Différences entre les versions de « Certificats »

De Garbal
Aller à la navigation Aller à la recherche
(Contenu remplacé par « <translate>== Introduction ==<!--T:1--></translate> »)
Balise : Contenu remplacé
Ligne 1 : Ligne 1 :


<translate>== Introduction ==<!--T:1--></translate>
<translate>== Introduction ==<!--T:1--></translate>
<translate>
<!--T:2-->
Garbal uses Let's Encrypt certificates for all websites. This page describes the steps to set up a new certificate using the Win ACME utility (wacs.exe), how the software can be updated and how to troubleshoot the renewal process.
Note that the utility is frequently updated and its use may change over time. If the required steps have changed then please change this text accordingly.
External reference for [https://www.snel.com/support/install-lets-encrypt-with-apache-on-windows-server-2019/ Windows Server 2019 with Apache]
</translate>
<translate>== Installing a new certificate ==<!--T:3--></translate>
<translate>
* Download the latest x64 pluggable zip from [https://github.com/win-acme/win-acme/releases Github] and archive the file in C:\Programs\Installers.
* Unzip the contents to C:\Programs\LetsEncrypt
* Create the file C:\Programs\LetsEncrypt\RestartApache.bat with the following content:
<pre>net stop "ApacheMS4WWebServer4" & sc start "ApacheMS4WWebServer4"</pre>
* run wacs.exe from its installation folder as administrator
* New versions may use other shortcuts for the menu options, just follow their descriptions. We are installing to Apache, messages about IIS can be ignored
* M: Create certificate (full options)
* 2: Manual Input
* Host: ...the host name...
** You will want to use a subdomain, like www.stamp-map.org
** Make sure to use the actual full name/url of the site (with or without www, or the subdomain like stampdev.hoefsloot.com and wiki.garbal.org)
** If you want to use both stamp-map.org and www.stamp-map.org then create 2 certificates.
* Friendly name: <nowiki><enter></nowiki> (leave it empty)
* How would you like to prove ownership:
* 1: [http-01] Save verification files on (network) path
* Path: C:\Websites\sites<nowiki><enter></nowiki>
** which is the documentroot from apache httpd.conf
* Copy default web.config: n
* CSR request key
* 2: RSA key
* 2: PEM encoded files (Apache)
* File Path: C:\ms4w\Apache\conf
* Password on the private key file
* 1: None
* 5: No (additional) store steps
* 2: Start external script or program
* File: C:\Programs\LetsEncrypt\RestartApache.bat<nowiki><enter></nowiki>
<pre>{StoreType} {StorePath} {RenewalId}<enter></pre>
* 3: No (additional) installation steps
* Setup for renewal scheduled task: The windows' Task Scheduler will be used. A new task will be installed.
* Do you want to specify the user the task will run as?: n
** The problem here is that signing in will probably require verification
* R: Run renewal
* Q: Quit
</translate>
<translate>
Now change the Apache setup to use the certificate.
</translate>
<translate>
== Maintenance of LetsEncrypt ==</translate>
<translate>
If the automatic renewal fails, check Windows' Event Viewer first for error messages. Look for Windows Logs / Application, messages of source "win-acme".
If you change settings in wacs, consider re-creating the "renewal scheduled task" from within wacs, because the task seems to be created with a copy of the settings.
To test, simply run the task from Task Scheduler and check Windows' Event Viewer to see if there are any errors.
</translate>

Version du 5 juillet 2022 à 12:27

Introduction

Récupérée de « https://wiki.garbal.org/index.php?title=Certificats&oldid=79 »