github
/
acme.sh
mirror of https://github.com/acmesh-official/acme.sh
1
0
Fork 0
Code Issues Releases Wiki Activity

changed letsecnrypt to fullchain for other ca providers, also removed 2.2 as doesnt exist anymore

master
Simon Smith 2025-04-27 20:51:31 +01:00
parent 4dc86c6fe7
commit 6219df1e1f
1 changed files with 28 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
Deploy-ssl-certs-to-apache-server.md

@ -1,22 +1,22 @@
## 1. run acme.sh to copy the certificates to the correct location on the disk ## 1. run acme.sh to copy the certificates to the correct location on the disk
### 1.1) create a sensible directory to store your apache certificates ### 1.1) create a sensible directory to store your apache certificates
I chose /etc/apache2/2.2/ssl I chose /etc/apache2/ssl
``` ```
mkdir -p /etc/apache2/2.2/ssl mkdir -p /etc/apache2/ssl
``` ```
### 1.2) run acme.sh ### 1.2) run acme.sh
A few notes: A few notes:
* the parameters are stored in the .acme.sh configuration file, so get it right for your system as this file is read when the cron job runs * the parameters are stored in the .acme.sh configuration file, so get it right for your system as this file is read when the cron job runs
* "reloadcmd" is dependent on your operating system, system V Linux systems use the command "service apache2 force-reload", Solaris based systems use "svcadm restart apache22" or similar * "reloadcmd" is dependent on your operating system, system V Linux systems use the command "service apache2 force-reload", Solaris based systems use "svcadm restart apache2" or similar
``` ```
acme.sh --install-cert -d online.domain.com \ acme.sh --install-cert -d online.domain.com \
--cert-file /etc/apache2/2.2/ssl/online.domain.com-cert.pem \ --cert-file /etc/apache2/ssl/online.domain.com-cert.pem \
--key-file /etc/apache2/2.2/ssl/online.domain.com-key.pem \ --key-file /etc/apache2/ssl/online.domain.com-key.pem \
--fullchain-file /etc/apache2/2.2/ssl/letsencrypt.pem \ --fullchain-file /etc/apache2/ssl/fullchain.pem \
--reloadcmd "service apache2 force-reload" --reloadcmd "service apache2 force-reload"
``` ```
@ -25,10 +25,27 @@ acme.sh --install-cert -d online.domain.com \
There are so many ways to do this, it would take a long list to write every variant, however the specific codes you will need to set in your httpd.conf (or ssl.conf, or httpd-ssl.conf) are: There are so many ways to do this, it would take a long list to write every variant, however the specific codes you will need to set in your httpd.conf (or ssl.conf, or httpd-ssl.conf) are:
``` ```
SSLCertificateFile /etc/apache2/2.2/ssl/online.domain.com-cert.pem SSLCertificateFile /etc/apache2/ssl/online.domain.com-cert.pem
SSLCertificateKeyFile /etc/apache2/2.2/ssl/online.domain.com-key.pem SSLCertificateKeyFile /etc/apache2/ssl/online.domain.com-key.pem
SSLCertificateChainFile "/etc/apache2/2.2/ssl/letsencrypt.pem" SSLCertificateChainFile "/etc/apache2/ssl/fullchain.pem"
SSLCACertificatePath "/etc/apache2/2.2/ssl/" SSLCACertificatePath "/etc/apache2/ssl/"
SSLCACertificateFile "/etc/apache2/2.2/ssl/letsencrypt.pem" SSLCACertificateFile "/etc/apache2/ssl/fullchain.pem"
```
**Full sample apache ssl config**
```
<VirtualHost *:443>
ServerAdmin online@domain.com
ServerName online.domain.com
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/onlinedomaincom-ssl-error.log
CustomLog ${APACHE_LOG_DIR}/onlinedomaincom-ssl-access.log combined
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/online.domain.com-cert.pem
SSLCertificateKeyFile /etc/apache2/ssl/online.domain.com-key.pem
SSLCertificateChainFile "/etc/apache2/ssl/fullchain.pem"
SSLCACertificatePath "/etc/apache2/ssl/"
SSLCACertificateFile "/etc/apache2/ssl/fullchain.pem"
</VirtualHost>
``` ```