Certbot with Apache: Difference between revisions
No edit summary |
|||
| Line 23: | Line 23: | ||
</syntaxhighlight>...and then follow the instructions. Remember, this has to be done on the server that hosts the web site as Certbot and Let's Encrypt require a "challenge" to be answered correctly for a certificate to be obtained. The "challenge" question is a temporary file that certbot places in the directory of the web site (and deletes after the certificate is obtained) for the certificate issuing service to verify one is the owner of the web site. DNS is another method that can be used in the "challenge" process, but it is a bit more complex. | </syntaxhighlight>...and then follow the instructions. Remember, this has to be done on the server that hosts the web site as Certbot and Let's Encrypt require a "challenge" to be answered correctly for a certificate to be obtained. The "challenge" question is a temporary file that certbot places in the directory of the web site (and deletes after the certificate is obtained) for the certificate issuing service to verify one is the owner of the web site. DNS is another method that can be used in the "challenge" process, but it is a bit more complex. | ||
Watch out for Certbot modifying the Apache configuration files, even if one declines the setting change in the "wizard / script". | Watch out for Certbot modifying the Apache configuration files, even if one declines the setting change in the "wizard / script". It creates it's own Apache configuration file (/etc/httpd/conf/httpd-le-ssl.conf) and adds an Include Directive in the httpd.conf file, so effectively it does change modify Apache settings even if it doesn't include a redirect in the HTTP section of a Virtual Server. | ||
===Enabling Automatic Certificate Renewal=== | ===Enabling Automatic Certificate Renewal=== | ||
| Line 35: | Line 35: | ||
I don't know how to categorize these next comments, and I don't want it to sound like I'm criticizing them. I suppose 'funny' might be the best category to put it in, so here goes... It took me several hours to read the documentation, experiment with things, and get a full grip on how everything worked. In the end, I realized that the above "Quick Start" instructions are all that are needed to make things work. | I don't know how to categorize these next comments, and I don't want it to sound like I'm criticizing them. I suppose 'funny' might be the best category to put it in, so here goes... It took me several hours to read the documentation, experiment with things, and get a full grip on how everything worked. In the end, I realized that the above "Quick Start" instructions are all that are needed to make things work. | ||
===Web Server | ===Web Server Configuration=== | ||
The next step is to configure the Apache configuration files with the Certificates, SSL changes, etc. All of this can be done automatically with Certbot (not detailed in this article) or configured manually (as I prefer to do it). | The next step is to configure the Apache configuration files with the Certificates, SSL changes, etc. All of this can be done automatically with Certbot (not detailed in this article) or configured manually (as I prefer to do it). | ||
===Testing=== | ===Testing=== | ||
At the end of the Certbot script when obtaining a certificate, it recommends this website to test the SSL: https://www.ssllabs.com/ssltest | At the end of the Certbot script when obtaining a certificate, it recommends this website to test the SSL: https://www.ssllabs.com/ssltest | ||
=== WordPress Configuration === | |||
Make sure to change any HTTP references in the wp-config file and GUI to HTTPS (or replace http:// with just two forward slashes to accept HTTP and HTTPS) | |||
WordPress makes it hard to switch from HTTP to HTTPS, so try this site to scan for issues: [https://www.whynopadlock.com/results/02d0cc06-1d61- https://www.whynopadlock.com/] | WordPress makes it hard to switch from HTTP to HTTPS, so try this site to scan for issues: [https://www.whynopadlock.com/results/02d0cc06-1d61- https://www.whynopadlock.com/] | ||