Hi all.
I’ve set up using snappy. I have my own SSL certificate, but I’m not sure on how to set it up. Has anyone got a guide on how to do this?
you need to install your certificate somewhere.
Refering to letsencrypt cert using certbot, the *.pem files are located in:
SSLCertificateFile /etc/letsencrypt/live/redacted/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/redacted/privkey.pem
When done, modify your apache conf to match your location
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
Protocols h2 http/1.1
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} redacted
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
Protocols h2 http/1.1
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCertificateFile /etc/letsencrypt/live/redacted/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/redacted/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
ServerName redacted
# Guarantee HTTPS for 6 Month including Sub Domains
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
</VirtualHost>
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
# twitch to your need
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLHonorCipherOrder on
# new ssl no compression method
# SSLCompression on
SSLSessionTickets off
SSLOptions +StrictRequire
# OCSP Stapling, only in httpd 2.3.3 and later
SSLUseStapling on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLStaplingCache shmcb:/var/run/ocsp(128000)
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
</IfModule>OK cool. I give it a go. Thanks