using letsencrypt for ssl certificates

 letsencrypt is an easy way to make SSL certificates for your website and it's free. The only issue is you have to renew the certificates (certs) every few months. You can automate that using cron.

letsencrypt --renew-by-default --domains

or

certbot-auto renew

These items are normally in /usr/bin or /usr/local/bin so put the full path before them in the crontab to make sure you don't get a file not found error.

Suppose you want the check monthly on the first of each month:

sudo crontab -e

* * 1 * * /usr/local/bin/certbot-auto renew

The most important thing with letsencrypt is to make sure your apache config file is correct. If you give a domain name without www, make sure you put it in the config file as www. Here's an example.

<VirtualHost *:80>
        DocumentRoot /var/www/domain.com
        Options All Indexes ExecCGI SymLinksIfOwnerMatch
        ErrorDocument 404 /error.html
        ServerName www.domain.com
        ServerAlias www.domain.co.za
        ServerAlias domain.com
        ServerAlias domain.co.za
</VirtualHost>
<VirtualHost *:443>
    DocumentRoot /var/www/domain.com
    Options All Indexes ExecCGI FollowSymLinks
    ErrorDocument 404 /error.html
    ServerName www.domain.com
        ServerAlias www.domain.co.za
        ServerAlias domain.com
        ServerAlias domain.co.za
    Include  /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile  /etc/letsencrypt/live/domain.co.za-0001/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/domain.co.za-0001/privkey.pem
</VirtualHost>

Popular posts from this blog

Pause a program which is using too much CPU

Sometimes your battery is running low and you need to pause a program without quitting it or force-quitting it, so that you can preserve battery but not lose the job that the program is doing. To do this,  Step 1. open a terminal Step 2. type:  ps ax | grep -i  "<program name>" so for example, if it's photoshop you need to pause, replace "<program name>" with "photoshop" Step 3. Next to the results on the far left you'll see a number, usually with 5 digits. E.g. 12345. Step 4. Type:  kill -STOP 12345 where 12345 are the numbers obtained in Step 2-3. Step 5. When you want to resume the program, type kill -CONT 12345 It should then continue to operate or run as usual without problems.
Read more

throttle traffic on apache

sudo apt install apache2-utils sudo apt install libapache2-mod-evasive vi /etc/apache2/mods-enabled/evasive.conf service apache restart edit it and set values as per below or whatever else you like, the time quantities are seconds     DOSSiteInterval     1     DOSBlockingPeriod   10     #DOSLogDir           "/var/lock/mod_evasive"
Read more

/var/log/journal taking up lots of space

 If /var/log/journal is taking up too much space, you can clear it and prevent it growing too big again. Prevention: vi /etc/systemd/journald.conf   Look for: SystemMaxUse=2000M Or similar, and set it to a lower value Then: service systemd-journald restart Clearing once-off: journalctl --vacuum-time=2d assuming for example you want to clear everything before two days ago.
Read more