Situatie
Vreti sa obtineti un certificat SSL gratuit.Mai jos regasiti pasii pe care trebuie sa ii parcurgeti pentru a obtine un certificat SSL gratuit.
Solutie
Am sa va prezint 2 metode simple de a obtine un certificat SSL gratuit:
- In cazul in care aveti un VPS cu acces root puteti utiliza https://certbot.eff.org/
- In cazul in care nu aveti VPS, ci aveti webhost de la o anume firma cu control panel, puteti utiliza https://www.sslforfree.com/ pentru a genera fisierele necesare pentru activarea SSL.
Utilizarea celei de a 2-a metoda este foarte simpla, iar pe site este explicat pas cu pas, asa ca vom sari peste explicarea metodei de utilizare a acestui site.
In schimb pentru prima metoda, cea cu VPS-ul vom explica (in cazul meu pe un VPS CentOS 7.3):
Prima data, vom instala generatorul de certificate si vom actualiza sistemul executand urmatoarea comanda:
yum –yupdate; yum –y install yum–utils; yum–config–manager —enable rhui–REGION–rhel–server–extras rhui–REGION–rhel–server–optional; yum –y install epel–release epel* yum–utils httpd mod_ssl; yum –y install python–certbot–apache; yum –y installcertbot;
Acum, vom merge sa editam fisierul de configuratie al mod_ssl deoarece este posibil ca atunci cand aveti mai multe site-uri pe acelasi IP sa genereze probleme, si vom face in asa fel incat fiecare site sa aiba propria configuratie in fisierulapache , respectiv in vhost pentru a rezolva problema cu suprascrierea configuratiei SSL.
Mergem si stergem continutul fisierului /etc/httpd/conf.d/ssl.conf dupa care il inlocuim cu acesta:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
#
# When we also provide SSL we have to listen to the
# the HTTPS port in addition.
#
Listen 443 https
##
## SSL Global Context
##
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts.
##
# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin’ is a internal
# terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog exec:/usr/libexec/httpd–ssl–pass–dialog
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
SSLSessionCache shmcb:/run/httpd/sslcache(512000)
SSLSessionCacheTimeout 300
# Pseudo Random Number Generator (PRNG):
# Configure one or more sources to seed the PRNG of the
# SSL library. The seed data should be of good random quality.
# WARNING! On some platforms /dev/random blocks if not enough entropy
# is available. This means you then cannot use the /dev/random device
# because it would lead to very long connection times (as long as
# it requires to make more entropy available). But usually those
# platforms additionally provide a /dev/urandom device which doesn’t
# block. So, if available, use this one instead. Read the mod_ssl User
# Manual for more details.
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random 512
#SSLRandomSeed connect file:/dev/random 512
#SSLRandomSeed connect file:/dev/urandom 512
#
# Use “SSLCryptoDevice” to enable any supported hardware
# accelerators. Use “openssl engine -v” to list supported
# engine names. NOTE: If you enable an accelerator and the
# server does not start, consult the error logs and ensure
# your accelerator is functioning properly.
#
SSLCryptoDevice builtin
#SSLCryptoDevice ubsec
##
## SSL Virtual Host Context
##
|
Acum, va voi prezenta comanda pentru generarea de certificate SSL: certbot —apache –d SITE –d www.SITE;
Inlocuim in comanda de mai sus SITE cu numele domeniului, spre exemplu: site.ro
Acum tot ce mai trebuie sa facem este sa mergem si sa editam fisierul /etc/httpd/conf/httpd.conf si sa adaugam urmatorul cod la sfarsitul fisierului:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
<VirtualHost *:80>
ServerName SITE
ServerAlias www.SITE
DocumentRoot DIRECTOR_SITE
ErrorLog LOCATIE_PENTRU_LOG_EROARE
</VirtualHost>
<VirtualHost *:443>
ServerName SITE
ServerAlias www.SITE
DocumentRoot DIRECTOR_SITE
ErrorLog LOCATIE_PENTRU_LOG_EROARE/error.log
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/SITE/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/SITE/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/SITE/chain.pem
</VirtualHost>
|
Inlocuim in codul de mai sus SITE cu numele domeniului, spre exemplu: site.ro; DIRECTOR_SITE cu calea catre directorul site-ului, ex: /var/www/site1; LOCATIE_PENTRU_LOG_EROARE cu calea catre directorul unde dorim sa fie salvate rapoartele de eroare, ex: /var/www/site1;
Pentru a reinoi certificatele utilizam comanda: certbot renew;
Leave A Comment?