Certificats SSL amb certbot
Introducció
Ara ja corria pressa que wiki.joanillo.org, www.joanillo.org i les altres aplicacions fossin segures (https). I al final la instal·lació d'un certificat SSL gratis ha sigut prou fàcil.
Instal·lació
Jo tinc Ubuntu 20.04, que ja té el snap preinstal·lat
The snap command lets you install, configure, refresh and remove snaps. Snaps are packages that work across many different Linux distributions, enabling secure delivery and operation of the latest apps and utilities.
3. Ensure that your version of snapd is up to date
Execute the following instructions on the command line on the machine to ensure that you have the latest version of snapd.
$ sudo snap install core; sudo snap refresh core
5. Install Certbot
Run this command on the command line on the machine to install Certbot.
$ sudo snap install --classic certbot certbot 1.23.0 from Certbot Project (certbot-eff✓) installed
6. Prepare the Certbot command
$ sudo ln -s /snap/bin/certbot /usr/bin/certbot
7. Choose how you'd like to run Certbot
Either get and install your certificates... Run this command to get a certificate and have Certbot edit your apache configuration automatically to serve it, turning on HTTPS access in a single step.
$ sudo certbot --apache Which names would you like to activate HTTPS for? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: arthropoda.joanillo.org 2: bdquest.joanillo.org 3: catalunyamagica.joanillo.org 4: dolmens.joanillo.org 5: iesbalmes.joanillo.org 6: jmquintana.joanillo.org 7: langtrainer.joanillo.org 8: nuriaquintana.joanillo.org 9: portfolio.joanillo.org 10: projects.joanillo.org 11: quintana.joanillo.org 12: raimonviaplana.joanillo.org 13: romanic.joanillo.org 14: rutesgps.joanillo.org 15: wiki.joanillo.org 16: wikijoan.joanillo.org 17: www.joanillo.org Requesting a certificate for arthropoda.joanillo.org and 16 more domains Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/arthropoda.joanillo.org/fullchain.pem Key is saved at: /etc/letsencrypt/live/arthropoda.joanillo.org/privkey.pem This certificate expires on 2022-05-10. These files will be updated when the certificate renews. Certbot has set up a scheduled task to automatically renew this certificate in the background. Deploying certificate Successfully deployed certificate for arthropoda.joanillo.org to /etc/apache2/sites-available/arthropoda.joanillo.org-le-ssl.conf Successfully deployed certificate for bdquest.joanillo.org to /etc/apache2/sites-available/bdquest.joanillo.org-le-ssl.conf ... Successfully deployed certificate for wiki.joanillo.org to /etc/apache2/sites-available/wiki.joanillo.org-le-ssl.conf Successfully deployed certificate for wikijoan.joanillo.org to /etc/apache2/sites-available/wikijoan.joanillo.org-le-ssl.conf Successfully deployed certificate for www.joanillo.org to /etc/apache2/sites-available/www.joanillo.org-le-ssl.conf Congratulations! You have successfully enabled HTTPS on https://arthropoda.joanillo.org, https://bdquest.joanillo.org, https://catalunyamagica.joanillo.org, https://dolmens.joanillo.org, https://iesbalmes.joanillo.org, https://jmquintana.joanillo.org, https://langtrainer.joanillo.org, https://nuriaquintana.joanillo.org, https://portfolio.joanillo.org, https://projects.joanillo.org, https://quintana.joanillo.org, https://raimonviaplana.joanillo.org, https://romanic.joanillo.org, https://rutesgps.joanillo.org, https://wiki.joanillo.org, https://wikijoan.joanillo.org, and https://www.joanillo.org
8. Test automatic renewal
The Certbot packages on your system come with a cron job or systemd timer that will renew your certificates automatically before they expire. You will not need to run Certbot again, unless you change your configuration. You can test automatic renewal for your certificates by running this command:
$ sudo certbot renew --dry-run Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/arthropoda.joanillo.org.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Account registered. Simulating renewal of an existing certificate for arthropoda.joanillo.org and 16 more domains - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations, all simulated renewals succeeded: /etc/letsencrypt/live/arthropoda.joanillo.org/fullchain.pem (success) - - - - - - - - - - - - - I ja està, ja funciona: https://wiki.joanillo.org/index.php/Joanillo_mediawiki:_INS_Jaume_Balmes
Ja funciona!
Per defecte, quan faig http:// em redirecciona a https://
creat per Joan Quintana Compte, febrer 2022
