Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
Topic: Let's Encrypt for Apache :: How-To mod_md |
|
Author |
|
Steffen Moderator
Joined: 15 Oct 2005 Posts: 3094 Location: Hilversum, NL, EU
|
Posted: Fri 13 Oct '17 11:01 Post subject: Let's Encrypt for Apache :: How-To mod_md |
|
|
# Uncomment in your httpd.conf
LoadModule watchdog_module modules/mod_watchdog.so
LoadModule md_module modules/mod_md.so
# Configuration
see http://httpd.apache.org/docs/2.4/mod/mod_md.html
and
Far better https://github.com/icing/mod_md/blob/master/README.md
You need at least:
MDCertificateAgreement accepted
MDomain .... .....
In the :443 VirtualHost(s), turn on mod_ssl:
SSLEngine on
Normally, certificates are valid for around 90 days and mod_md will renew them the earliest 30 days before they expire.
You can set for example every 10 days: MDRenewWindow 80d
When testing, consider the rate limits: https://letsencrypt.org/docs/rate-limits/
If you need to experiment and not to hit the limits, configure :
MDCertificateAuthority https://acme-staging-v02.api.letsencrypt.org/directory . Then no valid certificates are generated.
To get more insight what is going on, set: LogLevel info md:trace2 ssl:notice
Enjoy,
Steffen
Last edited by Steffen on Mon 30 Sep '19 10:41; edited 21 times in total |
|
Back to top |
|
Steffen Moderator
Joined: 15 Oct 2005 Posts: 3094 Location: Hilversum, NL, EU
|
Posted: Wed 01 Nov '17 11:51 Post subject: |
|
|
Maybe you have already noticed that mod_md can now automatically stop/start Apache to activate after a (re)new.
A discussion with the author stefan from greenbytes resulted in a new directive MDNotifyCmd : https://httpd.apache.org/docs/trunk/mod/mod_md.html#mdnotifycmd
Now with a simple script you can do what you want.
For example I have now a .bat and mailsend in the Apache/folder:
Code: | MDNotifyCmd c:/apache24/bin/mod_md.bat |
The script mod_md.bat stops/start Apache, kills fastcgi zombies, copy certificates to mail server and sends a mail:
Code: | @ECHO OFF
Net stop <service-name>
powershell -command "Start-Sleep -s 10"
REM kill eventually zombie php-cgi.exe's when you run php with mod_fcgid
taskkill /F /T /IM php-cgi*
Net start <service-name>
REM copy certificates to mail server (in my case Surgemail)
xcopy <path to apache>\md\domains\<domain-name>pubcert.pem <path to surgemail>\ssl\surge_cert.pem /Y
xcopy <path to apache>\md\domains\<domain-name>privkey.pem <path to surgemail>\ssl\surge_priv.pem /Y
<path to apache>/bin/mailsend -q -f steffen@sland.nl -smtp sland.nl -user steffen@sland.nl -pass xxxxxx -name "Steffen L" -t Steffen@sland.nl -sub "Lets Encrypt mod_md Notification" -M "Managed Domain(s) created/renewed:" -M "%~1" -M "%~2" -M "%~3" -M "%~4" -M "." |
Note:
The script is executed after ~24 hours when it is renewed
Note:
mailsend.exe , see https://github.com/muquit/mailsend/releases and https://github.com/muquit/mailsend/blob/master/doc/examples.mediawiki |
|
Back to top |
|
Steffen Moderator
Joined: 15 Oct 2005 Posts: 3094 Location: Hilversum, NL, EU
|
|
Back to top |
|
Steffen Moderator
Joined: 15 Oct 2005 Posts: 3094 Location: Hilversum, NL, EU
|
|
Back to top |
|
nono303
Joined: 20 Dec 2016 Posts: 205 Location: Lille, FR, EU
|
Posted: Wed 02 Oct '19 17:32 Post subject: |
|
|
my 2 cents, same notification for a mattermost hook url (what I use)
Code: |
curl -i -X POST -H "Content-Type: application/json" -d "{\"username\": \"Lets Encrypt MDMessageCmd\", \"icon_url\": \"http://apache.org/favicon.ico\", \"text\": \"^| Something happened concerning mod_md domain ^|\n^|---^|\n^| %~1 ^|\n^| %~2 ^|\n^| %~3 ^|\n^| %~4 ^|\"}" https://[MATTERMOST_SERVER]/hooks/[HOOK_ID] |
|
|
Back to top |
|
Steffen Moderator
Joined: 15 Oct 2005 Posts: 3094 Location: Hilversum, NL, EU
|
Posted: Fri 08 Nov '19 12:42 Post subject: All the Things Promised |
|
|
A status report mod_md.
With the release of version v2.2.2 the project sponsored by the beautiful people at MOSS, Mozilla's Open Source Support, has been concluded. You will soon see the result appear in various releases, such as Fedora and Debian unstable. What can you expect? How does this benefit you? Three things: Real ACME, Safer Stapling and Easy Monitoring.
Read more...... https://icing.github.io/mod_md/allthethingspromised.html
Nice summary |
|
Back to top |
|
|
|
|
|
|