{"id":3224,"date":"2017-04-26T10:53:47","date_gmt":"2017-04-26T08:53:47","guid":{"rendered":"http:\/\/www.blue-bears.com\/blog\/?p=3224"},"modified":"2019-05-01T22:19:27","modified_gmt":"2019-05-01T20:19:27","slug":"passage-en-ssl-sous-linux-debian-wheezy","status":"publish","type":"post","link":"http:\/\/www.blue-bears.com\/blog\/?p=3224","title":{"rendered":"Passage en SSL sous LINUX Debian Wheezy"},"content":{"rendered":"<p>Avec Autorit\u00e9 de Certification gratuite Let&rsquo;s Encrypte : <a href=\"http:\/\/letsencrypt.fr\/\">http:\/\/letsencrypt.fr\/<\/a><\/p>\n<h3>Update 01\/05\/2019<\/h3>\n<p>Le script de renouvellement de letsencrypt exige une version Python &gt; 2.7.7 (ce que je lui ai donn\u00e9 : 2.7.12).<br \/>\nMais pas prise en compte =&gt; La solution Certbot, rel\u00e8ve le m\u00eame sujet mais fait le travail =&gt;<\/p>\n<p><em><span style=\"color: #ff6600;\">CryptographyDeprecationWarning: Support for your Python version is deprecated. <\/span><\/em><br \/>\n<em><span style=\"color: #ff6600;\">The next version of cryptography will remove support. <\/span><\/em><br \/>\n<em><span style=\"color: #ff6600;\">Please upgrade to a 2.7.x release that supports <span style=\"color: #000080;\">hmac.compare_digest<\/span> as soon as possible.<\/span><\/em><\/p>\n<p>En conclusion la tache Cron :<\/p>\n<pre><span style=\"color: #993366;\"><em><span class=\"hash-txt\">\/root\/letsencrypt\/letsencrypt-auto --apache --renew-by-default --email vdft@vdft.fr --agree-tos -d www.vdft.fr -d vdft.fr<\/span><\/em><\/span><\/pre>\n<pre>devient : <span style=\"color: #993366;\"><em>\/usr\/local\/bin\/certbot-auto renew<\/em><\/span>\r\n\r\n<\/pre>\n<h3>Installation :<\/h3>\n<p>uniquement sous un terminal SSH (non \u00e9mul\u00e9 =&gt; Putty)<\/p>\n<pre><span class=\"hash-txt\" style=\"color: #800080;\">apt install -y git\r\n<\/span><span class=\"hash-txt\"><span style=\"color: #800080;\">git clone https:\/\/github.com\/letsencrypt\/letsencrypt.git &amp;&amp; cd letsencrypt\/<\/span>\r\n<span style=\"color: #ff0000;\">\/root\/letsencrypt\/letsencrypt-auto --apache --renew-by-default --email monmail@mondomaine.fr --agree-tos -d www.mondomaine.fr<\/span><\/span><\/pre>\n<p><!--more-->renew permet aussi le renouvellement du certificat. Une tache Cron doit normalement tourn\u00e9e pour le faire p\u00e9riodiquement.<\/p>\n<p>ou en manuel :<\/p>\n<pre><span class=\"hash-txt\" style=\"color: #800080;\">\/root\/letsencrypt\/letsencrypt-auto certonly --webroot --webroot-path \/var\/www\/html --renew-by-default --email example@example.org --agree-tos -d www.yourdomain.tld<\/span><\/pre>\n<h3>Param\u00e9trage :<\/h3>\n<ul>\n<li>Sous SSH (Putty) :<\/li>\n<li>[Voir plus loin &#8230; ce param\u00e9trage est incorrect]<\/li>\n<\/ul>\n<p><a href=\"http:\/\/www.blue-bears.com\/blog\/wp-content\/uploads\/2017\/04\/Capture_1.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3229\" src=\"http:\/\/www.blue-bears.com\/blog\/wp-content\/uploads\/2017\/04\/Capture_1.jpg\" alt=\"\" width=\"975\" height=\"322\" srcset=\"http:\/\/www.blue-bears.com\/blog\/wp-content\/uploads\/2017\/04\/Capture_1.jpg 975w, http:\/\/www.blue-bears.com\/blog\/wp-content\/uploads\/2017\/04\/Capture_1-300x99.jpg 300w, http:\/\/www.blue-bears.com\/blog\/wp-content\/uploads\/2017\/04\/Capture_1-768x254.jpg 768w, http:\/\/www.blue-bears.com\/blog\/wp-content\/uploads\/2017\/04\/Capture_1-830x274.jpg 830w, http:\/\/www.blue-bears.com\/blog\/wp-content\/uploads\/2017\/04\/Capture_1-230x76.jpg 230w, http:\/\/www.blue-bears.com\/blog\/wp-content\/uploads\/2017\/04\/Capture_1-350x116.jpg 350w, http:\/\/www.blue-bears.com\/blog\/wp-content\/uploads\/2017\/04\/Capture_1-480x159.jpg 480w\" sizes=\"auto, (max-width: 975px) 100vw, 975px\" \/><\/a><\/p>\n<p><a href=\"http:\/\/www.blue-bears.com\/blog\/wp-content\/uploads\/2017\/04\/Capture_2.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3228\" src=\"http:\/\/www.blue-bears.com\/blog\/wp-content\/uploads\/2017\/04\/Capture_2.jpg\" alt=\"\" width=\"890\" height=\"635\" srcset=\"http:\/\/www.blue-bears.com\/blog\/wp-content\/uploads\/2017\/04\/Capture_2.jpg 890w, http:\/\/www.blue-bears.com\/blog\/wp-content\/uploads\/2017\/04\/Capture_2-300x214.jpg 300w, http:\/\/www.blue-bears.com\/blog\/wp-content\/uploads\/2017\/04\/Capture_2-768x548.jpg 768w, http:\/\/www.blue-bears.com\/blog\/wp-content\/uploads\/2017\/04\/Capture_2-830x592.jpg 830w, http:\/\/www.blue-bears.com\/blog\/wp-content\/uploads\/2017\/04\/Capture_2-230x164.jpg 230w, http:\/\/www.blue-bears.com\/blog\/wp-content\/uploads\/2017\/04\/Capture_2-350x250.jpg 350w, http:\/\/www.blue-bears.com\/blog\/wp-content\/uploads\/2017\/04\/Capture_2-480x342.jpg 480w\" sizes=\"auto, (max-width: 890px) 100vw, 890px\" \/><\/a><\/p>\n<p>Pour \u00eatre valide il faut que la racine du site soit la M\u00caME que le nom du site complet =&gt; ici www.vdft.fr et PAS vdft.fr comme pr\u00e9c\u00e9demment.<\/p>\n<ul>\n<li><span class=\"hash-txt\">\/root\/letsencrypt\/letsencrypt-auto &#8211;apache &#8211;renew-by-default &#8211;email vdft@vdft.fr &#8211;agree-tos -d www.vdft.fr -d vdft.fr<br \/>\n<\/span><\/li>\n<\/ul>\n<p><a href=\"http:\/\/www.blue-bears.com\/blog\/wp-content\/uploads\/2017\/04\/Capture_3.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3230\" src=\"http:\/\/www.blue-bears.com\/blog\/wp-content\/uploads\/2017\/04\/Capture_3.jpg\" alt=\"\" width=\"1021\" height=\"585\" srcset=\"http:\/\/www.blue-bears.com\/blog\/wp-content\/uploads\/2017\/04\/Capture_3.jpg 1021w, http:\/\/www.blue-bears.com\/blog\/wp-content\/uploads\/2017\/04\/Capture_3-300x172.jpg 300w, http:\/\/www.blue-bears.com\/blog\/wp-content\/uploads\/2017\/04\/Capture_3-768x440.jpg 768w, http:\/\/www.blue-bears.com\/blog\/wp-content\/uploads\/2017\/04\/Capture_3-830x476.jpg 830w, http:\/\/www.blue-bears.com\/blog\/wp-content\/uploads\/2017\/04\/Capture_3-230x132.jpg 230w, http:\/\/www.blue-bears.com\/blog\/wp-content\/uploads\/2017\/04\/Capture_3-350x201.jpg 350w, http:\/\/www.blue-bears.com\/blog\/wp-content\/uploads\/2017\/04\/Capture_3-480x275.jpg 480w\" sizes=\"auto, (max-width: 1021px) 100vw, 1021px\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p>Il y a aussi une autre solution avec Certbot :<\/p>\n<p><a href=\"https:\/\/certbot.eff.org\/#debianjessie-apache\">https:\/\/certbot.eff.org\/#debianjessie-apache<\/a><\/p>\n<p><a href=\"https:\/\/certbot.eff.org\/docs\/intro.html#how-to-run-the-client\">https:\/\/certbot.eff.org\/docs\/intro.html#how-to-run-the-client<\/a><\/p>\n<p>&nbsp;<\/p>\n<p>Sous SSH :<\/p>\n<pre><span class=\"o\">.\/<\/span><span class=\"n\">certbot<\/span><span class=\"o\">-<\/span><span class=\"n\">auto<\/span>\r\n<\/pre>\n<p><span class=\"o\">.\/<\/span><span class=\"n\">certbot<\/span><span class=\"o\">&#8211;<\/span><span class=\"n\">auto<\/span> <span class=\"o\">&#8212;<\/span><span class=\"n\">apache<\/span> <span class=\"o\">&#8211;<\/span><span class=\"n\">d<\/span> <span class=\"n\">vdft.fr<\/span> <span class=\"o\">&#8211;<\/span><span class=\"n\">d<\/span> <span class=\"n\">www<\/span><span class=\"o\">.<\/span><span class=\"n\">vdft.fr<\/span><\/p>\n<h2><span class=\"n\"><br \/>\nNE PAS OUBLIER :<\/span><\/h2>\n<p><span class=\"n\">Dans les fichiers de config du serveur apache (\/etc\/appache2\/sites-available\/???.conf)<br \/>\nde mettre en d\u00e9but de fichier :<br \/>\nNameVirtualHost www.MONSITE.COM:80 (ou 443 selon le virtuel host : Http=80 https=443)<\/span><\/p>\n<p>&nbsp;<\/p>\n<pre>Exemple :<\/pre>\n<pre><span style=\"color: #000080;\"><em>NameVirtualHost www.toto.fr:443<\/em><\/span>\r\n<span style=\"color: #000080;\"><em>&lt;IfModule mod_ssl.c&gt;<\/em><\/span>\r\n<span style=\"color: #000080;\"><em>&lt;VirtualHost www.toto.fr:443&gt;<\/em><\/span>\r\n<span style=\"color: #000080;\"><em>DocumentRoot \/var\/www\/toto<\/em><\/span>\r\n<span style=\"color: #000080;\"><em>&lt;Directory \/var\/www\/toto&gt;<\/em><\/span>\r\n<span style=\"color: #000080;\"><em>allow from all<\/em><\/span>\r\n<span style=\"color: #000080;\"><em>Options +Indexes<\/em><\/span>\r\n<span style=\"color: #000080;\"><em>&lt;\/Directory&gt;<\/em><\/span>\r\n<span style=\"color: #000080;\"><em>ServerName www.toto.fr<\/em><\/span>\r\n\r\n<span style=\"color: #000080;\"><em>Include \/etc\/letsencrypt\/options-ssl-apache.conf<\/em><\/span>\r\n<span style=\"color: #000080;\"><em>ServerAlias toto.fr<\/em><\/span>\r\n<span style=\"color: #000080;\"><em>Include \/etc\/letsencrypt\/options-ssl-apache.conf<\/em><\/span>\r\n<span style=\"color: #000080;\"><em>SSLCertificateFile \/etc\/letsencrypt\/live\/www.toto.fr\/cert.pem<\/em><\/span>\r\n<span style=\"color: #000080;\"><em>SSLCertificateKeyFile \/etc\/letsencrypt\/live\/www.toto.fr\/privkey.pem<\/em><\/span>\r\n<span style=\"color: #000080;\"><em>Include \/etc\/letsencrypt\/options-ssl-apache.conf<\/em><\/span>\r\n<span style=\"color: #000080;\"><em>SSLCertificateChainFile \/etc\/letsencrypt\/live\/www.toto.fr\/chain.pem<\/em><\/span>\r\n<span style=\"color: #000080;\"><em>&lt;\/VirtualHost&gt;<\/em><\/span>\r\n<span style=\"color: #000080;\"><em>&lt;\/IfModule&gt;\r\n<\/em><\/span><\/pre>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Avec Autorit\u00e9 de Certification gratuite Let&rsquo;s Encrypte : http:\/\/letsencrypt.fr\/ Update 01\/05\/2019 Le script de renouvellement de letsencrypt exige une version Python &gt; [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17],"tags":[],"class_list":["post-3224","post","type-post","status-publish","format-standard","hentry","category-informatique"],"_links":{"self":[{"href":"http:\/\/www.blue-bears.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/3224","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.blue-bears.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.blue-bears.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.blue-bears.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.blue-bears.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3224"}],"version-history":[{"count":16,"href":"http:\/\/www.blue-bears.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/3224\/revisions"}],"predecessor-version":[{"id":3839,"href":"http:\/\/www.blue-bears.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/3224\/revisions\/3839"}],"wp:attachment":[{"href":"http:\/\/www.blue-bears.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3224"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.blue-bears.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3224"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.blue-bears.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3224"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}