This page (revision-50) was last changed on 24-Apr-2023 15:25 by Harry Metske

This page was created on 23-Apr-2022 17:05 by Harry Metske

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note
50 24-Apr-2023 15:25 12 KB Harry Metske to previous
49 21-May-2022 08:40 11 KB Harry Metske to previous | to last
48 23-Apr-2022 19:00 11 KB Harry Metske to previous | to last
47 23-Apr-2022 18:56 10 KB Harry Metske to previous | to last
46 23-Apr-2022 18:14 10 KB Harry Metske to previous | to last
45 23-Apr-2022 17:48 10 KB Harry Metske to previous | to last
44 23-Apr-2022 17:46 10 KB Harry Metske to previous | to last
43 23-Apr-2022 17:06 10 KB Harry Metske to previous | to last
42 23-Apr-2022 17:05 9 KB Harry Metske to previous | to last
41 23-Apr-2022 17:05 9 KB Harry Metske to previous | to last

Page References

Incoming links Outgoing links
Raspberry Pi setup...nobody
Raspberry Pi setup

Version management

Difference between version and

At line 121 changed one line
!! Openssl generate signed server cert
!! Openssl generate signed server cert (or letsencrypt, see next chapter)
At line 165 added 26 lines
!! Letsencrypt
The certbot command has already been installed. \\
First prepare:
{{{
certbot --apache -d www.computerhok.nl
}}}
First open up firewall, because letsencrypt comes in to verify: {{iptables -F}}
Then do a dry-run:
{{{
certbot --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a webroot --cert-name 'www.computerhok.nl' --webroot-path /var/www/ -d 'www.computerhok.nl' --keep-until-expiring --email harry.metske@gmail.com --dry-run
}}}
If this succeeds, we can do the real one:
{{{
iptables -F
certbot --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a webroot --cert-name 'www.computerhok.nl' --webroot-path /var/www/ -d 'www.computerhok.nl' --keep-until-expiring --email harry.metske@gmail.com
}}}
Then edit {{/etc/apache2/sites-enabled/005-www.computerhok.nl.conf}} and adjust the {{SSLCertificateKeyFile} and the {{SSLCertificateFile}} to the right location at \\{{/etc/letsencrypt/live/www.computerhok.nl/privkey.pem}} and \\{{/etc/letsencrypt/live/www.computerhok.nl/fullchain.pem}}
Then restart apache with {{systemctl restart apache2}}, and do not forget to close down the firewall again with {{/home/pi/iptables-setup.sh}}, check the results with {{iptables -vnL}}
This page (revision-50) was last changed on 24-Apr-2023 15:25 by Harry MetskeTop