Origin of Apache LEtsEncrypt config.
#!/bin/bash
apt install certbot
mkdir -p /srv/www/letsencrypt
# service apache2 stop
# --standalone
# Command requires Apache or Lighttpd running and aliasing (no need to stop Apache!):
# Alias "/.well-known/acme-challenge/" "/srv/www/letsencrypt/.well-known/acme-challenge/"
certbot certonly --webroot \
--agree-tos --non-interactive \
-m gavenkoa@gmail.com \
-w /srv/www/letsencrypt \
--cert-name defun.work \
-d defun.work \
-d 2048.defun.work \
-d blog.defun.work \
-d cooking.defun.work \
-d gadict.defun.work \
-d hg.defun.work \
-d resume.defun.work \
-d stat.defun.work \
-d test.defun.work \
-d tips.defun.work
# service apache2 start
# https://wiki.debian.org/LetsEncrypt
# python3-certbot-apache - Apache plugin for Certbot
# systemctl reload apache2
# sudo certbot --apache --agree-tos --redirect -m youremail@email.com -d domainname.com -d www.domainname.com
# apt download python3-certbot-apache
# /usr/lib/python3/dist-packages/certbot_apache/_internal/tls_configs/current-options-ssl-apache.conf
# /usr/lib/python3/dist-packages/certbot_apache/_internal/tls_configs/old-options-ssl-apache.conf
cat >/srv/www/letsencrypt/apache-ssl-options.conf <<EOF
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLOptions +StrictRequire
# Add vhost name to log entries:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined
LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common
EOF