HTTPS Setup

-https

HTTPS Setup/Renewal on AWS

adding-subdomain.md

Adding a subdomain to the server

1. Create new entry in /conf.d

• for SSL certified host

<VirtualHost *:443>
 ServerName (e.g. docs.dev-junk.com)
 
 ..Rest of apache host settings..
</VirtualHost>

2. Configure domain host DNS resource records (on domain host webportal)

• Name: (e.g. docs.dev-junk.com)
• Type: A
• TTL: 1 min (could probably be 1 hour?)
• Value: <ip_address_of_host>

https-renewal.md

Renewing HTTPS on AWS AMI

• sudo certbot -i apache -a manual --preferred-challenges dns -d dev-junk.com -d www.dev-junk.com
  • Follow instructinos to add DNS TXT Resource Record in Domain DNS Settings
  • Wait 5+ minutes before accepting/validating record updated

Saw this though:

Failed redirect for dev-junk.com
Unable to set enhancement redirect for dev-junk.com
Unable to find corresponding HTTP vhost; Unable to create one as intended addresses conflict; Current configuration does not support automated redirection

IMPORTANT NOTES:
 - We were unable to set up enhancement redirect for your server,
   however, we successfully installed your certificate.
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/dev-junk.com-0001/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/dev-junk.com-0001/privkey.pem
   Your cert will expire on 2021-05-14. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"

Tools for Verifying:

• https://check-your-website.server-daten.de/
• nslookup -type=txt _acme-challenge.dev-junk.com and nslookup -type=txt _acme-challenge.www.dev-junk.com

https-setup.md

Setting up HTTPS on AWS AMI

From https://aws.amazon.com/blogs/compute/extending-amazon-linux-2-with-epel-and-lets-encrypt/

• wget -O epel.rpm –nv https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
• sudo yum install -y ./epel.rpm
• sudo yum install python2-certbot-apache.noarch
• sudo certbot -i apache -a manual --preferred-challenges dns -d dev-junk.com -d devsjunk.com
  • Add DNS TXT Resource Records to Google Domain Settings
  • Name: _acme-challenge, Value: <provided>

old.https-renewal.md

Renewing HTTPS Certs

----- OLD ------

Strange things while attempting to renew... 🤔

• Attempted to run certbot-auto after ssh in
  • Performed update
  • Failed with Error: couldn't get currently installed version for /opt/eff.org/certbot/venv/bin/letsencrypt:
• Removed installation directory in /opt/eff.org/
• Removed certbot-auto binary
• Retreived newer version with wget https://dl.eff.org/certbot-auto and set permissions chmod a+x certbot-auto
• Attempted to run sudo certbot-auto
  • Failed with FATAL error about Amazon being Expiremental
  • Reran with sudo certbot-auto --debug
    • Failed again with ImportError: No module named cryptography
    • installed missing modules with sudo /opt/eff.org/certbot/venv/bin/pip install cryptography interface zope.proxy zope.hookable

SUCCESS Updating certificates in /etc/letsencrypt/live/

old.https-setup.md

Setting up HTTPS on AWS

----- OLD ------

• SSH to Server
• Download Certbot
  • wget https://dl.eff.org/certbot-auto
  • chmod a+x certbot-auto
• Make sure Apache is configured correctly with domain in /etc/httpd/conf/http.conf
• Run sudo ./certbot-auto --apache
  • Will have to answer some questions about which domains you want to secure

Should update /etc/httpd/conf/httpd-le-ssl.conf
Adds to <VirtualHost *:443>:

ServerName <host>
ServerAlias www.<host>

SSLCertificateFile /etc/letsencrypt/live/<host>/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/<host>/privkey.pem