Hi, I did it for 3 sites using ownCloud, just a little sooner.
These are the steps I used: 1. Git download git clone https://github.com/letsencrypt/letsencrypt 2. Within the letsencrypt git area ./letsencrypt-auto --help - it downloaded and installed lots and lots of packages I wasn't expecting that :( The following NEW packages will be installed: augeas-lenses binutils cpp cpp-4.9 dh-python dialog gcc gcc-4.9 libasan1 libatomic1 libaugeas0 libc-dev-bin libc6-dev libcilkrts5 libcloog-isl4 libexpat1-dev libffi-dev libgcc-4.9-dev libgomp1 libisl10 libitm1 liblsan0 libmpc3 libmpdec2 libmpfr4 libpython-dev libpython2.7-dev libpython3-stdlib libpython3.4-minimal libpython3.4-stdlib libquadmath0 libssl-dev libtsan0 libubsan0 linux-libc-dev python-chardet-whl python-colorama-whl python-dev python-distlib-whl python-html5lib-whl python-pip-whl python-requests-whl python-setuptools-whl python-six-whl python-urllib3-whl python-virtualenv python2.7-dev python3 python3-minimal python3-pkg-resources python3-virtualenv python3.4 python3.4-minimal virtualenv zlib1g-dev 3. service apache2 stop 4. ./letsencrypt-auto certonly --standalone --email [email protected] -d owncloud.affinityiq.net.au 5. Checked out these notes to get my apache setup correct: https://letsencrypt.readthedocs.org/en/latest/using.html#apache # apachectl -V Server version: Apache/2.4.10 (Debian) Server built: Nov 28 2015 14:05:48 Server's Module Magic Number: 20120211:37 Server loaded: APR 1.5.1, APR-UTIL 1.5.4 Compiled using: APR 1.5.1, APR-UTIL 1.5.4 Architecture: 64-bit Server MPM: prefork threaded: no forked: yes (variable process count) Server compiled with.... -D APR_HAS_SENDFILE -D APR_HAS_MMAP -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) -D APR_USE_SYSVSEM_SERIALIZE -D APR_USE_PTHREAD_SERIALIZE -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT -D APR_HAS_OTHER_CHILD -D AP_HAVE_RELIABLE_PIPED_LOGS -D DYNAMIC_MODULE_LIMIT=256 -D HTTPD_ROOT="/etc/apache2" -D SUEXEC_BIN="/usr/lib/apache2/suexec" -D DEFAULT_PIDLOG="/var/run/apache2.pid" -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" -D DEFAULT_ERRORLOG="logs/error_log" -D AP_TYPES_CONFIG_FILE="mime.types" -D SERVER_CONFIG_FILE="apache2.conf" 6. Install cert and key for my version of apache2 cd /etc/ssl/certs mv owncloud.affinityiq.net.au.crt /root/etc_ssl_certs--owncloud.affinityiq.net.au.crt--old ln -s /etc/letsencrypt/live/owncloud.affinityiq.net.au/fullchain.pem owncloud.affinityiq.net.au.crt cd /etc/ssl/private mv owncloud.affinityiq.net.au.key /root/etc_ssl_private--owncloud.affinityiq.net.au.key--old ln -s /etc/letsencrypt/live/owncloud.affinityiq.net.au/privkey.pem owncloud.affinityiq.net.au.key 7. service apache2 start I also added the following to my apache config file: SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA SSLProtocol All -SSLv2 -SSLv3 SSLCompression off SSLHonorCipherOrder On And this to the http version of the conf file for redirection: RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{SERVER_NAME}/ [R,L] Got an A+ here: https://www.ssllabs.com/ssltest/analyze.html?d=owncloud.affinityiq.net.au Then I did a lather, rinse, repeat for a couple of other domain names on the same server. Each time, I used a different email address; wasn't sure what it would do, but everything worked just fine. Will likely do manual cert creation from that server for other servers that need certs soon and stop using my self signed CA and certs. So far, I've only got three websites set up and only for ownCloud instances. This was the reference for the cipher setup: https://www.howtoforge.com/tutorial/how-to-setup-intermediate-compatible-ssl-website-with-letsencrypt-certificate/ Kind Regards AndrewM _______________________________________________ luv-main mailing list [email protected] http://lists.luv.asn.au/listinfo/luv-main
