Pages

Creating an SSL certificate and adding it to Apache

Just a brain dump, will format it latter

https://letsencrypt.org/getting-started/

~/letsencrypt$ sudo ./letsencrypt-auto certonly -d venumurthy.com -d www.venumurthy.com

Congratulations! Your certificate and chain have been saved at
 


https://letsencrypt.org/getting-started/

 /etc/letsencrypt/live/obhiyo.com/fullchain.pem

cert.pem  chain.pem  fullchain.pem  privkey.pem


vim sites-enabled/000-default.conf


<VirtualHost 54.169.00.52:443>

        ServerName www.venumurtyy.com

        ServerAdmin contact@venumurty.com
        DocumentRoot /var/www/venumurthy
        SSLEngine on
        SSLCertificateFile /etc/letsencrypt/live/vm.com/cert.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/vm.com/privkey.pem
        SSLCertificateChainFile /etc/letsencrypt/live/vm.com/fullchain.pem



        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>


vim /etc/apache2/sites-available/default-ssl.conf

                  SSLEngine on

                #   A self-signed (snakeoil) certificate can be created by installing
                #   the ssl-cert package. See
                #   /usr/share/doc/apache2/README.Debian.gz for more info.
                #   If both key and certificate are stored in the same file, only the
                #   SSLCertificateFile directive is needed.
                SSLCertificateFile     /etc/letsencrypt/live/VM.com/cert.pem
                SSLCertificateKeyFile  /etc/letsencrypt/live/VM.com/privkey.pem


                #   Server Certificate Chain:
                #   Point SSLCertificateChainFile at a file containing the
                #   concatenation of PEM encoded CA certificates which form the
                #   certificate chain for the server certificate. Alternatively
                #   the referenced file can be the same as SSLCertificateFile
                #   when the CA certificates are directly appended to the server
                #   certificate for convinience.
                SSLCertificateChainFile /etc/letsencrypt/live/VM.com/chain.pem

                #   Certificate Authority (CA):
                #   Set the CA certificate verification path where to find CA
                #   certificates for client authentication or alternatively one
                #   huge file containing all of them (file must be PEM encoded)
                #   Note: Inside SSLCACertificatePath you need hash symlinks
                #                to point to the certificate files. Use the provided
                #                Makefile to update the hash symlinks after changes.
                #SSLCACertificatePath /etc/ssl/certs/
                SSLCACertificateFile /etc/letsencrypt/live/VM.com/fullchain.pem



sudo a2ensite default-ssl.conf

 service apache2 reload

Very helpful link