HowTo set up LetsEncrypt on OpenSUSE 13.2

Veröffentlicht am von

Setting up letsencrypt on a server with OpenSUSE 13.2 and apache2.

I suppose you have a running apache2 web server with a virtual host config file named/etc/apache2/vhosts.d/mydomain.example.com.conf for the domain mydomain.example.com

Log in to your server by ssh, make yourself root. Then:

1. Install required extra packages

cd /root
zypper in git

On OpenSUSE 13.2 you will also need (versions of python > 2.7.8 probably will not require this):
zypper in python-pyOpenSSL

2. Install letsencrypt

git clone https://github.com/letsencrypt/letsencrypt

3.Configure data for letsencrypt

Create a file /etc/letsencrypt/cli.ini with this contents:

    rsa-key-size = 4096
    email = myaddress@example.com
    authenticator = webroot
    webroot-path = /srv/www/vhosts/mydomain.example.com
    domain = mydomain.example.com

Obviously the webroot path must reflect the value of DocumentRoot in your server configfile/etc/apache2/vhosts.d/mydomain.example.com.conf, and email should be your address.

4. Get your certificate

cd /root/letsencrypt
./letsencrypt-auto certonly -c /etc/letsencrypt/cli.ini

5. Configure the https server

If step 4 was successful, you’ll find your certificates in /etc/letsencrypt/live/mydomain.example.com/. Now you need to configure your apache2 to use these certificates. At first copy your http config file to a https config file:

cp -a /etc/apache2/vhosts.de/mydomain.example.com.conf /etc/apache2/vhosts.de/mydomain.example.com-ssl.conf

In that newly created file modify the lines containing „“ and „ServerName“ by appending „:443“ to IPs resp. domain name (resp. replacing „:80“ by „:443“). After these lines add the following lines:

SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/mydomain.example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.example.com/privkey.pem

If you like, you may adjust the Logfile names (if you have the „combined“ parameter in CustomLog, you may substitute that by „ssl_combined“).

Now make sure to have ssl activated in /etc/sysconfig/apache2:

APACHE_MODULES="[...] ssl [...]"
and
APACHE_SERVER_FLAGS="SSL"

Now restart the apache2 server (after a check):

rcapache2 configtest
rcapache2 restart

6. Renewal of the certificate

If all that was successful, you may wait two months (not more than 89 days) to renew your certifcate by repeating step 4. The apache2 server does not need any new configuration, but (possibily?) a restart.

Schreibe einen Kommentar