On 6/06/18 3:45 pm, Mason James wrote: > > On 5/06/18 2:18 pm, Alvaro Cornejo wrote: >> Hi >> >> I´m trying to setup a ssl connection to Koha (using letsEncrypt certs ) so >> my users, admin and opac can have a secure connection. >> >> I´ve folllowed letsEncrypt & certbot instrucctions but neither opac nor >> admin pages work. >> >> I´ve tried directing connections manually and configuring apache for >> redirect unsuccessfully. >> >> Any hints on this? >> >> This is mostly to avoid the upcoming chrome config where it will display an >> unsafe site warning to any site requiring login that does not use ssl >> >> Regards, >> >> Alvaro >> _______________________________________________ >> Koha mailing list http://koha-community.org >> [email protected] >> https://lists.katipo.co.nz/mailman/listinfo/koha > hi Alvaro > > here's an apache config that has worked well for me > > it has some extra magic to improve it's SSL score > > the config now gets an 'A+' on the following site... > https://www.ssllabs.com/ssltest > > i'll aim to add this to the Koha wiki > > cheers, Mason > >
...and here's a nice 'cert renew' solution, using LE's cli.ini file root@deb8:/# cat /etc/letsencrypt/cli.ini domains = demo.foo.org, demo-admin.foo.org root@deb8:/# cat /etc/cron.d/certbot # /etc/cron.d/certbot: crontab entries for the certbot package # # Upstream recommends attempting renewal twice a day # SHELL=/bin/sh PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin # -n for non-interactive 0 1 * * * root service apache2 stop ; perl -e 'sleep int(rand(3600))' && /usr/bin/certbot certonly --expand -n --standalone --config /etc/letsencrypt/cli.ini ; service apache2 start _______________________________________________ Koha mailing list http://koha-community.org [email protected] https://lists.katipo.co.nz/mailman/listinfo/koha

