I have a problem, yesterday i create certificate with let's encrypt on my ec2 instance. Now i want to use them o my site, but i don't know how i can proceed. Have you any suggestions?
I tried to do this but i hadn't any results:
https://www.paulwakeford.info/2015/11/24/letsencrypt/
than, after using webroot plugin on let's encrypt, i install mod_ssl.so on my istance, i edit my security group and enable https on port 443 and than i modify my httpd.conf right here:
<VirtualHost *:443>
DocumentRoot /var/www/my-domain
ServerName my-domain.com
SSLEngine on
SSLCertificateFile "/etc/letsencrypt/live/my-domain/cert.pem"
SSLCertificateKeyFile "/etc/letsencrypt/live/my-domain/privkey.pem"
SSLCertificateChainFile "/etc/letsencrypt/live/my-domain/chain.pem"
<Directory /var/www/my-domain>
AllowOverride All
</Directory>
</VirtualHost>
Have you any suggestions?
The tutorial you pointed out uses SSL certificate to Cloudfront distribution, a CDN. Are your using Cloudfront? Because if you are using you need to set certificate on the distribution (and maybe to apache server too), otherwise on the apache server.
Try this look into:
Enabling SSL on apache instance on EC2
and
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/SSL-on-an-instance.html
For the last, forget about "getting certificate" as you already have one issued by Lets Encrypt.
Related
I've got a site that I'm doing a mobile app for that needs a new SSL cert installed. The new SSL certs have been purchased from GoDaddy, but I'm unsure as to which type to download as or how/where to even upload them.
Could someone give me a simple guide?
The site is hosted on EC2 and I can successfully ssh in using CyberDuck so far.
I've downloaded the GoDaddy certificates for Apache, so I have two .crt files:
1e7e53489b5d43db.crt
gd_bundle-g2-g1.crt
Help would be much appreciated.
Thanks.
Under /etc/apache2/sites-available you should have the config file for the VirtualHost you are using. Such file should look like this:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin youremail#example.com
ServerName example.com
SSLCertificateFile /path/to/certificatefile
SSLCertificateKeyFile /path/to/cetificatekeyfile
</VirtualHost>
</IfModule>
As you see, those two options starting by SSLCertificate.. should be pointing to your current certificate files. You have to store you new ones somewhere, update those paths and restart (or reload) apache.
For a web application running on Tomcat, to support multiple SSL sites on one Ip address, I like to add Apache in front of Tomcat.
Is it possible for user to upload its own SSL certificate and configure it dynamically without server restart?
<VirtualHost *:443>
DocumentRoot
ServerName
SSLCertificateFile
SSLCertificateKeyFile
SSLCACertificateFile
SSLEngine on
</VirtualHost>
For apache, the SSL configuration above needs to be added into apache conf file,
and requires server restart. Server restart is not acceptable because there will be many users on the same server. Any solution?
Thanks for help.
So I've got a login script (domain.com/script/index.php) that I need protected with a self-signed certificate, but installing a cert with Apache will apply it to my whole domain. My domain is a personal website, and the last thing I would want is for someone to go through the hassle of having to jump through the hoops of having to 'trust' my self-signed certificate.
Right now I have Webmin running on my server, and it currently has its own self-signed without applying it to my root website directory. Is there any way to secure my script directory without applying it to my root directory?
I'm gonna assume this is php and apache:
Just add this lines to your vhost configs:
SSLEngine on
SSLCertificateFile {{SERVER CRT PATH}}
SSLCertificateKeyFile {{SERVER CRT PATH}}
Make sure SSL dll is on in the php.ini
and apply like so:
# Local Php site
<VirtualHost *:83>
ServerName localhost
DocumentRoot C:/xampp2/htdocs/scripts/php
<Directory C:/xampp2/htdocs/scripts/php>
AllowOverride All
Require all granted
</Directory>
SSLEngine on
SSLCertificateFile C:\xampp2\apache\conf\ssl.crt\server.crt
SSLCertificateKeyFile C:\xampp2\apache\conf\ssl.key\server.key
</VirtualHost>
Reference: http://robsnotebook.com/xampp-ssl-encrypt-passwords
restart apache then visit: https://localhost:83
Trying to setup SSL on Apache (on AWS Linux). Firefox gives me these details in it's nastygram:
The certificate is not trusted because it is self-signed.
The certificate is only valid for ip-###-##-#-##
I'm currently working under the assumption that this is a problem with the ChainFile or CA cert - quite possibly because I dont have the correct info in httpd.conf. Can you comment on the code below or let me know where else to look for the error?
httpd.conf:
<VirtualHost *:443>
DocumentRoot /var/www/html
ServerName https://###-##-#-##
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
SSLCertificateFile /home/ec2-user/StartSSLcert.pem
SSLCertificateKeyFile /home/ec2-user/StartSSLkey.pem
SSLCertificateChainFile /home/ec2-user/sub.class1.server.sha1.ca.pem
SSLCACertificateFile /home/ec2-user/ca.pem
</VirtualHost>
This page has been my primary reference: http://www.startssl.com/?app=21 However, it includes many lines of code not in other examples I've found online with no description of what they do.
I've been guess-and-checking between the example above and a simpler example like: http://www.sslshopper.com/apache-server-ssl-installation-instructions.html
Everything I try is either untrusted by Firefox or I get errors when restarting apache. Ideas?
by default, the ssl settings in:
/etc/httpd/conf.d/ssl.conf
override the corresponding block in:
/etc/httpd/conf/httpd.conf
When using AWS you need to edit ssl.conf
"The certificate is only valid for ip-###-##-#-##"
credit due here:
Cannot setup SSL keys on my apache server in AWS EC2
If your server have more than one IP address, replace the * with IP address inside""
See: http://httpd.apache.org/docs/2.4/mod/core.html#virtualhost
Whats more, make sure you create your private key, CSR correctly.
See:https://library.linode.com/security/ssl-certificates/commercial#sph_create-a-certificate-signing-request
I have an EC2 instance that is using Amazon's custom linux install with built in apache. And Now I would like to Enable SSL to my instance what could I need to do for that.
Actually I bought URL from godaddy and placed my PHP files in AWS EC2. So where would I need to enable SSL, in AWS or in Godaddy? If in AWS means could you pls explain me how to enable.
Thanks in advance.
You need to enable the apache ssl mod. not sure what OS you are running on ec2, but on Ubuntu it is
a2enmod ssl
then modify your ports file to make sure it listens on 443
/etc/apache2/ports.conf
add the line:
Listen 443
and in your hosts file for the site you need to make sure the virtual host uses port 443 and include these lines
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.pem // replace with the link to your cert.
a complete version of a hosts file just for reference might be
<VirtualHost *:443>
ServerName mysite.co.uk
DocumentRoot /var/www/mysite/
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.pem
</VirtualHost>