Certificato SSL e https:// nel proprio sito

Hai letto il seguente articolo e adesso desideri che il tuo sito sia visitabile attraverso https://? Ecco come fare:

INSTALLIAMO IL CERTIFICATO SSL

# apt install certbot
# openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
# mkdir -p /var/lib/letsencrypt/.well-known
# chgrp www-data /var/lib/letsencrypt
# chmod g+s /var/lib/letsencrypt

Creaimo il file di configurazione per letsencrypt: # nano /etc/apache2/conf-available/letsencrypt.conf

Alias /.well-known/acme-challenge/ “/var/lib/letsencrypt/.well-known/acme-challenge/”
<Directory “/var/lib/letsencrypt/”>
AllowOverride None
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
Require method GET POST OPTIONS
</Directory>

Creiamo: # nano /etc/apache2/conf-available/ssl-params.conf

SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder On
Header always set Strict-Transport-Security “max-age=63072000; includeSubDomains; preload”
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
# Requires Apache >= 2.4
SSLCompression off
SSLUseStapling on
SSLStaplingCache “shmcb:logs/stapling-cache(150000)”
# Requires Apache >= 2.4.11
SSLSessionTickets Off

SSLOpenSSLConfCmd DHParameters “/etc/ssl/certs/dhparam.pem”

# a2enmod ssl
# a2enmod headers
# a2enconf letsencrypt
# a2enconf ssl-params

# systemctl reload apache2
# certbot certonly --agree-tos --email latua@email.com --webroot -w /var/lib/letsencrypt/ -d rubino.solutions -d www.rubino.solutions

Creiamo: # nano /etc/apache2/sites-available/rubino.solutions.conf

<VirtualHost *:80>
ServerName rubino.solutions
ServerAlias www.rubino.solutions

Redirect permanent / https://rubino.solutions/
</VirtualHost>

<VirtualHost *:443>
ServerName rubino.solutions
ServerAlias www.rubino.solutions

Protocols h2 http:/1.1

<If “%{HTTP_HOST} == ‘www.rubino.solutions'”>
Redirect permanent / https://rubino.solutions/
</If>

DocumentRoot /var/www/rubino.solutions/public_html
ErrorLog ${APACHE_LOG_DIR}/rubino.solutions-error.log
CustomLog ${APACHE_LOG_DIR}/rubino.solutions-access.log combined

SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/rubino.solutions/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/rubino.solutions/privkey.pem

# Other Apache Configuration

</VirtualHost>

editiamo CERTBOT in modo che il certificato si auto-aggiorni man mano che si avvicinano le date di scadenza # nano /etc/cron.d/certbot

aggiungere:

–renew-hook “systemctl reload apache2

alla fine della stringa

Per vedere se funziona:

# certbot renew --dry-run

Ti è piaciuto l’articolo? Per suggerimenti, lavori, proposte, contattami!