Installation de Let’s Encrypt sous Apache2

Installation de Let’s Encrypt sous Apache2.

La procédure se déroule sous l’utilisateur ‘root‘.

1/ Installation de Apache2.

root@serverdia:/home/admin# apt-get install apache2

2/ Installation de ‘certbot‘ pour Let’s Encrypt.

root@serverdia:/home/admin# apt-get install python-certbot-apache 

3/ Arrêt du serveur Apache2.

root@serverdia:/home/admin# service apache2 stop

4/ Génération des fichiers Let’s Encrypt.

root@serverdia:/home/admin# certbot certonly --standalone

5/ Activation des modules Apache2.

root@serverdia:/home/admin# a2enmod rewrite
root@serverdia:/home/admin# a2enmod proxy
root@serverdia:/home/admin# a2enmod proxy_http
root@serverdia:/home/admin# a2enmod headers
root@serverdia:/home/admin# a2enmod ssl
root@serverdia:/home/admin# a2enmod proxy_balancer
root@serverdia:/home/admin# a2enmod lbmethod_byrequests

6/ Configuration des hôtes virtuels.

Ouvrir :

/etc/apache2/sites-enabled/000-default.conf

Tout supprimer.

Ajouter :

<VirtualHost *:80>

    ServerName les-sardines.hackardennes.com

    RewriteEngine on
    RewriteCond %{HTTPS} !on
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

</VirtualHost>

<VirtualHost *:443>

    ServerName les-sardines.hackardennes.com

    DocumentRoot /var/www/html

    <Directory /var/www/html>
        Options -Indexes
        AllowOverride all
        Order allow,deny
        allow from all
    </Directory>

    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/les-sardines.hackardennes.com/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/les-sardines.hackardennes.com/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/les-sardines.hackardennes.com/chain.pem
    SSLProtocol all -SSLv2 -SSLv3
    SSLHonorCipherOrder on
    SSLCompression off
    SSLOptions +StrictRequire
    SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"

    LogLevel warn
    ErrorLog ${APACHE_LOG_DIR}/les-sardines.hackardennes.com-error.log
    CustomLog ${APACHE_LOG_DIR}/les-sardines.hackardennes.com-access.log combined

</VirtualHost>

7/ Vérification de la configuration Apache2.

root@serverdia:/home/admin# apachectl configtest

8/ Redémarrage de Apache2.

root@serverdia:/home/admin# systemctl restart apache2

9/ Test.

https://les-sardines.hackardennes.com/

10/ Liens.

https://www.memoinfo.fr/tutoriels-linux/configurer-lets-encrypt-apache/
http://rockstarninja.labak.xyz/installation-du-reseau-social-diaspora-sous-debian-8-avec-apache2-support-lets-encrypt-et-mysql/

août 11, 2018