logo
Apache Lounge
Webmasters

 


About

Forum Index Downloads Search Register Log in  RSS Apache Lounge
 



Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Apache Lounge is not sponsored.

Your donations will help to keep this site alive and well, and continuing building binaries.



Let's Encrypt for Apache :: mod_md-0.9.6 for 2.4.27

 
Post new topic   Reply to topic    Apache Forum Index -> News & Hangout



View previous topic :: View next topic  
Author Message
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 2580
Location: Hilversum, NL, EU

PostPosted: Sun 13 Aug '17 12:35    Post subject: Let's Encrypt for Apache :: mod_md-0.9.6 for 2.4.27 Reply with quote

Let's Encrypt site: https://letsencrypt.org/

Only for 2.4.27 VC15. For 2.4.28/29 see www.apachelounge.com/viewtopic.php?t=7786


15 September : Updated mod_md to 0.9.6 and mod_ssl with V5 patch
12 September : Updated mod-md to 0.9.3
8 September : Updated mod_md to 0.9.2 and mod_ssl with V4 patch
1 September : Updated mod-md to 0.8.0
17 August : Updated mod-md to 0.7.0 and curl to 7.55.1


change log mod_md: https://github.com/icing/mod_md/releases

Download: Removed we now have for 2.4.28/29, see www.apachelounge.com/viewtopic.php?t=7786

Build with:
mod_md 0.9.6 for 2.4.27
httpd 2.4.27
curl(WinSSL)-7.55.1 for 2.4.27 and 7.56.0 for 2.4.28
Jansson-2.10
mod_ssl-v5 patch

# Install
Copy content bin folder to your apache/bin folder
Copy content modules folder to your apache/modules folder

# Add to your httpd.conf
LoadModule watchdog_module modules/mod_watchdog.so
LoadModule md_module modules/mod_md.so


# Configuration
see https://github.com/icing/mod_md/wiki and https://httpd.apache.org/docs/trunk/mod/mod_md.html

You need at least:
MDCertificateAgreement https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf
ManagedDomain .... .....


In the :443 VirtualHost(s), turn on mod_ssl:
SSLEngine on



Normally, certificates are valid for around 90 days and mod_md will renew them the earliest 30 days before they expire.

You can set every 10 days: MDRenewWindow 80d


When testing, consider the rate limits: https://letsencrypt.org/docs/rate-limits/

To get more insight what is going on, set: LogLevel info md:trace2

note: a2md.exe is a command line tool


Enjoy,

Steffen


Last edited by Steffen on Tue 03 Oct '17 22:35; edited 11 times in total
Back to top
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 2580
Location: Hilversum, NL, EU

PostPosted: Thu 17 Aug '17 19:37    Post subject: Reply with quote

Update mod_md to 0.7.0 and curl 7.55.1

Now: The real Let's Encrypt CA is now live by default! If you need to experiment, configure :
MDCertificateAuthority https://acme-staging.api.letsencrypt.org/directory

Fixed is the crash reported at https://github.com/icing/mod_md/issues/23
Back to top
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 2580
Location: Hilversum, NL, EU

PostPosted: Fri 01 Sep '17 10:47    Post subject: Reply with quote

Update mod_md to 0.8.0 (was 1.7.0).

Changes: https://github.com/icing/mod_md/releases

Default renewal window is now 30 days, instead of 14 days before the end of life time of the certificate.
Back to top
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 2580
Location: Hilversum, NL, EU

PostPosted: Fri 15 Sep '17 12:20    Post subject: Reply with quote

Updated mod_md to 0.9.6 and mod_ssl with V5 patch for 2.4.27

Changes: https://github.com/icing/mod_md/releases
Back to top
admin
Site Admin


Joined: 15 Oct 2005
Posts: 549

PostPosted: Wed 04 Oct '17 17:52    Post subject: Reply with quote

Added mod_md to 0.9.9 for 2.4.28 with curl 7.56.0

Changes: https://github.com/icing/mod_md/releases


Plan to remove mod_md for 2.4.27.
Back to top
justinacolmena



Joined: 03 Oct 2017
Posts: 7
Location: fairbanks, alaska, usa

PostPosted: Wed 04 Oct '17 23:07    Post subject: certbot -- let's encrypt Reply with quote

i am using certbot on fedora https://certbot.eff.org/

certbot-0.18.2-1.fc26

it automatically generates cert, gets it signed by "let's encrypt" and installs it -- there is a cron job for root that runs twice a day as suggested

Code:
7 9,21 * * * certbot -n renew --post-hook "service httpd restart"


checks certificates for near expiry, renews them if necessary, and restarts the web server if a new cert has been installed

i had to use the "certonly" option and install the certificate manually the first time on fedora, but ymmv...
Back to top


Post new topic   Reply to topic    Apache Forum Index -> News & Hangout
Page 1 of 1