maanantai 6. elokuuta 2018

Certbot with Varnish and Apache

Assigning SSL certificates with certbot for my new server was quite a pain. I installed good old apache2 and varnish in front of it. Like I learned back in 2012 or something. But assigning new certificates for this setup was quite hard as the automatic tool requires apache virtualhost to have port 80. I have port 8080 because Varnish is listening on 80.

So in order to do this, use the following command to issue certificate only:

certbot certonly -d -d --authenticator webroot -w /home/username/public_html/

Then use command certbot --apache to create the ssl files properly.  Use option 2 for new sites to redirect all to HTTPS. Aaaaand ta-da it works. To confirm it is possible to renew domains run:

sudo certbot renew --dry-run

Also notice that if you have Varnish proxy or something else before your backend server, you might wanna use --staging parameter to try ssl certificate generation is successful. Like

certbot certonly -d -d --authenticator webroot -w /home/username/public_html/ --staging

For the future virtualhost files REMOVE redirects, these are generated with certbot:

<VirtualHost *:8080>
ServerAdmin email
DocumentRoot /blaablaaa

<Directory />
                Options FollowSymLinks
                AllowOverride All
        <Directory /blaablaa/>
                Options Indexes FollowSymLinks
                AllowOverride All
                Order allow,deny
                allow from all