SSL Certification

From Kautepedia
Jump to navigation Jump to search

SSL Certificate Renewal for wiki.kautepasifika.com[edit | edit source]

The SSL certificate for wiki.kautepasifika.com expires every 3 months. This steps taken to fix and prevent the issue.

Check Certificate Expiry[edit | edit source]

openssl s_client -connect wiki.kautepasifika.com:443 -servername wiki.kautepasifika.com | openssl x509 -noout -dates -subject

Renew the Certificate with Certbot[edit | edit source]

sudo certbot certonly --apache -d wiki.kautepasifika.com --preferred-chain "ISRG Root X1"

New cert was issued under: /etc/letsencrypt/live/wiki.kautepasifika.com-0001/

Update Apache VirtualHost Config[edit | edit source]

SSLCertificateFile /etc/letsencrypt/live/wiki.kautepasifika.com-0001/fullchain.pem

SSLCertificateKeyFile /etc/letsencrypt/live/wiki.kautepasifika.com-0001/privkey.pem

Restart Apache[edit | edit source]

sudo systemctl restart apache2

Confirm the Correct Certificate is Served[edit | edit source]

openssl s_client -connect wiki.kautepasifika.com:443 -servername wiki.kautepasifika.com | openssl x509 -noout -dates -subject

Certbot handles auto-renewal[edit | edit source]

sudo certbot renew --dry-run

Retrieved from "https://wiki.kautepasifika.com/mediawiki/index.php?title=SSL_Certification&oldid=3414"