Scribd
Upload
60 views18 pages

Criar Certificado Autoassinado Letsencript

This document provides steps to secure an Apache web server on Ubuntu 18.04 using Let's Encrypt certificates. It includes instructions to install Certbot and the Apache plugin, edit the Apache configuration file to add the server name and aliases, reload Apache and configure ufw firewall rules to allow HTTPS traffic, and use Certbot to obtain and automatically renew the SSL/TLS certificates.

Uploaded by

César Novoa
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
60 views18 pages

Criar Certificado Autoassinado Letsencript

This document provides steps to secure an Apache web server on Ubuntu 18.04 using Let's Encrypt certificates. It includes instructions to install Certbot and the Apache plugin, edit the Apache configuration file to add the server name and aliases, reload Apache and configure ufw firewall rules to allow HTTPS traffic, and use Certbot to obtain and automatically renew the SSL/TLS certificates.

Uploaded by

César Novoa
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 18

How To Secure Apache with Let's Encrypt on Ubuntu 18.04 | DigitalOcean https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubu...

1 of 18 06/07/2022 23:30
How To Secure Apache with Let's Encrypt on Ubuntu 18.04 | DigitalOcean https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubu...

your_domain
www. your_domain

/etc/apache2/sites-available
/ your_domain .conf

2 of 18 06/07/2022 23:30
How To Secure Apache with Let's Encrypt on Ubuntu 18.04 | DigitalOcean https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubu...

certbot python3-certbot-apache

$ sudo apt install certbot python3-certbot-apache

Y ENTER

certbot

ServerName ServerAlias VirtualHost

/etc/apache2/sites-available/ your_domain .conf


ServerName

nano

$ sudo nano /etc/apache2/sites-available/ your_domain .conf

ServerName ServerAlias

...
ServerName your_domain ;
SeverAlias www.your_domain

3 of 18 06/07/2022 23:30
How To Secure Apache with Let's Encrypt on Ubuntu 18.04 | DigitalOcean https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubu...

...

ServerName ServerAlias
nano CTRL + X Y ENTER

$ sudo apache2ctl configtest

Syntax OK

$ sudo systemctl reload apache2

$ sudo ufw status

80

Output
Status: active

4 of 18 06/07/2022 23:30
How To Secure Apache with Let's Encrypt on Ubuntu 18.04 | DigitalOcean https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubu...

To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
Apache ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
Apache (v6) ALLOW Anywhere (v6)

Apache Full

$ sudo ufw allow 'Apache Full'

Apache

$ sudo ufw delete allow 'Apache'

$ sudo ufw status

Output
Status: active

To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
Apache Full ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
Apache Full (v6) ALLOW Anywhere (v6)

5 of 18 06/07/2022 23:30
How To Secure Apache with Let's Encrypt on Ubuntu 18.04 | DigitalOcean https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubu...

$ sudo certbot --apache

Output
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): you@your_domain

ENTER
A ENTER

Output
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

N Y
ENTER

Output
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N

6 of 18 06/07/2022 23:30
How To Secure Apache with Let's Encrypt on Ubuntu 18.04 | DigitalOcean https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubu...

ServerName ServerAlias

ENTER

ENTER

Output
Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: your_domain
2: your_domain
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):

Output
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for your_domain
http-01 challenge for your_domain
Enabled Apache rewrite module
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/apache2/sites-available/ your_domain -le-ssl.conf
Enabled Apache socache_shmcb module
Enabled Apache ssl module
Deploying Certificate to VirtualHost /etc/apache2/sites-available/ your_domain -le-ssl.conf
Enabling available site: /etc/apache2/sites-available/ your_domain -le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/ your_domain -le-ssl.conf

2 1

7 of 18 06/07/2022 23:30
How To Secure Apache with Let's Encrypt on Ubuntu 18.04 | DigitalOcean https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubu...

Output
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2

Output
Congratulations! You have successfully enabled https:// your_domain
and your_domain

You should test your configuration at:


https://www.ssllabs.com/ssltest/analyze.html?d= your_domain
https://www.ssllabs.com/ssltest/analyze.html?d= your_domain
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/ your_domain /fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/ your_domain /privkey.pem
Your cert will expire on 2022-03-07. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate


Donating to EFF: https://eff.org/donate-le

https://

8 of 18 06/07/2022 23:30
How To Secure Apache with Let's Encrypt on Ubuntu 18.04 | DigitalOcean https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubu...

certbot
/etc/cron.d systemctl certbot.timer

$ sudo systemctl status certbot.timer

Output
● certbot.timer - Run certbot twice daily
Loaded: loaded (/lib/systemd/system/certbot.timer; enabled; vendor preset: en
Active: active (waiting) since Tue 2021-12-07 20:04:42 UTC; 1h 45min ago
Trigger: Wed 2021-12-08 11:22:45 UTC; 13h left

Dec 07 20:04:42 encrypt systemd[1]: Started Run certbot twice daily.

certbot

$ sudo certbot renew --dry-run

9 of 18 06/07/2022 23:30
How To Secure Apache with Let's Encrypt on Ubuntu 18.04 | DigitalOcean https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubu...

certbot

systemctl

10 of 18 06/07/2022 23:30
How To Secure Apache with Let's Encrypt on Ubuntu 18.04 | DigitalOcean https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubu...

The following packages have unmet dependencies:


python-certbot-apache : Depends: python3-certbot-apache but it is not going to be installed
E: Unable to correct problems, you have held broken packages.

sudo add-apt-repository universe

12 of 18 06/07/2022 23:30
How To Secure Apache with Let's Encrypt on Ubuntu 18.04 | DigitalOcean https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubu...

LoadModule ssl_module modules/mod_ssl.so

<VirtualHost *:443>
ServerAdmin [email protected]
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/example.com/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/www.example.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.example.org/privkey.pem
</VirtualHost>

13 of 18 06/07/2022 23:30
How To Secure Apache with Let's Encrypt on Ubuntu 18.04 | DigitalOcean https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubu...

14 of 18 06/07/2022 23:30
How To Secure Apache with Let's Encrypt on Ubuntu 18.04 | DigitalOcean https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubu...

Servername yourdomain Servername $domain

ufw
status

15 of 18 06/07/2022 23:30
How To Secure Apache with Let's Encrypt on Ubuntu 18.04 | DigitalOcean https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubu...

16 of 18 06/07/2022 23:30
How To Secure Apache with Let's Encrypt on Ubuntu 18.04 | DigitalOcean https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubu...

17 of 18 06/07/2022 23:30
How To Secure Apache with Let's Encrypt on Ubuntu 18.04 | DigitalOcean https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubu...

18 of 18 06/07/2022 23:30

You might also like