Перейти к основному содержимому

A.C.M.E auto-install client: Fedora 24 (Apache)

User-added image

Fedora 24 with Apache 2.4.23

Requirements:

  • Fedora 24 installed

Часть 1 из 3. Install certbot

1. Go to https://certbot.eff.org/

2. Select “Apache” and “Fedora 23+”.

3. For root user , just run “dnf install python-certbot-apache”.

For regular users , please refer to http://fedoraproject.org/wiki/Configuring_Sudo on how to configure sudo access in order to run below commands.

User-added image

4. After installation of certbot, run below commands to check the version number (It should be 0.8.1):

certbot -auto --version

Часть 2 из 3. Downloading and Installing Apache

1. Download Apache 2.4.23: http://httpd.apache.org/

2. Download Apache Portable Runtime 1.5.2 and Apache Portable Runtime Utility 1.5.4: http://apr.apache.org/

ПРИМЕЧАНИЕ. Download the latest versions of both APR and APR-Util from Apache APR, unpack them into ./srclib/apr and ./srclib/apr-util (be sure the domain names do not have version numbers; for example, the APR distribution must be under ./srclib/apr/)

After run below commands in the sequence shown:

./configure --with-included-apr
make
make install
./configure --with-included-apr-util
make
make install

4. Install Apache with all default modules, running the commands in the sequence shown below:

./configure --enable-ssl --enable-so
make
make install

ПРИМЕЧАНИЕ. By default the above installs Apache under /usr/local/apache2

User-added image

Часть 3 из 3. Enable VirtualHost and SSL

1. Modify the httpd-vhosts.conf file by adding the below to in a new line inside the file using a nano editor or vi:

<VirtualHost *:80> Enclose all the apache configuration parameters for each and every virtual host between these VirtualHost tags. Any apache directives can be used within the virtualhost container. </VirtualHost>

In the following example, we are setting up virtual host for www.testcertificates.com listening on the same port 80.

When you go to www.testcertificates.com, the files under /usr/local/apache2/docs/www.testcertificates.com will be served by Apache; and the access_log and error_log for this site will go under /usr/local/apache2/logs/www.testcertificates.com

User-added image

2. Create an index.html on /usr/local/apache2/docs/<your domain name>

User-added image

3. Type the command below:

chown –R apache:apache /usr/local/apache2/docs/<your domain name>

The outcome of typing the chown command will produce something like the below:

User-added image

4. Type the command shown below to check the VirtualHost configuration syntax:

Run ./httpd –S

5. Access your domain using a web browser ensure the index.html reflected correctly.

User-added image

If there are any errors, please look into error.log for detail and troubleshoot from there.

6. Start Apache at Boot Time. To do so, run the commands in the sequence shown below as the root user :

touch /etc/init.d/apache2
chmod 755 /etc/init.d/apache2
vi /etc/init.d/apache2 (edit it as shown below)

chkconfig --add apache2

chkconfig --list apache2 (to verify that it worked)

Contents of /etc/init.d/apache2:

#!/bin/bash
#
# apache2        Startup script for the Apache HTTP Server
#
# chkconfig: 3 85 15
# description: Apache is a World Wide Web server.  It is used to serve \
#              HTML files and CGI.

/usr/local/apache2/bin/apachectl $@

ПРИМЕЧАНИЕ. You can get the runlevel by running /sbin/runlevel. You will need to call your version of apachectl, e.g., /usr/local/apache2/bin/apachectl

7. Submit Certbot Request by using webroot plugins.

Run the command below:

certbot certonly --webroot -w /usr/local/apache2/htdocs –server https://www.entrust.net/acme/api/v1/directory/CDW-6F2K-O5L2

You will get “Incomplete authorization”. You must approve the request using your Entrust Certificate Services (ECS) account.

8. Login to your ECS account to approve the request:

a. Go to Certificates>Managed Certificates

b. Go to tab Pending Approvals

c. Look for that particular certificate request and check the box besides it. (It should contain “[ACME]” under the Tracking Info column)

d. After the request is checked, select “Approve” under the “Action” dropdown

e. It will then proceed with the certificate creation process.

9. Run certbot again to retrieve the cert. You will obtain the message below:

IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/www.testcertificates.com/fullchain.pem. Your
cert will expire on 2017-09-13. To obtain a new or tweaked version
of this certificate in the future, simply run certbot again. To
non-interactively renew *all* of your certificates, run "certbot
renew"
- If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

10. After downloading the certificates via certbot, you must manually configure the apache for SSL. The four file are:

  • privkey.pem
  • fullchain.pem
  • chain.pem
  • cert.pem

Copy privkey.pem, chain.pem and cert.pem to /user/local/apache2/conf.

After, edit /user/local/apache2/conf/extra/httpd-ssl.conf by adding the lines below using nano or vi:

[root@localhost extra]# grep -v "#" httpd-ssl.conf | grep SSLCertificate
SSLCertificateFile "/usr/local/apache2/conf/cert.pem"
SSLCertificateKeyFile "/usr/local/apache2/conf/privkey.pem"
SSLCertificateChainFile "/usr/local/apache2/conf/chain.pem"

Next, edit /usr/local/apache2/conf/httpd.conf as follows:

Remove:

LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf

10. Stop/start apache using the restart command.

If you have any questions or concerns please contact the Entrust Certificate Services Support department for further assistance:

Hours of Operation:
Sunday 8:00 PM ET to Friday 8:00 PM ET
North America (toll free): 1-866-267-9297
Outside North America: 1-613-270-2680 (or see the list below)
NOTE: Smart Phone users may use 1-800 numbers for one-touch dialing.
Otherwise, it is very important that international callers dial the UITF format exactly as indicated. Do not dial an extra "1" before the "800" or your call will not be accepted as an UITF toll free call.

Страна Number
Австралия 0011 - 800-3687-7863
1-800-767-513
Австрия 00 - 800-3687-7863
Бельгия 00 - 800-3687-7863
Дания 00 - 800-3687-7863
Финляндия 990 - 800-3687-7863 (Telecom Finland)
00 - 800-3687-7863 (Finnet)
Франция 00 - 800-3687-7863
Германия 00 - 800-3687-7863
Гонконг 001 - 800-3687-7863 (Voice)
002 - 800-3687-7863 (Fax)
Ирландия 00 - 800-3687-7863
Израиль 014 - 800-3687-7863
Италия 00 - 800-3687-7863
Япония 001 - 800-3687-7863 (KDD)
004 - 800-3687-7863 (ITJ)
0061 - 800-3687-7863 (IDC)
Корея 001 - 800-3687-7863 (Korea Telecom)
002 - 800-3687-7863 (Dacom)
Малайзия 00 - 800-3687-7863
Нидерланды 00 - 800-3687-7863
Новая Зеландия 00 - 800-3687-7863
0800-4413101
Норвегия 00 - 800-3687-7863
Сингапур 001 - 800-3687-7863
Испания 00 - 800-3687-7863
Швеция 00 - 800-3687-7863 (Telia)
00 - 800-3687-7863 (Tele2)
Швейцария 00 - 800-3687-7863
Тайвань 00 - 800-3687-7863
Великобритания 00 - 800-3687-7863
0800 121 6078
+44 (0) 118 953 3088