You are not logged in.
- Topics: Active | Unanswered
#1 2017-05-25 04:00:14
- tony5429
- Member
- Registered: 2006-03-28
- Posts: 1,020
[SOLVED] How to Set Up TLS/SSL on Apache Server
I have an Apache Server running on a public domain (krondi.com) and would like to configure it with TLS/SSL. I'm trying to use the instructions at https://wiki.archlinux.org/index.php/Ap … #TLS.2FSSL and "Let's Encrypt". So far I have...
- Installed certbot (pacman -S certbot)
- Uncommented the following lines in my /etc/httpd/conf/httpd.conf
- LoadModule ssl_module modules/mod_ssl.so
- LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
- Include conf/extra/httpd-ssl.conf
- Appended a "Listen 443" line directly below the "Listen 80" line in my /etc/httpd/conf/httpd.conf
From what I can tell my next step should be running the certbot command. However, whenever I do I am met with this error...
[root@krondi ~]# certbot certonly --email contact@bluegrasslabs.com --apache -w /srv/http/ -d krondi.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Could not choose appropriate plugin: The requested apache plugin does not appear to be installed
The requested apache plugin does not appear to be installedLast edited by tony5429 (2017-05-28 02:30:45)
Offline
#2 2017-05-25 04:02:24
- jasonwryan
- Anarchist
- From: .nz
- Registered: 2009-05-09
- Posts: 30,426
- Website
Re: [SOLVED] How to Set Up TLS/SSL on Apache Server
- Installed certbot (pacman -Sy certbot)
Don't do that. It breaks things...
Offline
#3 2017-05-25 07:42:38
- izzno
- Member
- Registered: 2017-05-24
- Posts: 19
Re: [SOLVED] How to Set Up TLS/SSL on Apache Server
I'm sure you can adapt this:
https://www.digitalocean.com/community/ … untu-16-04
Offline
#4 2017-05-25 12:30:57
- tony5429
- Member
- Registered: 2006-03-28
- Posts: 1,020
Re: [SOLVED] How to Set Up TLS/SSL on Apache Server
jasonwryan: Whoops; I looked back through my ~/.bash_history and confirmed that I actually did use "pacman -S certbot" rather than "pacman -Sy certbot" - I just typed "-Sy" when I was listing the things I'd done up to this point. Thanks for the tip and link, but that's not the issue this time. I updated my post accordingly.
izzno: Thanks. It seems the only difference in the Ubuntu steps before running the certbot command is that they don't edit the Apache config. Probably doesn't matter since I hadn't restarted the httpd daemon after making the changes the first time, but I gave it a shot this time anyway and ran into the same error I had previously...
Any other ideas?
Offline
#5 2017-05-25 12:39:01
- Trilby
- Inspector Parrot
- Registered: 2011-11-29
- Posts: 30,332
- Website
Re: [SOLVED] How to Set Up TLS/SSL on Apache Server
izzno, suggesting ubuntu-specific guides from third parties is really uncalled for here. Our wiki has a very good guide - as does certbot (even an arch-specific guide):
https://certbot.eff.org/#arch-apache
tony5429, the command you are trying to run, however, is not found on either the wiki page you claimed to have followed, nor on certbots official documentation. Follow the wiki as it is - it works.
EDIT: oops, it seems a note has been added to the certbot page on our wiki suggesting to replace "--webroot" with "--apache". That must be new from when I last set up a site. Try with just --webroot. Using --apache likely requires the certbot-apache plugin which does not work on arch (if that's the case this note should be removed from the wiki).
"UNIX is simple and coherent" - Dennis Ritchie; "GNU's Not Unix" - Richard Stallman
Offline
#6 2017-05-25 13:08:11
- tony5429
- Member
- Registered: 2006-03-28
- Posts: 1,020
Re: [SOLVED] How to Set Up TLS/SSL on Apache Server
Switching to webroot did the trick! Thanks! Now one more question: I can now access https://krondi.com and my browser notes that it is secure. However, if I type "krondi.com", I'm sent to http://krondi.com instead of https://krondi.com - how can I make the site always use the secure connection?
Offline
#7 2017-05-25 13:16:37
- Lone_Wolf
- Administrator
- From: Netherlands, Europe
- Registered: 2005-10-04
- Posts: 13,349
Re: [SOLVED] How to Set Up TLS/SSL on Apache Server
https://wiki.apache.org/httpd/RedirectSSL looks promising for that.
Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.
clean chroot building not flexible enough ?
Try clean chroot manager by graysky
Offline
#8 2017-05-26 13:35:53
- tony5429
- Member
- Registered: 2006-03-28
- Posts: 1,020
Re: [SOLVED] How to Set Up TLS/SSL on Apache Server
https://wiki.apache.org/httpd/RedirectSSL looks promising for that.
Thanks!
Offline
#9 2017-05-27 21:48:34
- tony5429
- Member
- Registered: 2006-03-28
- Posts: 1,020
Re: [SOLVED] How to Set Up TLS/SSL on Apache Server
Actually one final question: what is the meaning of the "standalone method" in this line on the "Let's Encrypt" wiki page (https://wiki.archlinux.org/index.php/Le … 9s_Encrypt)? Trying to figure out if I need to worry about stopping Apache before renewing my certificate...
When using the standalone method you should stop your webserver before executing the renew request, and start your webserver when Certbot is finished. Certbot provides hooks to automatically stop and restart a web server.Offline
#10 2017-05-28 00:15:18
- Trilby
- Inspector Parrot
- Registered: 2011-11-29
- Posts: 30,332
- Website
Re: [SOLVED] How to Set Up TLS/SSL on Apache Server
That's referring to the manual configuration.
"UNIX is simple and coherent" - Dennis Ritchie; "GNU's Not Unix" - Richard Stallman
Offline
#11 2017-05-28 02:31:06
- tony5429
- Member
- Registered: 2006-03-28
- Posts: 1,020
Re: [SOLVED] How to Set Up TLS/SSL on Apache Server
That's referring to the manual configuration.
Got it; thanks!
Offline