file cert.pem cert.pem: broken symbolic link to ../../archive/atakama-studio.ca/cert2.pem
Is it possible and should it be best to just leave the cert files in their original location ?
I also want to use the right configuration for Apache 2.4.8 or higher which is not the case right now.
Sorry I’m not near a pc right now and posting with the smartphone is a pain
The cp did not work because you used -r option. Use only cp -p or just cp.
Regarding about the right conf to be used on Apache 2.4.8 or higher take a look to one of my previous posts.
And yes, there is no need to copy the certs to another location, you can use the path to /etc/letsencrypt/live/…
Haha, thanks for you patience Sahsanu.
Yes, that’s what i’m reading in the manual. Use direct path or create symlinks.
I’ve taken the note on the previous post for the right configuration. I’ll change right now the config to use direct path and only fullchain and privkey and keep you posted with the result in a few minutes.
Quick update. I’ve copied the files using the right command and the site it back online. I’ll try to change the config now.
So I guess, all I have to change would be in my virtual host config :
# SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine on SSLProtocol all -SSLv2 SSLCertificateFile /etc/apache2/ssl/cert.pem SSLCertificateKeyFile /etc/apache2/ssl/privkey.pem SSLCertificateChainFile /etc/apache2/ssl/chain.pem
# SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine on SSLProtocol all -SSLv2 SSLCertificateFile /etc/letsencrypt/live/atakama-studio.ca/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/atakama-studio.ca/privkey.pem
Yes, that is correct, just one thing, you should add
-SSLv3 to SSLProtocol directive, SSLv3 is insecure and should not be used so:
SSLProtocol all -SSLv2 -SSLv3
Alright. Let’s try this !
Ok, change the configuration and rebooted Apache. Everything seems to be working correctly
No need to change the permissions on the cert files to secure things up ?
I guess next step would be to try to configure autorenew.
It should be okay. The permissions for the
/etc/letsencrypt/archive/ directories allow only root to access them. So the files inside them are safe, regardless of their individual permissions.
(Apache can access them because it starts as root before switching to
www-data or whatever.)
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.