Obě strany předchozí revizePředchozí verzeNásledující verze | Předchozí verzeNásledující verzeObě strany příští revize |
let-s-encrypt [2016/10/07 12:40] – blazek | let-s-encrypt [2017/05/04 10:13] – [Nový certifikát] blazek |
---|
| |
<code> | <code> |
shell# yum install git.x86_64 | shell# yum install git.x86_64 nmap-ncat.x86_64 openssl.x86_64 |
</code> | </code> |
| |
===== Nový certifikát ===== | ===== Nový certifikát ===== |
| |
Příklad vystavení cerifikátu | Příklad vystavení cerifikátu (Apache, není třeba root) |
| |
<code> | <code> |
shell# .acme.sh/acme.sh --issue -d example.com -d www.example.com -w /data/www/example.com/www-le/ --reloadcmd "sudo systemctl reload httpd.service" | shell# .acme.sh/acme.sh --issue -d example.com -d www.example.com -w /data/www/example.com/www-le/ --reloadcmd "sudo systemctl reload httpd.service" |
| </code> |
| |
| Příklad vystavení certifikátu bez webserveru (netcat, root nebo práva na port 80) |
| |
| <code> |
| shell# ./acme.sh --issue --standalone -d example.com -d www.example.com --keylength ec-256 |
</code> | </code> |
| |
SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4 | SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4 |
SSLCompression Off | SSLCompression Off |
Header add Strict-Transport-Security "max-age=15552000" | Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" |
| # Header always set X-Frame-Options SAMEORIGIN |
| Header always set X-Frame-Options DENY |
SSLCertificateFile /home/letsencrypt/.acme.sh/example.com/example.com.cer | SSLCertificateFile /home/letsencrypt/.acme.sh/example.com/example.com.cer |
SSLCertificateKeyFile /home/letsencrypt/.acme.sh/example.com/example.com.key | SSLCertificateKeyFile /home/letsencrypt/.acme.sh/example.com/example.com.key |
SSLCACertificateFile /home/letsencrypt/.acme.sh/example.com/ca.cer | SSLCACertificateFile /home/letsencrypt/.acme.sh/example.com/fullchain.cer |
</VirtualHost> | </VirtualHost> |
| |
SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4 | SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4 |
SSLCompression Off | SSLCompression Off |
Header add Strict-Transport-Security "max-age=15552000" | Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" |
| # Header always set X-Frame-Options SAMEORIGIN |
| Header always set X-Frame-Options DENY |
SSLCertificateFile /home/letsencrypt/.acme.sh/example.com/example.com.cer | SSLCertificateFile /home/letsencrypt/.acme.sh/example.com/example.com.cer |
SSLCertificateKeyFile /home/letsencrypt/.acme.sh/example.com/example.com.key | SSLCertificateKeyFile /home/letsencrypt/.acme.sh/example.com/example.com.key |
SSLCACertificateFile /home/letsencrypt/.acme.sh/example.com/ca.cer | SSLCACertificateFile /home/letsencrypt/.acme.sh/example.com/fullchain.cer |
ErrorLog logs/example.com-error_log | ErrorLog logs/example.com-error_log |
CustomLog logs/example.com-access_log common | CustomLog logs/example.com-access_log common |