Let's Encrypt

Let’s Encrypt:

  • Aanmaken / vernieuwen certificaat:
/opt/letsencrypt/letsencrypt-auto certonly
	--expand
	---email support@domain.tld
	--agree-tos
	--webroot
	-w /var/www/vhosts/WEB/ROOT
	-d domain.tld
	-d domainalias.tld
	--dry-run
/bin/certbot
	--text
	--agree-tos
	--non-interactive
	certonly
	-a 	webroot
	--webroot-path 	/var/www/vhosts/WEB/ROOT
	-d 	domain.tld
	-d 	domainalias.tld
	--dry-run

--dry-run om het aanmaken te testen.

Apache / httpd

  • (1) Voeg volgende regels toe aan de apache config:
Alias /.well-known /var/www/vhosts/letsencrypt/.well-known
<Directory /var/www/vhosts/letsencrypt/.well-known>
  order allow,deny
  allow from all
  satisfy any
</Directory>
  • Of (2) voeg volgende regels toe aan .htaccess:
<IfModule mod_rewrite.c>    
  RewriteEngine on
  #Allow Let's Encrypt SSL renewal
  RewriteRule ^.well-known/ - [L,NC]
  RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/
  RewriteRule ^/?(.*)        https://%{SERVER_NAME}/$1 [R=301,L]
  • Combineer Basic Auth met Let’s Encrypt:
    Dit moet je bekijken ale een if/else. (Ofwel valid-user ofwel REQUEST_URI)
      <Directory /var/www/vhosts/WEB/ROOT>
        AuthType Basic
        AuthName protected
        AuthUserFile /etc/httpd/passwd/phpmyadmin.htpasswd
        require valid-user
        Require expr %{REQUEST_URI} =~ m#^/.well-known/acme-challenge/.*#
      </Directory>

Nginx

  • Voeg volgende regels toe aan Nginx
  location /.well-known {
    root      /var/www/vhosts/WEB/ROOT;
    index     index.html index.htm index.php;
  }

-

  • Controleer DNS lijst domeinen:
while read LINE;
do
	echo $LINE >> list_processed.txt && dig +short @9.9.9.9 $LINE >> list_processed.txt;
done < list.txt
  • (WIP)
#!/bin/bash

#IP=<%= @default_ipadress %>
IP=$(dig +short @9.9.9.9 $(hostname))
FILE=$1

while read LINE
do
	CHK=$(dig +short @9.9.9.9 $LINE)
	if $IP -eq $CHK
		echo "$LINE|$CHK" >> /tmp/le-ok
	elif
		echo "$LINE|$CHK" >> /tmp/le-nok
	fi
done < $FILE

echo "Domains OK:"
echo /tmp/le-ok | column
echo "-------------------------------"
echo "Domains NOT OK:"
echo /tmp/le-nok | column

rm -rf /tmp/le-ok
rm -rf /tmp/le-nok
More Reading
Older// MySQL Tuner
comments powered by Disqus