On 6/06/18 4:06 pm, Mason James wrote:
On 6/06/18 3:45 pm, Mason James wrote:
On 5/06/18 2:18 pm, Alvaro Cornejo wrote:
Hi
I´m trying to setup a ssl connection to Koha (using letsEncrypt certs ) so my users, admin and opac can have a secure connection.
I´ve folllowed letsEncrypt & certbot instrucctions but neither opac nor admin pages work.
I´ve tried directing connections manually and configuring apache for redirect unsuccessfully.
Any hints on this?
This is mostly to avoid the upcoming chrome config where it will display an unsafe site warning to any site requiring login that does not use ssl
Regards,
Alvaro _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha hi Alvaro
here's an apache config that has worked well for me
it has some extra magic to improve it's SSL score
the config now gets an 'A+' on the following site... https://www.ssllabs.com/ssltest
i'll aim to add this to the Koha wiki
cheers, Mason
...and here's a nice 'cert renew' solution, using LE's cli.ini file
root@deb8:/# cat /etc/letsencrypt/cli.ini domains = demo.foo.org, demo-admin.foo.org
root@deb8:/# cat /etc/cron.d/certbot # /etc/cron.d/certbot: crontab entries for the certbot package # # Upstream recommends attempting renewal twice a day # SHELL=/bin/sh PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
# -n for non-interactive 0 1 * * * root service apache2 stop ; perl -e 'sleep int(rand(3600))' && /usr/bin/certbot certonly --expand -n --standalone --config /etc/letsencrypt/cli.ini ; service apache2 start
oops, a bad cut/paste this looks like a better way, using pre/post hooks... 0 1 * * * root perl -e 'sleep int(rand(3600))' && /usr/bin/certbot certonly --expand -n --standalone --config /etc/letsencrypt/cli.ini --pre-hook 'service apache2 stop' --post-hook 'service apache2 start'