Projekt

Allgemein

Profil

Aufgabe #1642

Von PaulRiegel vor mehr als 1 Jahr aktualisiert

@pkg ins -y py39-certbot-apache@ 
 <pre></pre> 
 <pre> 
 =====                                                       
 Message from python39-3.9.16_2: 
                                                                                                                      
 --                  
 Note that some standard Python modules are provided as separate ports 
 as they require additional dependencies. They are available as: 

 py39-gdbm         databases/py-gdbm@py39              
 py39-sqlite3      databases/py-sqlite3@py39 
 py39-tkinter      x11-toolkits/py-tkinter@py39       
 =====                  
 Message from py39-urllib3-1.26.14,1: 

 -- 
 Since version 1.25 HTTPS connections are now verified by default which is done 
 via "cert_reqs = 'CERT_REQUIRED'".    While certificate verification can be 
 disabled via "cert_reqs = 'CERT_NONE'", it's highly recommended to leave it on. 

 Various consumers of net/py-urllib3 already have implemented routines that 
 either explicitly enable or disable HTTPS certificate verification (e.g. via 
 configuration settings, CLI arguments, etc.). 

 Yet it may happen that there are still some consumers which don't explicitly 
 enable/disable certificate verification for HTTPS connections which could then 
 lead to errors (as is often the case with self-signed certificates). 

 In case of an error one should try first to temporarily disable certificate 
 verification of the problematic urllib3 consumer to see if that approach will 
 remedy the issue. 
 ===== 
 Message from py39-certbot-2.4.0,1: 

 -- 
 This port installs the "standalone" client only, which does not use and 
 is not the certbot-auto bootstrap/wrapper script. 

 The simplest form of usage to obtain certificates is: 

  # sudo certbot certonly --standalone -d <domain>, [domain2, ... domainN]> 

 NOTE: 

 The client requires the ability to bind on TCP port 80 or 443 (depending 
 on the --preferred-challenges option used). If a server is running on that 
 port, it will need to be temporarily stopped so that the standalone server 
 can listen on that port to complete the challenge authentication process. 

 For more information on the 'standalone' mode, see: 

   https://certbot.eff.org/docs/using.html#standalone 
                             
 The certbot plugins to support apache and nginx certificate installation 
 will be made available in the following ports:                                                                         
                                                                                                                      
  * Apache plugin: security/py-certbot-apache                                                                           
  * Nginx plugin: security/py-certbot-nginx                                                                             

 In order to automatically renew the certificates, add this line to 
 /etc/periodic.conf: 
                                                           
     weekly_certbot_enable="YES" 
                                                                                                                      
 More config details in the certbot periodic script: 

     /usr/local/etc/periodic/weekly/500.certbot-3.9 
 </pre> 


 @$EDITOR /usr/local/etc/apache24/httpd.conf@ 
 <pre>…</pre> 

 @$EDITOR /usr/local/etc/apache24/extra/httpd-vhosts.conf@ 
 <pre>…</pre> 

 @certbot --apache --email cert@stura.htw-dresden.de --agree-tos --no-eff-email@ 
 <pre> 
 Saving debug log to /var/log/letsencrypt/letsencrypt.log                                                               
 Unable to read ssl_module file; not disabling session tickets.                        
 Account registered.                                                                                                    
                                                                                                                      
 Which names would you like to activate HTTPS for?                                                                      
 We recommend selecting either all domains, or all domains in a VirtualHost/server block.     
 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -                                        
 1: lists.stura.htw-dresden.de                                                                                          
 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
 Select the appropriate numbers separated by commas and/or spaces, or leave input                 
 blank to select all options shown (Enter 'c' to cancel): c  
 Please specify --domains, or --installer that will help in domain names autodiscovery, or --cert-name for an existing  
 certificate name.                                                                                                      
 Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsen 
 crypt.log or re-run Certbot with -v for more details.                                                                  
 </pre> 
 <pre></pre> 
 <pre></pre> 



 @ls -al /usr/local/libexec/apache24/mod_ssl.so@ 
 <pre> 
 -rwxr-xr-x    1 root    wheel    235840 May 25 04:11 /usr/local/libexec/apache24/mod_ssl.so 
 </pre> 


 @certbot --apache --email cert@stura.htw-dresden.de --agree-tos --no-eff-email --domain lists.stura.htw-dresden.de --domain mail.stura.htw-dresden.de@ 
 <pre> 
 Saving debug log to /var/log/letsencrypt/letsencrypt.log 
 Requesting a certificate for lists.stura.htw-dresden.de and mail.stura.htw-dresden.de 

 Successfully received certificate. 
 Certificate is saved at: /usr/local/etc/letsencrypt/live/lists.stura.htw-dresden.de/fullchain.pem 
 Key is saved at:           /usr/local/etc/letsencrypt/live/lists.stura.htw-dresden.de/privkey.pem 
 This certificate expires on 2023-08-31. 
 These files will be updated when the certificate renews. 

 Deploying certificate 
 Successfully deployed certificate for lists.stura.htw-dresden.de to /usr/local/etc/apache24/extra/httpd-vhosts-le-ssl.conf 
 Successfully deployed certificate for mail.stura.htw-dresden.de to /usr/local/etc/apache24/extra/httpd-vhosts-le-ssl.conf 
 Congratulations! You have successfully enabled HTTPS on https://lists.stura.htw-dresden.de and https://mail.stura.htw-dresden.de 

 NEXT STEPS: 
 - The certificate will need to be renewed before it expires. Certbot can automatically renew the certificate in the background, but you may need to take steps to enable that functionality. See https://certbot.org/renewal-setup for instructions. 

 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
 If you like Certbot, please consider supporting our work by: 
  * Donating to ISRG / Let's Encrypt:     https://letsencrypt.org/donate 
  * Donating to EFF:                      https://eff.org/donate-le 
 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
 </pre> 

 works! 



 @diff /usr/local/etc/apache24/extra/httpd-vhosts.conf_2023-06-04 /usr/local/etc/apache24/extra/httpd-vhosts.conf@ 
 <pre></pre> 
 <pre> 
 > RewriteEngine on 
 > RewriteCond %{SERVER_NAME} =mail.stura.htw-dresden.de [OR] 
 > RewriteCond %{SERVER_NAME} =lists.stura.htw-dresden.de 
 > RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] 
 </pre> 
 <pre></pre> 

 @less /usr/local/etc/apache24/extra/httpd-vhosts-le-ssl.conf@ 
 <pre> 
 <IfModule mod_ssl.c> 
 <VirtualHost *:443> 
    ServerAdmin webmaster@stura.htw-dresden.de 
    DocumentRoot "/usr/local/mailman/lists" 
    ServerName lists.stura.htw-dresden.de 
    ServerAlias mail.stura.htw-dresden.de 
    <Directory /usr/local/mailman/archives/> 
        Options FollowSymLinks 
        AllowOverride None 
    </Directory> 
 ####      vb 
 #     Alias /pipermail/ /usr/local/mailman/archives/public/ 
    Alias /pipermail/ /usr/local/mailman/archives/private/ 
 ####      ve 
    Alias /images/mailman/ /usr/share/images/mailman/ 
    ScriptAlias /admin /usr/local/mailman/cgi-bin/admin 
    ScriptAlias /admindb /usr/local/mailman/cgi-bin/admindb 
    ScriptAlias /confirm /usr/local/mailman/cgi-bin/confirm 
    ScriptAlias /create /usr/local/mailman/cgi-bin/create 
    ScriptAlias /edithtml /usr/local/mailman/cgi-bin/edithtml 
    ScriptAlias /listinfo /usr/local/mailman/cgi-bin/listinfo 
    ScriptAlias /options /usr/local/mailman/cgi-bin/options 
    ScriptAlias /private /usr/local/mailman/cgi-bin/private 
    ScriptAlias /rmlist /usr/local/mailman/cgi-bin/rmlist 
    ScriptAlias /roster /usr/local/mailman/cgi-bin/roster 
    ScriptAlias /subscribe /usr/local/mailman/cgi-bin/subscribe 
    ScriptAlias /mailman/ /usr/local/mailman/cgi-bin/ 
    ScriptAlias / /usr/local/mailman/cgi-bin/listinfo 
    <Directory "/usr/local/mailman"> 
       AllowOverride All 
       Options FollowSymlinks 
       Require all granted 
    </Directory> 
    ErrorLog /var/log/mailman-error.log 
 #     CustomLog /var/log/mailman-access.log combined 


 Include /usr/local/etc/letsencrypt/options-ssl-apache.conf 
 SSLCertificateFile /usr/local/etc/letsencrypt/live/lists.stura.htw-dresden.de/fullchain.pem 
 SSLCertificateKeyFile /usr/local/etc/letsencrypt/live/lists.stura.htw-dresden.de/privkey.pem 
 </VirtualHost> 
 </IfModule> 
 </pre> 

 @less /usr/local/etc/apache24/httpd.conf@ 
 <pre></pre> 
 <pre> 
 <IfModule mod_ssl.c> 
 Listen 443 
 </IfModule> 
 Include /usr/local/etc/apache24/extra/httpd-vhosts-le-ssl.conf 
 </pre> 

 @ 



 @@ 
 $EDITOR /etc/periodic.conf <pre></pre> 
 @ <pre></pre> 


 @@ 
 <pre> 
 weekly_certbot_enable="YES" 
 </pre> 

 -@ 
 $EDITOR /etc/periodic.conf 
 @- 
 <pre> 
 weekly_certbot_enable="YES" 
 weekly_certbot_service="apache24" 
 </pre> 

 @less /usr/local/etc/periodic/weekly/500.certbot-3.9@ 
 <pre></pre> 

 @@ 
 <pre></pre> 


 @@ 
 <pre></pre> 
 <pre></pre> 

Zurück