This has been an issue for me for quite some time. I have been trying to get SSL working and get valid certificates so that I could secure a few things and offer better security. Additionally, these days, having secure
$ yaourt -S certbot certbot-apache acme-tiny letsencrypt-cli openssl
Next, you need to obtain the certificates. Also, I port forwarded 80 and 443 through the router to the server. This would be a good time to make sure that port forward is good or else this won’t work properly.
# certbot certonly --email email@example.com --webroot -w /srv/http/site1/ -d www.website.com
If you have received the congratulations message, then you should have certificates in the designated folder. (Mine were located in /etc/
LoadModule ssl_module modules/mod_ssl.so LoadModule socache_shmcb_module modules/mod_socache_shmcb.so Include conf/extra/httpd-ssl.conf
and, while you’re in
In /etc/httpd/conf/extra/httpd-ssl.conf, find the <strong>Virtual Host Context</strong> section, and add your VirtualHost server information as follows:
DocumentRoot "/srv/http/site1" ServerName site1.com:443 ServerAdmin YOUR.EMAIL@ADDRESS.COM ErrorLog "/var/log/httpd/error_log" TransferLog "/var/log/httpd/access_log" SSLEngine on SSLCertificateFile "/etc/letsencrypt/live/site1/fullchain.pem" SSLCertificateKeyFile "/etc/letsencrypt/live/site1/privkey.pem" #SSLCertificateChainFile "/etc/letsencrypt/live/site1/chain.pem" #SSLCACertificatePath "/etc/httpd/conf/ssl.crt" #SSLCACertificateFile "/etc/httpd/conf/ssl.crt/ca-bundle.crt"
Note, the only two files you have to reference from your certificates are
ServerName www.site1.com OTHER OPTIONS FOR VHOST HERE IF NEEDED SSLEngine on SSLCertificateFile "/etc/letsencrypt/live/site1/fullchain.pem" SSLCertificateKeyFile "/etc/letsencrypt/live/site1/privkey.pem"
Notice I added the SSL stuff in the second VirtualHost entry. Now, if you chose, you can remove everything from the non-encrypted VirtualHost and add the following line below the ServerName to redirect all traffic to secure connections.
Redirect / https://www.site1.com/
Hopefully, this helps get your SSL encryption working.