Fedora 24 with Apache 2.4.23
Requirements:
- Fedora 24 installed
Part 1 of 3: Install certbot
1. Go to https://certbot.eff.org/
2. Select “Apache” and “Fedora 23+”.
3. For root user , just run “dnf install python-certbot-apache”.
For regular users , please refer to http://fedoraproject.org/wiki/Configuring_Sudo on how to configure sudo access in order to run below commands.
4. After installation of certbot, run below commands to check the version number (It should be 0.8.1):
certbot -auto --version
Part 2 of 3: Downloading and Installing Apache
1. Download Apache 2.4.23: http://httpd.apache.org/
2. Download Apache Portable Runtime 1.5.2 and Apache Portable Runtime Utility 1.5.4: http://apr.apache.org/
Note: Download the latest versions of both APR and APR-Util from Apache APR, unpack them into ./srclib/apr and ./srclib/apr-util (be sure the domain names do not have version numbers; for example, the APR distribution must be under ./srclib/apr/)
After run below commands in the sequence shown:
./configure --with-included-apr
make
make install
./configure --with-included-apr-util
make
make install
4. Install Apache with all default modules, running the commands in the sequence shown below:
./configure --enable-ssl --enable-so
make
make install
Note: By default the above installs Apache under /usr/local/apache2
Part 3 of 3: Enable VirtualHost and SSL
1. Modify the httpd-vhosts.conf file by adding the below to in a new line inside the file using a nano editor or vi:
<VirtualHost *:80>
Enclose all the apache configuration parameters for each and every virtual host between these VirtualHost tags. Any apache directives can be used within the virtualhost container.
</VirtualHost>
In the following example, we are setting up virtual host for www.testcertificates.com listening on the same port 80.
When you go to www.testcertificates.com, the files under /usr/local/apache2/docs/www.testcertificates.com will be served by Apache; and the access_log and error_log for this site will go under /usr/local/apache2/logs/www.testcertificates.com
2. Create an index.html on /usr/local/apache2/docs/<your domain name>
3. Type the command below:
chown –R apache:apache /usr/local/apache2/docs/<your domain name>
The outcome of typing the chown command will produce something like the below:
4. Type the command shown below to check the VirtualHost configuration syntax:
Run ./httpd –S
5. Access your domain using a web browser ensure the index.html reflected correctly.
If there are any errors, please look into error.log for detail and troubleshoot from there.
6. Start Apache at Boot Time. To do so, run the commands in the sequence shown below as the root user :
touch /etc/init.d/apache2
chmod 755 /etc/init.d/apache2
vi /etc/init.d/apache2
(edit it as shown below)
chkconfig --add apache2
chkconfig --list apache2
(to verify that it worked)
Contents of /etc/init.d/apache2:
#!/bin/bash
#
# apache2 Startup script for the Apache HTTP Server
#
# chkconfig: 3 85 15
# description: Apache is a World Wide Web server. It is used to serve \
# HTML files and CGI.
/usr/local/apache2/bin/apachectl $@
Note: You can get the runlevel by running /sbin/runlevel. You will need to call your version of apachectl, e.g., /usr/local/apache2/bin/apachectl
7. Submit Certbot Request by using webroot plugins.
Run the command below:
certbot certonly --webroot -w /usr/local/apache2/htdocs –server https://www.entrust.net/acme/api/v1/directory/CDW-6F2K-O5L2
You will get “Incomplete authorization”. You must approve the request using your Entrust Certificate Services (ECS) account.
8. Login to your ECS account to approve the request:
a. Go to Certificates>Managed Certificates
b. Go to tab Pending Approvals
c. Look for that particular certificate request and check the box besides it. (It should contain “[ACME]” under the Tracking Info column)
d. After the request is checked, select “Approve” under the “Action” dropdown
e. It will then proceed with the certificate creation process.
9. Run certbot again to retrieve the cert. You will obtain the message below:
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/www.testcertificates.com/fullchain.pem. Your
cert will expire on 2017-09-13. To obtain a new or tweaked version
of this certificate in the future, simply run certbot again. To
non-interactively renew *all* of your certificates, run "certbot
renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
10. After downloading the certificates via certbot, you must manually configure the apache for SSL. The four file are:
- privkey.pem
- fullchain.pem
- chain.pem
- cert.pem
Copy privkey.pem, chain.pem and cert.pem to /user/local/apache2/conf.
After, edit /user/local/apache2/conf/extra/httpd-ssl.conf by adding the lines below using nano or vi:
[root@localhost extra]# grep -v "#" httpd-ssl.conf | grep SSLCertificate
SSLCertificateFile "/usr/local/apache2/conf/cert.pem"
SSLCertificateKeyFile "/usr/local/apache2/conf/privkey.pem"
SSLCertificateChainFile "/usr/local/apache2/conf/chain.pem"
Next, edit /usr/local/apache2/conf/httpd.conf as follows:
Remove:
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf
10. Stop/start apache using the
restart
command.
If you have any questions or concerns please contact the Entrust Certificate Services Support department for further assistance:
Hours of Operation:
Sunday 8:00 PM ET to Friday 8:00 PM ET
North America (toll free): 1-866-267-9297
Outside North America: 1-613-270-2680 (or see the list below)
NOTE: Smart Phone users may use 1-800 numbers for one-touch dialing.
Otherwise, it is very important that international callers dial the UITF format exactly as indicated. Do not dial an extra "1" before the "800" or your call will not be accepted as an UITF toll free call.
Country | Number |
Australia |
0011 - 800-3687-7863
1-800-767-513 |
Austria | 00 - 800-3687-7863 |
Belgium | 00 - 800-3687-7863 |
Denmark | 00 - 800-3687-7863 |
Finland |
990 - 800-3687-7863 (Telecom Finland)
00 - 800-3687-7863 (Finnet) |
France | 00 - 800-3687-7863 |
Germany | 00 - 800-3687-7863 |
Hong Kong |
001 - 800-3687-7863 (Voice)
002 - 800-3687-7863 (Fax) |
Ireland | 00 - 800-3687-7863 |
Israel | 014 - 800-3687-7863 |
Italy | 00 - 800-3687-7863 |
Japan |
001 - 800-3687-7863 (KDD)
004 - 800-3687-7863 (ITJ) 0061 - 800-3687-7863 (IDC) |
Korea |
001 - 800-3687-7863 (Korea Telecom)
002 - 800-3687-7863 (Dacom) |
Malaysia | 00 - 800-3687-7863 |
Netherlands | 00 - 800-3687-7863 |
New Zealand |
00 - 800-3687-7863
0800-4413101 |
Norway | 00 - 800-3687-7863 |
Singapore | 001 - 800-3687-7863 |
Spain | 00 - 800-3687-7863 |
Sweden |
00 - 800-3687-7863 (Telia)
00 - 800-3687-7863 (Tele2) |
Switzerland | 00 - 800-3687-7863 |
Taiwan | 00 - 800-3687-7863 |
United Kingdom |
00 - 800-3687-7863
0800 121 6078 +44 (0) 118 953 3088 |