Creating an SSL certificate and adding it to Apache

-
Just a brain dump, will format it latter

https://letsencrypt.org/getting-started/

~/letsencrypt$ sudo ./letsencrypt-auto certonly -d venumurthy.com -d www.venumurthy.com

Congratulations! Your certificate and chain have been saved at
 


https://letsencrypt.org/getting-started/

 /etc/letsencrypt/live/obhiyo.com/fullchain.pem

cert.pem  chain.pem  fullchain.pem  privkey.pem


vim sites-enabled/000-default.conf


<VirtualHost 54.169.00.52:443>

        ServerName www.venumurtyy.com

        ServerAdmin contact@venumurty.com
        DocumentRoot /var/www/venumurthy
        SSLEngine on
        SSLCertificateFile /etc/letsencrypt/live/vm.com/cert.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/vm.com/privkey.pem
        SSLCertificateChainFile /etc/letsencrypt/live/vm.com/fullchain.pem



        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>


vim /etc/apache2/sites-available/default-ssl.conf

                  SSLEngine on

                #   A self-signed (snakeoil) certificate can be created by installing
                #   the ssl-cert package. See
                #   /usr/share/doc/apache2/README.Debian.gz for more info.
                #   If both key and certificate are stored in the same file, only the
                #   SSLCertificateFile directive is needed.
                SSLCertificateFile     /etc/letsencrypt/live/VM.com/cert.pem
                SSLCertificateKeyFile  /etc/letsencrypt/live/VM.com/privkey.pem

                #   Server Certificate Chain:
                #   Point SSLCertificateChainFile at a file containing the
                #   concatenation of PEM encoded CA certificates which form the
                #   certificate chain for the server certificate. Alternatively
                #   the referenced file can be the same as SSLCertificateFile
                #   when the CA certificates are directly appended to the server
                #   certificate for convinience.
                SSLCertificateChainFile /etc/letsencrypt/live/VM.com/chain.pem

                #   Certificate Authority (CA):
                #   Set the CA certificate verification path where to find CA
                #   certificates for client authentication or alternatively one
                #   huge file containing all of them (file must be PEM encoded)
                #   Note: Inside SSLCACertificatePath you need hash symlinks
                #                to point to the certificate files. Use the provided
                #                Makefile to update the hash symlinks after changes.
                #SSLCACertificatePath /etc/ssl/certs/
                SSLCACertificateFile /etc/letsencrypt/live/VM.com/fullchain.pem



sudo a2ensite default-ssl.conf

 service apache2 reload

Very helpful link




Popular posts from this blog

Learning OpenStack - The Easy Way

-
Image
Dear Friends, Our Dream has come true! It takes 9 months for a mother to bring another life. That is the amount of time it has taken me to demystify the otherwise terse and abstract cloud computing concepts. And thanks to Packt Publishing I for helping me impart this knowledge in the most engaging way. The Full video course is out you can get more details about it here . You can get more details about the course here without registering. The Overview video is out for all. It was a tough negotiation with publisher to give out this valuable video for free I hope that it will get you started on your "Infrastructure as Code" journey. Three points I would like to share, which might help you are:- People are watching us! Packt publishing approached me watching the screencasts I had posted on Youtube. (Which until then I was certain that nobody was watching). Good news is Video course royalty is 3 times that of a book! Bad news is because its 3 times the...
Read more

Vagrant on steroids

-
Image
Source This is our life when we are working on automating some really complicated machine building and provisioning procedures. I.e. while developing the playbooks in Ansible, or CookBooks in Chef or manifests in Puppet. It is not easy to fail faster and fix early as the script might have to download all the dependencies again and again. Adding to all the odds, it could be that the dependencies are being downloaded on a low bandwidth. Even though Vagrant makes bringing up VM and their management faster, the provisioning (using Ansible, Chef or Puppet or etc) might take inordinately long times when it involves, and it usually does involve downloading packages on the VMs. And it gets painful when you have to download a full stack of several libraries to test your VM. To help overcome this issue, we can use the following to cache the dependencies and test the configuration scripts or recipes faster, the following should set you up (assuming you have vagrant already installe...
Read more