Setup SSL on a Raspberry Pi

Tutorials on just about ANYTHING that interests me.
Post Reply
User avatar
DJ-Daz
Site Admin
Posts: 463
Joined: Tue Nov 03, 2020 2:16 pm

Unread post

UPDATE: Lets Encypt have an auto install bot and it’s a signed certificate, meaning no warning! https://letsencrypt.org/

This is the LetsEncrypt Method:

Code: Select all

sudo apt-get install certbot python-certbot-apache -t stretch-backports

Code: Select all

sudo certbot --apache

Code: Select all

sudo certbot --apache certonly
Test the automated update process.

Code: Select all

sudo certbot renew --dry-run
____________________________________________________________________________________

This is the manual process for a self hosted SSL cert.

This will generate a warning that the certificate authority is manualy generated, but for use on a nextcloud server or local webserver for private use… it’s all good. For a live and public server, then use letsencrypt.

Granted this is a self signed certificate and not one from an issuing authority, but for most domestic uses it’s fine.

Make a directory called ssl

Code: Select all

sudo mkdir /etc/apache2/ssl
Create the certificate

Code: Select all

sudo openssl req -x509 -nodes -days 1095 -newkey rsa:2048 -out /etc/apache2/ssl/server.crt -keyout /etc/apache2/ssl/server.key
for the domain name I used my ddns.net domain, and that’s fine, but it has to be a domain name and not an IP.

Here’s my ouput

Code: Select all

Generating a 2048 bit RSA private key
………………………+++
………………………………………………………………+++
writing new private key to ‘/etc/apache2/ssl/server1.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:UK
State or Province Name (full name) [Some-State]:Yorkshire!
Locality Name (eg, city) []:Home
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Dazbobaby inc.
Organizational Unit Name (eg, section) []:Admin
Common Name (e.g. server FQDN or YOUR name) []:mydomain.ddns.net
Email Address []:admin@mydomain.ddns.net

Install the SSL mod for Apache2

Code: Select all

sudo a2enmod ssl
Restart Apache:

Code: Select all

sudo service apache2 restart
Create a file and symbolic link to the sites-enabled and sites-default folders

Code: Select all

sudo ln -s /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-enabled/000-default-ssl.conf
Edit the file.

Code: Select all

sudo nano /etc/apache2/sites-enabled/000-default-ssl.conf
Insert these two lines before </VirtualHost>

Code: Select all

SSLCertificateFile    /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key
Now browse to your site with HTTPS:// and accept the new security certificate

Source:
https://hallard.me/enable-ssl-for-apach ... 5-minutes/

Setup redirection from port 80 (insecure) to 443
Edit /etc/apache2/sites-enabled.conf
Add this:

Code: Select all

<VirtualHost *:80>
   ServerName http://mydomain.ddns.net
   Redirect permanent / https://mydomain.ddns.net/
</VirtualHost>
Restart apache

Code: Select all

ssytemctl apache2 restart
Image
Autism is a neuro-developmental condition characterised by difficulties in social interaction and communication, as well as restricted and repetitive behaviours or interests.
Top
Post Reply

Return to “Tutorials”