{"id":16,"date":"2019-04-29T14:57:48","date_gmt":"2019-04-29T12:57:48","guid":{"rendered":"http:\/\/blog.fresel.at\/?p=16"},"modified":"2022-07-19T14:06:03","modified_gmt":"2022-07-19T12:06:03","slug":"certbot","status":"publish","type":"post","link":"https:\/\/blog.koeckeis-fresel.net\/?p=16","title":{"rendered":"certbot – debian"},"content":{"rendered":"\n
yum install httpd mod_ssl python-certbot-apache<\/strong> -y

firewall-cmd --add-service=http --permanent
firewall-cmd --add-service=https --permanent
systemctl restart firewalld

systemctl enable httpd


\/etc\/letsencrypt\/cli.ini
<\/strong>    #Use a 4096 bit RSA key instead of 2048
    rsa-key-size = 4096
    email = letsencrypt@DOMAIN<\/strong>
    domains = blog.DOMAIN<\/strong>
    must-staple = True
    staple-ocsp = True
<\/strong>    agree-tos = True
    debug = True
EOF<\/strong>

certbot certonly  --apache --config \/etc\/letsencrypt\/cli.ini 

\/etc\/letsencrypt\/options-ssl-apache.conf<\/strong>
    SSLEngine on
    SSLHonorCipherOrder     on
    SSLOptions +StrictRequire
 
    # Always ensure Cookies have \"Secure\" set (JAH 2012\/1)
    Header edit Set-Cookie (?i)^(.*)(;\\s*secure)??((\\s*;)?(.*)) \"$1; Secure$3$4\"

    SSLProtocol             all -SSLv3 -TLSv1 -TLSv1.1
    SSLCipherSuite          ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256

SSLCompression          off
EOF<\/strong>
<\/pre>\n\n\n\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
yum install httpd mod_ssl python-certbot-apache -yfirewall-cmd –add-service=http –permanentfirewall-cmd –add-service=https –permanentsystemctl restart firewalldsystemctl enable httpd\/etc\/letsencrypt\/cli.ini #Use a 4096 bit RSA key instead of 2048 rsa-key-size = 4096 email = letsencrypt@DOMAIN domains = blog.DOMAIN must-staple = True staple-ocsp = True agree-tos = True debug = TrueEOFcertbot certonly –apache –config \/etc\/letsencrypt\/cli.ini \/etc\/letsencrypt\/options-ssl-apache.conf SSLEngine on SSLHonorCipherOrder     on […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"advanced_seo_description":"","jetpack_seo_html_title":"","jetpack_seo_noindex":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[2,3],"tags":[],"class_list":["post-16","post","type-post","status-publish","format-standard","hentry","category-http","category-tls"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_likes_enabled":true,"jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/blog.koeckeis-fresel.net\/index.php?rest_route=\/wp\/v2\/posts\/16","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.koeckeis-fresel.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.koeckeis-fresel.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.koeckeis-fresel.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.koeckeis-fresel.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=16"}],"version-history":[{"count":0,"href":"https:\/\/blog.koeckeis-fresel.net\/index.php?rest_route=\/wp\/v2\/posts\/16\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.koeckeis-fresel.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=16"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.koeckeis-fresel.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=16"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.koeckeis-fresel.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=16"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}