Certificado SSL no OpMon com Certbot
30 views
Skip to first unread message
Sidney Souza
Jun 24, 2020, 1:05:30 PM6/24/20
to OpMon
Olá Pessoal,
Como posso adicionar um certiticado ssl valid ao opmon utilizando o letsencrypt + certbot[1]?
Tentei executar os passos descritos no link abaixo mas aparece o seguinte erro:
# /usr/local/bin/certbot-auto --apache -d opmon.<dominio>
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for opmon.alright.network
Cleaning up challenges
Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.
Otavio Honorio
Jun 24, 2020, 1:43:22 PM6/24/20
to op...@googlegroups.com
Grande Sid,
tem que criar um virtual host na porta 80 pro letsencrypt, tipo isso aqui:
<VirtualHost *:80>
ServerName dominio.com
ServerAlias dominio.com
DocumentRoot /var/www/html
<Directory /var/www/html/>
Options -Indexes +FollowSymLinks
AllowOverride All
</Directory>
ErrorLog /var/log/httpd/error.log
CustomLog /var/log/httpd/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =dominio.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
Até se não me engano com o apache clean, mas dai é clean né, rodando o comando:
certbot --apache -d dominio.com
meio que ele já faz tudo
mas qualquer coisa deixa o opmon só na 443 e esse virtual host na 80
<VirtualHost *:80>
ServerName dominio.com
ServerAlias dominio.com
DocumentRoot /var/www/html
<Directory /var/www/html/>
Options -Indexes +FollowSymLinks
AllowOverride All
</Directory>
ErrorLog /var/log/httpd/error.log
CustomLog /var/log/httpd/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =dominio.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
Até se não me engano com o apache clean, mas dai é clean né, rodando o comando:
certbot --apache -d dominio.com
meio que ele já faz tudo
mas qualquer coisa deixa o opmon só na 443 e esse virtual host na 80
--
You received this message because you are subscribed to the Google Groups "OpMon" group.
To unsubscribe from this group and stop receiving emails from it, send an email to opmon+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/opmon/7a71377d-d6ac-4638-b1eb-a39bc61ce925o%40googlegroups.com.
Sidney Souza
Jun 24, 2020, 1:55:00 PM6/24/20
to OpMon
Eu achei a fazer dessa forma, mas quando eu acessava http://opmon ele não fazia o redirect para o https://opmon/opmon
Fiz algo bem parecido, mas foi direto no opmon.conf, veja abaixo:
Arquivo do opmon:
# ... um monte de coisa aqui em cima
<Directory "/usr/local/opmon/share/seagull/www">
Header set Pragma "no-store"
Options FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
Alias /opmon "/usr/local/opmon/share"
<Directory "/usr/local/opmon/share">
# SSLRequireSSL
Options FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
# Order deny,allow
# Deny from all
# Allow from 127.0.0.1
# AuthName "OpMon Access"
# AuthType Basic
# AuthUserFile /usr/local/opmon/etc/htpasswd.users
# Require valid-user
</Directory>
<Directory "/usr/local/opmon/share/oracletool">
SSLRequireSSL
Options +ExecCGI
AddHandler cgi-script .cgi .pl
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<Directory "/usr/local/opmon/share/customhandlers">
Order deny,allow
Deny from all
Allow from 127.0.0.1 localhost ::1
</Directory>
Como ficou:
# ... um monte de coisa aqui em cima
Fiz algo bem parecido, mas foi direto no opmon.conf, veja abaixo:
Arquivo do opmon:
# ... um monte de coisa aqui em cima
<Directory "/usr/local/opmon/share/seagull/www">
Header set Pragma "no-store"
Options FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
Alias /opmon "/usr/local/opmon/share"
<Directory "/usr/local/opmon/share">
# SSLRequireSSL
Options FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
# Order deny,allow
# Deny from all
# Allow from 127.0.0.1
# AuthName "OpMon Access"
# AuthType Basic
# AuthUserFile /usr/local/opmon/etc/htpasswd.users
# Require valid-user
</Directory>
<Directory "/usr/local/opmon/share/oracletool">
SSLRequireSSL
Options +ExecCGI
AddHandler cgi-script .cgi .pl
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<Directory "/usr/local/opmon/share/customhandlers">
Order deny,allow
Deny from all
Allow from 127.0.0.1 localhost ::1
</Directory>
Como ficou:
# ... um monte de coisa aqui em cima
<VirtualHost *:80>
<Directory "/usr/local/opmon/share/seagull/www">
Header set Pragma "no-store"
Options FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
Alias /opmon "/usr/local/opmon/share"
<Directory "/usr/local/opmon/share">
# SSLRequireSSL
Options FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
# Order deny,allow
# Deny from all
# Allow from 127.0.0.1
# AuthName "OpMon Access"
# AuthType Basic
# AuthUserFile /usr/local/opmon/etc/htpasswd.users
# Require valid-user
</Directory>
<Directory "/usr/local/opmon/share/oracletool">
SSLRequireSSL
Options +ExecCGI
AddHandler cgi-script .cgi .pl
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<Directory "/usr/local/opmon/share/customhandlers">
Order deny,allow
Deny from all
Allow from 127.0.0.1 localhost ::1
</Directory>
</VirtualHost>
Após essas mudanças tudo seguiu funcionando como estava e o SSL tbm :).
<Directory "/usr/local/opmon/share/seagull/www">
Header set Pragma "no-store"
Options FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
Alias /opmon "/usr/local/opmon/share"
<Directory "/usr/local/opmon/share">
# SSLRequireSSL
Options FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
# Order deny,allow
# Deny from all
# Allow from 127.0.0.1
# AuthName "OpMon Access"
# AuthType Basic
# AuthUserFile /usr/local/opmon/etc/htpasswd.users
# Require valid-user
</Directory>
<Directory "/usr/local/opmon/share/oracletool">
SSLRequireSSL
Options +ExecCGI
AddHandler cgi-script .cgi .pl
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<Directory "/usr/local/opmon/share/customhandlers">
Order deny,allow
Deny from all
Allow from 127.0.0.1 localhost ::1
</Directory>
</VirtualHost>
Após essas mudanças tudo seguiu funcionando como estava e o SSL tbm :).
Vlw pela resposta!!
Grande Abraçooo!
Grande Abraçooo!
To unsubscribe from this group and stop receiving emails from it, send an email to op...@googlegroups.com.
Otavio Honorio
Jun 24, 2020, 1:58:47 PM6/24/20
to op...@googlegroups.com
Aeee siimm, boaaa.
Abração
To unsubscribe from this group and stop receiving emails from it, send an email to opmon+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/opmon/06524f60-da04-4ab0-ac70-a75bea88c180o%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages