tagged: https

Let's Encrypt tutorial: create a simple certificate for Apache2

Let's create a simple certificate for Apache2.
We won't do automatic renewal, meaning in three months time we'll have to deal with renewal. But we really should do autorenewal, but we're just testing things at the moment.
First login to your server. This is the server where your site on the internet, www.blarblaberklaejr.com, or whatever, is based.
Then do this as root:

mkdir -p /opt/letsencrypt
cd /opt/letsencrypt
git clone https://github.com/letsencrypt/letsencrypt
./letsencrypt-auto certonly --manual

This creates the directory where we clone the latest letsencrypt. Then we start the manual process to create certificates.
A terminal application will start asking you for your email for correspondence (although you'll not need to check your email to do anything of this), and the domains for which you want the certificate.
Then it'll break out of that and ask you to create a file on your publically available site for it to check.
Once that check is finished, it'll output the certificates to /etc/letsencrypt/live/yourdomain.com.
Now your existing /etc/apache2/sites-available/your-file-name.conf should look something like

<VirtualHost *:443>
  SSLEngine On
  SSLCertificateFile /etc/letsencrypt/live/yourdomain.com/fullchain.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/yourdomain.com/privkey.pem


Restart apache. Rejoice.

https letsencrypt unix apache

Jetty 9: Enabling SSL in Embedded Jetty

First create a HttpConfiguration with a HTTP configuration that explains its secure scheme and port:

HttpConfiguration http_config = new HttpConfiguration();

Then we'll create another HttpConfiguration for https that extends from the above but adds a SecureRequestCustomizer

HttpConfiguration https_config = new HttpConfiguration(http_config);
https_config.addCustomizer(new SecureRequestCustomizer());	        

Next create a SslContextFactory that points to your Java keystore

SslContextFactory sslContextFactory = new SslContextFactory("/its_dir/cert.keystore");

Note you can prefix the password with OBF: if you're going to use the Jetty obfuscated password.
Next we're creating the ServerConnector, passing in the Server class, a SslConnectorFactory and a HttpConnectionFactory.

ServerConnector httpsConnector = new ServerConnector(server, 
		new SslConnectionFactory(sslContextFactory, "http/1.1"),
		new HttpConnectionFactory(https_config));

Finally use this connector, maybe along with a normal Http ServerConnector, to the Server.

server.setConnectors(new Connector[]{ httpsConnector });

java jetty ssl https

Apache: Redirect HTTP traffic to HTTPS

If you want all the HTTP traffic to be rerouted through HTTPS, you need to specify a mod_rewrite rule:

<VirtualHost *:80>
 ServerName  example.com
 RewriteEngine on
 ReWriteCond %{SERVER_PORT} !^443$
 RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R=301,L]

This is saying take all traffic going to port 80 that's not on port 443 (yeah...) and rewrite it to a https:// url, ignoring case (NC), sending a moved permanently error message (R=301).
Now specify the vhost entry for HTTPS:

<VirtualHost *:443>
  ServerName  example.com

  SSLEngine on
  SSLCertificateFile your_cert.pem
  SSLCertificateKeyFile your_private.key

The above is a normal SSL vhost entry, specifying the certificate and private key for your HTTPS site.

unix apache ssl https apache-mod_rewrite

Page 1 of 1