Налаштування сайта з SSL

Спочатку налаштовуємо звичайний http-сайт. Два розділи "VirtualHost" - для того, щоб відбувалося перенаправлення з www.site.pp.ua на site.pp.ua:

<VirtualHost *:80>
    ServerName www.site.pp.ua
    Redirect permanent / http://site.pp.ua/
</VirtualHost>

<VirtualHost *:80>
	ServerName site.pp.ua
	DocumentRoot /var/www/site.pp.ua/html

	<Directory /var/www/site.pp.ua/html/>
		Options +Includes
		AddType text/html .htm
		AddOutputFilter INCLUDES .htm
		AllowOverride All
		Require all granted
	</Directory>

	ScriptAlias /cgi-bin/ /var/www/site.pp.ua/cgi-bin/
	<Directory "/var/www/site.pp.ua/cgi-bin">
		AllowOverride None
		Options +ExecCGI -MultiViews
		Require all granted
	</Directory>

	ErrorLog /var/www/site.pp.ua/__logs/error.log
	CustomLog /var/www/site.pp.ua/__logs/access.log combined
</VirtualHost>

Встановлюємо CertBot

apt install certbot python3-certbot-apache

Потім встановлюємо сертифікати для двох адрес:

certbot --apache -d site.pp.ua -d www.site.pp.ua
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel): site@gmail.com    

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
Account registered.
Requesting a certificate for site.pp.ua and www.site.pp.ua

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/site.pp.ua/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/site.pp.ua/privkey.pem
This certificate expires on 2025-09-15.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate
Successfully deployed certificate for site.pp.ua to /etc/apache2/sites-available/site_pp_ua-le-ssl.conf
Successfully deployed certificate for www.site.pp.ua to /etc/apache2/sites-available/site_pp_ua-le-ssl.conf
Congratulations! You have successfully enabled HTTPS on https://site.pp.ua and https://www.site.pp.ua

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Насправді, виявилося ще простіше, ніж встановлювати самопідписний сертифікат на локальну машину.

PreviousАвтозапуск ApacheNextVirtualHost для одновременной работы с IPv4 и IPv6

Last updated