Difference between revisions of "SBN - Copying Certs"
Jump to navigation
Jump to search
| Line 8: | Line 8: | ||
<br /> | <br /> | ||
| − | #Install certbot on the machine you're putting the certs onto & create the <code>live</code> directory where the certs will live. (Unverified Note: You might not actually need to install certbot on the proxied machine. You | + | #<s>Install certbot on the machine you're putting the certs onto & create the <code>live</code> directory where the certs will live. (Unverified Note: You might not actually need to install certbot on the proxied machine.</s> You '''CAN''' just create the /etc/letsencrypt directory, then the live directory... (You can ALSO make that directory writeable by a normal user which allows for using SCP to insert the certs directly.) |
#*<code>ssh Machine</code> | #*<code>ssh Machine</code> | ||
#*<code>sudo apt install certbot</code> | #*<code>sudo apt install certbot</code> | ||
| Line 17: | Line 17: | ||
#**then exit when you've succeeded (this tells '''webserver''' how to get there...) | #**then exit when you've succeeded (this tells '''webserver''' how to get there...) | ||
#Then you can use '''scp''' to copy the certs. | #Then you can use '''scp''' to copy the certs. | ||
| − | #*<code>sudo scp -r /etc/letsencrypt/live/Machine.Domain.TLD user@Machine:~</code> | + | #*<code><s>sudo scp -r /etc/letsencrypt/live/Machine.Domain.TLD user@Machine:~</s></code> |
| − | #Then ssh back into the target machine & move the certs into their proper location | + | #*<code>sudo scp -r /etc/letsencrypt/live/Machine.Domain.TLD user@Machine:/etc/letsencrypt/live</code> |
| − | #*<code>sudo mv Machine.Domain.TLD /etc/letsencrypt/live/</code> | + | #Then ssh back into the target machine <s>& move the certs into their proper location</s> |
| + | #*<code><s>sudo mv Machine.Domain.TLD /etc/letsencrypt/live/</s></code> | ||
#And tell Apache about the certs | #And tell Apache about the certs | ||
#*<code>sudo vi /etc/apache2/sites-available/default-ssl.conf</code> | #*<code>sudo vi /etc/apache2/sites-available/default-ssl.conf</code> | ||
Revision as of 00:51, 23 February 2021
To copy certs for a machine from your proxy server (Replace Machine.Domain.TLD with the proper name for your machine...) (&, of course, user & WebServer may need adjusting...)
In this example,
- Machine.Domain.TLD is the full name of the machine you're copying the certs to.
- WebServer is the name of your web/proxy server
Install certbot on the machine you're putting the certs onto & create theYou CAN just create the /etc/letsencrypt directory, then the live directory... (You can ALSO make that directory writeable by a normal user which allows for using SCP to insert the certs directly.)livedirectory where the certs will live. (Unverified Note: You might not actually need to install certbot on the proxied machine.ssh Machinesudo apt install certbotsudo mkdir /etc/letsencrypt/live
- Sign into your proxy server & make sure you can SSH into the target machine from there.
ssh webserverssh Machine- then exit when you've succeeded (this tells webserver how to get there...)
- Then you can use scp to copy the certs.
sudo scp -r /etc/letsencrypt/live/Machine.Domain.TLD user@Machine:~sudo scp -r /etc/letsencrypt/live/Machine.Domain.TLD user@Machine:/etc/letsencrypt/live
- Then ssh back into the target machine
& move the certs into their proper locationsudo mv Machine.Domain.TLD /etc/letsencrypt/live/
- And tell Apache about the certs
sudo vi /etc/apache2/sites-available/default-ssl.conf
SSLCertificateFile /etc/letsencrypt/live/Machine.Domain.TLD/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/Machine.Domain.TLD/privkey.pem
replaces:
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
Restart Apache:
sudo systemctl restart apache2
