# Let's encrypt

# Installation avec apache2

Je passe l'installation d'Apache2...

On active le SSL et le Rewrite:

a2enmod ssl 
a2enmod rewrite
systemctl restart apache2

Maintenant on installe certbot comme conseillé par let's encrypt

apt-get update
apt-get -y install certbot

certbot certonly --webroot --webroot-path /var/www/monsite.tld/ --domain monsite.tld --domain www.monsite.tld --email mon@email.com

Renouveler les certificats:

certbot renew

configuration d'apache:

<VirtualHost *:80>

    ServerName monsite.tld
    ServerAlias www.monsite.tld

    RewriteEngine on
    RewriteCond %{HTTPS} !on
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

</VirtualHost>

<VirtualHost *:443>

    ServerName monsite.tld
    ServerAlias www.monsite.tld

    DocumentRoot /var/www/monsite.tld

    <Directory /var/www/monsite.tld>
        Options -Indexes
        AllowOverride all
        Order allow,deny
        allow from all
    </Directory>

    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/monsite.tld/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/monsite.tld/privkey.pem
    

    LogLevel warn
    ErrorLog ${APACHE_LOG_DIR}/monsite.tld-error.log
    CustomLog ${APACHE_LOG_DIR}/monsite.tld-access.log combined

</VirtualHost>

# Renouvellement!

Quand ? tous les trois mois! La date de départ?

certbot certificates

La commande manuelle?

certbot renew

Une version a mettre dans un cron 😄

certbot renew --pre-hook "service apache2 stop" --post-hook "service apache2 start" -q

le -q c'est pour quiet, on peut l'enlever 😄

← Good Practices: /Debian/ →