Line 9: Line 9:  
It's main purpose is to allow people to encrypt the internet traffic by a very simple system.
 
It's main purpose is to allow people to encrypt the internet traffic by a very simple system.
   −
The certs delivred must be renew every 3 months.
+
The certs delivered must be renewed every 3 months.
    
== Installation ==
 
== Installation ==
Line 17: Line 17:  
add the 2.7 scl-repository by following : http://wiki.contribs.org/Scl#tab=Python27
 
add the 2.7 scl-repository by following : http://wiki.contribs.org/Scl#tab=Python27
   −
Then : yum install python27 --enablerepo=scl-python27
+
Then:
 
+
yum install python27 --enablerepo=scl-python27
at this time : scl enable python27 bash
+
yum install git
    
To use Let's Encrypt run:
 
To use Let's Encrypt run:
<pre>
+
scl enable python27 bash
mkdir src
+
mkdir /src
cd src
+
cd /src
git clone https://github.com/letsencrypt/letsencrypt.git
+
git clone https://github.com/letsencrypt/letsencrypt.git
cd letsencrypt
+
cd letsencrypt
service httpd-e-smith stop
+
service httpd-e-smith stop
./letsencrypt-auto certonly --standalone --email me@mydomain.co.uk -d test.firstdomain.co.uk -d seconddomain.co.uk -d www.seconddomain.co.uk
+
./letsencrypt-auto certonly --standalone --email me@mydomain.co.uk -d test.firstdomain.co.uk -d seconddomain.co.uk -d www.seconddomain.co.uk
</pre>
      
Replacing email and domains as required.  Then configure SME with the certificates generated:
 
Replacing email and domains as required.  Then configure SME with the certificates generated:
   −
<pre>
+
config setprop modSSL crt /etc/letsencrypt/live/test.firstdomain.co.uk/fullchain.pem
config setprop modSSL crt /etc/letsencrypt/live/test.firstdomain.co.uk/fullchain.pem
+
config setprop modSSL key /etc/letsencrypt/live/test.firstdomain.co.uk/privkey.pem
config setprop modSSL key /etc/letsencrypt/live/test.firstdomain.co.uk/privkey.pem
+
config setprop modSSL CertificateChainFile /etc/letsencrypt/live/test.firstdomain.co.uk/fullchain.pem
config setprop modSSL CertificateChainFile /etc/letsencrypt/live/test.firstdomain.co.uk/fullchain.pem
+
signal-event post-upgrade; signal-event reboot
signal-event post-upgrade; signal-event reboot
  −
</pre>
      
== Renew of the certs ==
 
== Renew of the certs ==
   −
A simple bash to renew cert :
+
A simple script to renew cert :
 +
 
 +
#!/bin/bash
 +
source /opt/rh/python27/enable
 +
export X_SCLS="`scl enable python27 'echo $X_SCLS'`"
 +
service httpd-e-smith stop
 +
cd /src/letsencrypt
 +
./letsencrypt-auto certonly --standalone --email me@mydomain.co.uk -d test.firstdomain.co.uk -d seconddomain.co.uk -d www.seconddomain.co.uk --renew-by-default
 +
service httpd-e-smith start
 +
 
 +
You may want to set this up as a cron job to run every two months, to make sure your certificate doesn't expire.
 +
 
 +
== Backup ==
 +
Your certificate, private key, and other important information are stored in /etc/letsencrypt, which is not included in the standard SME Server backup routines.  Make sure to add this directory to your backups.
   −
<pre>
  −
#!/bin/bash
  −
source /opt/rh/python27/enable
  −
export X_SCLS="`scl enable python27 'echo $X_SCLS'`"
  −
service httpd-e-smith stop
  −
cd /src/letsencrypt
  −
./letsencrypt-auto certonly --standalone --email me@mydomain.co.uk -d test.firstdomain.co.uk -d seconddomain.co.uk -d www.seconddomain.co.uk --renew-by-default
  −
service httpd-e-smith start
  −
</pre>
  −
----
   
==Source from info==
 
==Source from info==
 
Source: http://forums.contribs.org/index.php/topic,51961.msg266680.html#msg266680
 
Source: http://forums.contribs.org/index.php/topic,51961.msg266680.html#msg266680
 
[[Category:Howto]] [[Category:Security]]
 
[[Category:Howto]] [[Category:Security]]
147

edits

Navigation menu