Amintaccen Apache tare da Lets Encrypt SSL Certificate a kan CentOS 8

Tabbatar da sabar gidan yanar gizon ku koyaushe ɗayan mahimman abubuwan da yakamata kuyi la'akari dasu kafin ku rayu tare da gidan yanar gizon ku. Takardar shaidar tsaro tana da mahimmanci don tabbatar da zirga-zirgar da aka aiko daga masu bincike na yanar gizo zuwa sabar yanar gizo kuma a yin haka, zai sa masu amfani suyi musayar bayanai tare da gidan yanar gizan ku cikin cikakkiyar masaniyar cewa zirga-zirgar da aka aiko tana da tsaro.

A mafi yawan lokuta, ana biyan satifiket din tsaro kuma ana sabunta su kowace shekara. Bari mu Encrypt takardar shaidar kyauta ce, buɗaɗɗe kuma ta atomatik ikon lasisi wanda zaku iya amfani dashi don ɓoye rukunin yanar gizonku. Takaddar takaddar ta ƙare bayan kowane kwana 90 kuma sabuntawar kai tsaye kwata-kwata ba tsada.

Shawarar Karanta: Yadda za a Amintar da Nginx tare da Bari mu Encrypt akan CentOS 8

A cikin wannan labarin, za mu nuna muku yadda za ku iya girka Bari mu Encrypt Certificate tare da Certbot don sabar yanar gizo ta Apache kuma daga baya, saita takardar shaidar don sabuntawa ta atomatik akan CentOS 8.

Kafin ka fara, tabbatar cewa kana da masu zuwa a wurin:

1. Misali na uwar garken CentOS 8 tare da Apache HTTP sabar yanar gizo da aka sanya kuma tana gudana. Kuna iya tabbatar da cewa sabar gidan yanar gizonku ta apache tana aiki kuma tana aiki.

$ sudo dnf install httpd
$ sudo systemctl status httpd

2. Cikakken Domainwararren Sunan Sunan (FQDN) wanda ke nuna adireshin IP ɗin gidan yanar gizonku na jama'a akan mai ba da sabis na yanar gizonku na DNS. Don wannan jagorar, za mu yi amfani da linuxtechwhiz.info da ke nuna IP uwar garken 34.67.63.136 .

Mataki 1. Sanya Certbot a cikin CentOS 8

Certbot abokin ciniki ne wanda ke ƙaddamar da shigarwa na takardar shaidar tsaro. Yana karɓar takardar shaidar daga Bari mu ɓoye hukuma kuma mu ɗora shi akan sabar yanar gizonku ba tare da wata matsala ba.

Certbot yana da cikakken kyauta kuma zai ba ku damar shigar da takardar shaidar a cikin hanyar hulɗa ta hanyar samar da umarni bisa ga tsarin sabar gidan yanar gizonku.

Kafin saukar da certbot, da farko, girka fakiti waɗanda suke da mahimmanci don daidaitawar haɗin ɓoyayyen.

$ sudo dnf install mod_ssl openssl

Zazzage certbot ta amfani da umarnin curl.

$ sudo curl -O https://dl.eff.org/certbot-auto

Na gaba, matsar da fayil ɗin certbot zuwa cikin adireshin /usr/local/bin kuma a ba da izinin aiwatar da izini.

$ sudo mv certbot-auto /usr/local/bin
$ sudo chmod 755 /usr/local/bin/certbot-auto

Mataki 2: Createirƙiri Mai karɓar Apache Virtual Host

Mataki na gaba zai kasance don ƙirƙirar fayil mai karɓar baƙon don yankinmu - linuxtechwhiz.info . Fara da farko ƙirƙirar tushen daftarin aiki inda zaku sanya fayilolin HTML ɗinku.

$ sudo mkdir /var/www/linuxtechwhiz.info.conf

Createirƙiri gwaji index.html fayil kamar yadda aka nuna.

$ sudo echo “<h1>Welcome to Apache HTTP server</h1>” > /var/www/linuxtechwhiz.info/index.html

Na gaba, ƙirƙiri fayil ɗin mai karɓar baƙi kamar yadda aka nuna.

$ sudo vim /etc/httpd/conf.d/linuxtechwhiz.info

Sanya sanyi a ƙasa.

<VirtualHost *:443>
  ServerName linuxtechwhiz.info
  ServerAlias www.linuxtechwhiz.info
  DocumentRoot /var/www/linuxtechwhiz.info/
  <Directory /var/www/linuxtechwhiz.info/>
      Options -Indexes +FollowSymLinks
      AllowOverride All
  </Directory>
  ErrorLog /var/log/httpd/www.linuxtechwhiz.info-error.log
  CustomLog /var/log/httpd/www.linuxtechwhiz.info-access.log combined
</VirtualHost>

Ajiye ka fita.

Sanya izini ga asalin Daftarin aiki kamar yadda aka nuna.

$ sudo chown -R apache:apache /var/www/linuxtechwhiz.info

Domin canje-canje su fara aiki, sake kunna sabis na Apache.

$ sudo systemctl restart httpd

Mataki na 3: Shigar Bari mu Encrypt SSL Certificate a kan CentOS 8

Yanzu gudu certbot kamar yadda aka nuna don fara shigarwa na Let Encrypt takardar shaidar.

$ sudo /usr/local/bin/certbot-auto --apache

Za a shigar da wasu fakitin Python da ke ƙasa.

Bayan shigarwa na fakitocin ya yi nasara, certbot za ta ƙaddamar da zaman layin umarni mai ma'amala wanda zai jagorance ku tare da shigar da takardar shaidar ta Bari mu Encrypt.

Idan komai ya tafi daidai, yakamata ka sami sakon taya murna a karshen wanda zai sanar da kai cewa an kulla shafinka ta amfani da takardar shedar bari ta Encrypt. Hakanan za a nuna ingancin takardar shaidar ku - wanda galibi bayan kwanaki 90 bayan turawa.

Yanzu komawa kan fayil ɗin mai masaukinku na kama-da-wane kuma sanya layin daidaitawa masu zuwa.

SSLEngine On
 SSLCertificateFile    /etc/letsencrypt/live/linuxtechwhiz.info/fullchain.pem
 SSLCertificateKeyFile  /etc/letsencrypt/live/linuxtechwhiz.info/privkey.pem

Ajiye ka fita.

Configurationarshen tsari na kamfani na Apache na ƙarshe zai yi kama da wannan:

<VirtualHost *:443>
  ServerName linuxtechwhiz.info
  ServerAlias www.linuxtechwhiz.info
  DocumentRoot /var/www/linuxtechwhiz.info/
  <Directory /var/www/linuxtechwhiz.info/>
      Options -Indexes +FollowSymLinks
      AllowOverride All
  </Directory>
  ErrorLog /var/log/httpd/www.linuxtechwhiz.info-error.log
  CustomLog /var/log/httpd/www.linuxtechwhiz.info-access.log combined

 SSLEngine On
 SSLCertificateFile    /etc/letsencrypt/live/linuxtechwhiz.info/fullchain.pem
 SSLCertificateKeyFile  /etc/letsencrypt/live/linuxtechwhiz.info/privkey.pem
</VirtualHost>

Har yanzu, sake kunna Apache.

$ sudo systemctl restart httpd

Mataki na 4: Tabbatar da Bari Mu Encrypt SSL Certificate

Don tabbatar da cewa komai yana aiki, ƙaddamar da burauzarku kuma ziyarci adireshin IP na uwar garkenku. Ya kamata a yanzu ganin alamar kullewa a farkon URL ɗin.

Don samun ƙarin cikakkun bayanai, danna alamar padlock & danna maɓallin 'Takaddun shaida' akan menu na ja-ƙasa wanda ya bayyana.

A takardar shaidar details za a nuna a kan gaba pop-up taga.

Hakanan, zaku iya gwada sabarku a https://www.ssllabs.com/ssltest/ kuma rukunin yanar gizonku yakamata ya sami maki ‘A’ kamar yadda aka nuna.

Mataki na 5: Sake-Sake Sake Kai Bari Mu Encrypt SSL Certificate

Lets Encrypt yana aiki ne kawai don kwanaki 90 kawai. Yawancin lokaci, aikin sabuntawa ana aiwatar da shi ta kunshin certbot wanda ke ƙara rubutun sabuntawa zuwa adireshin /etc/cron.d. Rubutun yana gudana sau biyu kowace rana kuma zai sabunta duk wani takardar shaidar ta atomatik a cikin kwanaki 30 na ƙarewar.

Don gwada aikin sabuntawar atomatik, gudanar da gwajin gudu tare da certbot.

$ sudo /usr/local/bin/certbot-auto renew --dry-run

Idan babu kuskuren da aka ci karo da shi, to yana nuna cewa kuna da kyau ku tafi.

Wannan ya kawo mu karshen wannan jagorar. A cikin wannan jagorar, mun nuna yadda zaka iya amfani da certbot don girka da saita sigar Let Encrypt a kan Apache webserver da ke gudana akan tsarin CentOS 8.