certbot – debian – mike's stdout

yum install httpd mod_ssl python-certbot-apache -y

firewall-cmd --add-service=http --permanent
firewall-cmd --add-service=https --permanent
systemctl restart firewalld

systemctl enable httpd


/etc/letsencrypt/cli.ini
    #Use a 4096 bit RSA key instead of 2048
    rsa-key-size = 4096
    email = letsencrypt@DOMAIN
    domains = blog.DOMAIN
    must-staple = True
    staple-ocsp = True
    agree-tos = True
    debug = True
EOF

certbot certonly  --apache --config /etc/letsencrypt/cli.ini 

/etc/letsencrypt/options-ssl-apache.conf
    SSLEngine on
    SSLHonorCipherOrder     on
    SSLOptions +StrictRequire
 
    # Always ensure Cookies have "Secure" set (JAH 2012/1)
    Header edit Set-Cookie (?i)^(.*)(;\s*secure)??((\s*;)?(.*)) "$1; Secure$3$4"

    SSLProtocol             all -SSLv3 -TLSv1 -TLSv1.1
    SSLCipherSuite          ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256

SSLCompression          off
EOF
Share this:
