date:20160614

Re: [users@httpd] LetsEncrypt.org with Virtual Hosting

2016-06-14 Thread Mathijs Schmittmann

Hi Filipe,
>
> > Notice that SSLCertificateFile and SSLCertificateKeyFile are the
> > same for both of the domains, because they use the same key of
> > example.com .  The website, example.com
> >  works perfectly fine.  But example.info
> >  has serious problems (On the order of
> > NET::ERR_CERT_COMMON_NAME_INVALID).  Who has an idea on how to fix
> > this?  I can't experiment too much because I'm limited to 5 keys
> > per week so learning this myself is a very slow-track process.
You might find this interesting:
https://community.letsencrypt.org/t/testing-against-the-lets-encrypt-staging-environment/6763

Letsencrypt provides a staging environment with much more lenient
ratelimiting, but of course not signed with the official intermediate
certificate.

Br,
Mathijs




signature.asc
Description: OpenPGP digital signature

Re: [users@httpd] LetsEncrypt.org with Virtual Hosting

2016-06-14 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Filipe,

On 6/14/16 3:15 PM, Filipe Cifali wrote:
> Your are probably hitting the wrong cert file, check with:
> 
> |openssl s_client -connect example.info:443
> |
> 
> You can also try to disable the first SSL and check if you hit the
> right one after.

You may have to do this:

$ openssl s_client -connect ip_addr:443 -servername 'example.info'

This will allow you to connect to a local test machine and still tell
the server that you are trying to connect to example.info.

Rich,

Why are you using example.info instead of your actual domain name?

- -chris

> On Tue, Jun 14, 2016 at 4:08 PM,  > wrote:
> 
> For some time, I have been hosting about 10 sites unencrypted.
> But since people other than just myself will be using my
> squirrelmail, I decided to encrypt my server.  I had delayed it
> simply because keys are too expensive to buy, but now I learned
> about LetsEncrypt.org and have been working in that direction.
> 
> So far, I moved two websites over to this server, example.com 
>  and example.info .  My 
> first test of the LetsEncrypt software was of the form of:
> 
> # letsencrypt-auto -apache -d example.com 
> 
> but I ran into a caveat with www.example.com 
>  not being accepted.  I decided to re-run 
> with the other domain included as well, so I did the remaining
> three combinations:
> 
> #letsencrypt-auto -apache -d www.example.com 
>  -d example.info  -d 
> www.example.info 
> 
> The conf files for the sites are fairly straight-forward in my 
> mind.  There are four of them:
> 
> #/etc/apache2/sites-available/80-example.com
>    
> ServerAdmin webmaster@localhost DocumentRoot
> /var/www/example.com/public_html/ 
>  ErrorLog
> ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log
> combined ServerName example.com  ServerAlias
> www.example.com   
> 
> 
> #/etc/apache2/sites-available/443-example.com
>    
> ServerAdmin webmas...@example.com  
> DocumentRoot /var/www/example.com/public_html/ 
>  ErrorLog
> ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log
> combined SSLCertificateFile
> /etc/letsencrypt/live/example.com/fullchain.pem 
>  SSLCertificateKeyFile
> /etc/letsencrypt/live/example.com/privkey.pem 
>  Include
> /etc/letsencrypt/options-ssl-apache.conf ServerName example.com
>  ServerAlias www.example.com
>   
> 
> #/etc/apache2/sites-available/80-example.info
>    
> ServerAdmin webmaster@localhost DocumentRoot
> /var/www/example.info/public_html/ 
>  ErrorLog
> ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log
> combined ServerName example.info  ServerAlias
> www.example.info   
> 
> 
> #/etc/apache2/sites-available/443-example.info
>    
> ServerAdmin webmas...@example.info  
> DocumentRoot /var/www/example.info/public_html/ 
>  ErrorLog
> ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log
> combined SSLCertificateFile
> /etc/letsencrypt/live/example.com/fullchain.pem 
>  SSLCertificateKeyFile
> /etc/letsencrypt/live/example.com/privkey.pem 
>  Include
> /etc/letsencrypt/options-ssl-apache.conf ServerName example.info
>  ServerAlias www.example.info
>  
> 
> Notice that SSLCertificateFile and SSLCertificateKeyFile are the 
> same for both of the domains, because they use the same key of 
> example.com .  The website, example.com 
>  works perfectly fine.  But example.info 
>  has serious problems (On the order of 
> NET::ERR_CERT_COMMON_NAME_INVALID).  Who has an idea on how to fix 
> this?  I can't experiment too much because I'm limited to 5 keys
> per week so learning this myself is a very slow-track process.
> 
> There are a number of HOWTO documents out there, but there is very 
> wide variance in their steps that I have little confidence in
> them, but have chosen one and decided to try at it.  Once I get
> this established, I promise to write a blog article explaining the 
> procedure a little bit better
> 
> 
> -
>
> 
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>

[users@httpd] LetsEncrypt.org with Virtual Hosting

2016-06-14 Thread rich . greder

For some time, I have been hosting about 10 sites unencrypted.  But since 
people other than just myself will be using my squirrelmail, I decided to 
encrypt my server.  I had delayed it simply because keys are too expensive to 
buy, but now I learned about LetsEncrypt.org and have been working in that 
direction.

So far, I moved two websites over to this server, example.com and example.info. 
 My first test of the LetsEncrypt software was of the form of:

# letsencrypt-auto -apache -d example.com

but I ran into a caveat with www.example.com not being accepted.  I decided to 
re-run with the other domain included as well, so I did the remaining three 
combinations:

#letsencrypt-auto -apache -d www.example.com -d example.info -d www.example.info

The conf files for the sites are fairly straight-forward in my mind.  There are 
four of them:

#/etc/apache2/sites-available/80-example.com


ServerAdmin webmaster@localhost
DocumentRoot /var/www/example.com/public_html/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ServerName example.com
ServerAlias www.example.com



#/etc/apache2/sites-available/443-example.com


ServerAdmin webmas...@example.com
DocumentRoot /var/www/example.com/public_html/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
ServerName example.com
ServerAlias www.example.com



#/etc/apache2/sites-available/80-example.info


ServerAdmin webmaster@localhost
DocumentRoot /var/www/example.info/public_html/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ServerName example.info
ServerAlias www.example.info



#/etc/apache2/sites-available/443-example.info


ServerAdmin webmas...@example.info
DocumentRoot /var/www/example.info/public_html/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
ServerName example.info
ServerAlias www.example.info


Notice that SSLCertificateFile and SSLCertificateKeyFile are the same for both 
of the domains, because they use the same key of example.com.  The website, 
example.com works perfectly fine.  But example.info has serious problems (On 
the order of NET::ERR_CERT_COMMON_NAME_INVALID).  Who has an idea on how to fix 
this?  I can't experiment too much because I'm limited to 5 keys per week so 
learning this myself is a very slow-track process.

There are a number of HOWTO documents out there, but there is very wide 
variance in their steps that I have little confidence in them, but have chosen 
one and decided to try at it.  Once I get this established, I promise to write 
a blog article explaining the procedure a little bit better


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] mod_proxy_wstunnel with Unix domain sockets

2016-06-14 Thread Michael Fladischer

On 2016-06-13 18:49, Jim Jagielski wrote:
> Thx for the report. Will investigate!

I used mod_dumpio to look what's going on when I try to open a websocket
connection inside Apache. It seems that mod_proxy_wstunnel actually
discards the "unix:/path|" in my ProxyPass configuration:

ProxyPass "/ws/" "unix:/tmp/some.sock|ws://xxx"

Using dumpio, I can see that there is a try to resolve "xxx" into an IP
address which fails. If I replace "ws://xxx" with an URL to a working
websocket server listening on TCP/IP, mod_proxy_wstunnel works, but does
not use the unix socket where my actual websocket application is listening.

HTH,
-- 
Michael Fladischer
Fladi.at



signature.asc
Description: OpenPGP digital signature

Re: [users@httpd] LetsEncrypt.org with Virtual Hosting

Re: [users@httpd] LetsEncrypt.org with Virtual Hosting

[users@httpd] LetsEncrypt.org with Virtual Hosting

Re: [users@httpd] mod_proxy_wstunnel with Unix domain sockets

4 matches

Site Navigation

Mail list logo

Footer information