Um auf dem RaspberryPi die (derzeit) kostenlosen SSL Zertifikate von Let's Encrypt einsetzten zu könenn, kann die folgende Anleitung helfen:
Zuerst die benötigten Software-Pakete installieren:
sudo apt install certbot python-certbot-apache
Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: python-pyicu python3-acme python3-certbot python3-configargparse python3-configobj python3-future python3-josepy python3-mock python3-openssl python3-parsedatetime python3-pbr python3-requests-toolbelt python3-rfc3339 python3-tz python3-zope.component python3-zope.event python3-zope.hookable python3-zope.interface Suggested packages: python3-certbot-apache python3-certbot-nginx python-certbot-doc python-acme-doc python-configobj-doc python-future-doc python-mock-doc python-openssl-doc python3-openssl-dbg The following NEW packages will be installed: certbot python-pyicu python3-acme python3-certbot python3-configargparse python3-configobj python3-future python3-josepy python3-mock python3-openssl python3-parsedatetime python3-pbr python3-requests-toolbelt python3-rfc3339 python3-tz python3-zope.component python3-zope.event python3-zope.hookable python3-zope.interface 0 upgraded, 19 newly installed, 0 to remove and 0 not upgraded. Need to get 1,359 kB of archives. After this operation, 6,977 kB of additional disk space will be used. Do you want to continue? [Y/n]
Jetzt das Programm "certbot" für den Apache starten:
certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator apache, Installer apache Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): mail@your-domain.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v02.api.letsencrypt.org/directory - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (A)gree/(C)ancel: a - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: n Which names would you like to activate HTTPS for? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: www.your-domain.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter 'c' to cancel): 1 Obtaining a new certificate Performing the following challenges: http-01 challenge for www.your-domain.com Waiting for verification... Cleaning up challenges Created an SSL vhost at /etc/apache2/sites-available/000-default-le-ssl.conf Enabled Apache socache_shmcb module Enabled Apache ssl module Deploying Certificate to VirtualHost /etc/apache2/sites-available/000-default-le-ssl.conf Enabling available site: /etc/apache2/sites-available/000-default-le-ssl.conf Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2 Added an HTTP->HTTPS rewrite in addition to other RewriteRules; you may wish to check for overall consistency. Redirecting vhost in /etc/apache2/sites-enabled/000-default.conf to ssl vhost in /etc/apache2/sites-available/000-default-le-ssl.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations! You have successfully enabled https://www.your-domain.com You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=www.your-domain.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/your-domain.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/your-domain.com/privkey.pem Your cert will expire on 2021-08-03. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew" - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
Sollte das Apachemodul für certbot nicht installiert sein, wird der folgende Fehler angezeigt:
Saving debug log to /var/log/letsencrypt/letsencrypt.log The requested apache plugin does not appear to be installed
In diesem Fall bitte das Modul installieren:
sudo apt install certbot python-certbot-apache
