Apache:Creazione di un certificato SSL per Apache con Certbot
Indice
Apache on Debian 8 (jessie)
Estratto da : https://certbot.eff.org/lets-encrypt/debianjessie-apache
1. Remove packaged Certbot installation
We previously recommended that Debian 8 (jessie) users install Certbot from the packaged version. Because of important updates in the Certbot code, we are now recommending that Debian 8 users switch to the certbot-auto method, described below.
Run this command on the command line on the machine to remove previous installations of Certbot. If Certbot has never been installed, the command will not do anything.
sudo apt-get remove certbot
2. Install Certbot
Run these commands on the command line on the machine to install Certbot.
wget https://dl.eff.org/certbot-auto sudo mv certbot-auto /usr/local/bin/certbot-auto sudo chown root /usr/local/bin/certbot-auto sudo chmod 0755 /usr/local/bin/certbot-auto
3. Choose how you'd like to run Certbot
Either get and install your certificates...
Run this command to get a certificate and have Certbot edit your Apache configuration automatically to serve it, turning on HTTPS access in a single step.
sudo /usr/local/bin/certbot-auto --apache
chiede:
- l'indirizzo email di supporto
- se abilitare il redirect automatico di ogni pagina da HTTP a HTTPS
Or, just get a certificate
If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, run this command: sudo /usr/local/bin/certbot-auto certonly --apache
4. Set up automatic renewal
We recommend running the following line, which will add a cron job to the default crontab.
echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && /usr/local/bin/certbot-auto renew -q" | sudo tee -a /etc/crontab > /dev/null
5. Confirm that Certbot worked
To confirm that your site is set up properly, visit https://yourwebsite.com/ in your browser and look for the lock icon in the URL bar. If you want to check that you have the top-of-the-line installation, you can head to https://www.ssllabs.com/ssltest/.