On 26 May 2025 at 7:12, Charles Dennett wrote: Date sent: Mon, 26 May 2025 07:12:44 -0400 Subject: Re: How to setup certs for https access for Fedora 42? To: users@lists.fedoraproject.org From: Charles Dennett <cdenn...@gmail.com> Send reply to: Community support for Fedora users <users@lists.fedoraproject.org>
> On 5/26/25 6:49 AM, Patrick O'Callaghan wrote: > > On Mon, 2025-05-26 at 00:23 -0700, Samuel Sieb wrote: > >> If you want a recognized certificate, you either have to buy one or you > >> can use certbot to get a free one from https://letsencrypt.org/. You > >> need to remember to renew it regularly. I think they're valid for 3 > >> months at a time. That's what I use. > > > > IIRC it's now down to 14 days, but certbot takes care of it > > automatically. > > I use a letsencrypt cert on my personal website. You'll need the > certbot package installed. It includes a timer service that will check > at least once a day for an an expiring cert and automatically renew it > well before it expires. The last one I got was at the end of April and > is good until the end of July. However, as Patrick said, they are > supposedly shortening the time. Mine actually updates the cert a month > before it expires. > > It was quite a while ago when I set it up but I found the instructions > on line and followed them. The installation automatically included > adding the appropriate lines to the Apache config to use the new cert. > I also redirect incoming connection on port 80 to port 443. I don't > recall if the installation added the config line for that or I did it > myself but I suspect the installation took are of it for me. > > In case you're curious the site is http://www.dennett.org. Nothing > exciting. It's my genealogy website. > Getting closer, but still not having success with certbot. Found that my ISP is no longer blocking ports 80 and 443, so have been able to change he server to use them. nmap setzco.dyndns.org -Pn -p 80,443 Starting Nmap 7.92 ( https://nmap.org ) at 2025-05-27 02:35 ChST Nmap scan report for setzco.dyndns.org (182.173.226.48) Host is up (0.20s latency). PORT STATE SERVICE 80/tcp open http 443/tcp open https Nmap done: 1 IP address (1 host up) scanned in 0.29 seconds But running certbot run Saving debug log to /var/log/letsencrypt/letsencrypt.log Please enter the domain name(s) you would like on your certificate (comma and/or space separated) (Enter 'c' to cancel): setzco.dyndns.org Requesting a certificate for setzco.dyndns.org Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80. Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details. Not clear what they mean by Virtual Host? can now bring up page with http://setzco.dyndns.org without the :8081 fine. https://setzco.dyndns.org gives a security error until I add an exception. httpd.conf just has the basic http and https, so not how one is suppose to setup a Virtual Host. Just using /var/www/html Thanks for all the info. Getting closer. > Charlie > -- > _______________________________________________ > users mailing list -- users@lists.fedoraproject.org > To unsubscribe send an email to users-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue +------------------------------------------------------------+ Michael D. Setzer II - Computer Science Instructor (Retired) mailto:mi...@guam.net mailto:msetze...@gmail.com mailto:msetze...@gmx.com Guam - Where America's Day Begins G4L Disk Imaging Project maintainer http://sourceforge.net/projects/g4l/ +------------------------------------------------------------+ -- _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
