SSL-certification is essential if you're going to have a site that people will send and receive data from. It's easily evident from the little lock icon on the address bar of your browser if you have it or don't.
End result - you can see the coveted lock closed
This article uses Certbot, which is a free tool for obtaining said certificate. Source(s): Certbot / EFF Snapd Server configuration modified from Tero Karvinen
Configuration - Apache2 - Debian 11 - Django-website
First let's install snapd.
sudo apt-get update sudo apt-get install snapd sudo snap install core
To test the installation you need to install their hello-world package, restart your terminal and run it. sudo snap install hello-world #close the terminal and re-open it hello-world The printout suggested that snap was working.
kallet@fenix2:~$ hello-world Hello World!
To install Certbot I used Snap and made sure a certbot command could be executed.
sudo snap install --classic certbot && sudo ln -s /snap/bin/certbot /usr/bin/certbot
#The ls-command creates a symbolic link between snap's binaries and user's
A symbolic link is essentially a shortcut - a file that points to another file.
I used the automatic configuration setup, since I could.
sudo certbot --apache
Then I answered the questions as I deemed fit. After that I entered my domain. I had a lot of trouble with custom variables, so I just replaced those with regular text. The other thing that was causing problems was my wgsi-process.
[Tue Jun 07 18:00:36.468456 2022] [core:warn] [pid 93101:tid 140529633283392] AH00111: Config variable ${TDIR} is not defined AH00526: Syntax error on line 22 of /etc/apache2/sites-enabled/ktcom.conf: Name duplicates previous WSGI daemon definition.
I changed my conf to this and now it works.
#myconf.conf <VirtualHost *:80> Alias /static/ /home/username/publicwsgi/ktcom/static/ Alias /media/ /home/username/publicwsgi/ktcom/media/ <Directory /home/username/publicwsgi/ktcom/static/> Require all granted </Directory> <Directory /home/username/publicwsgi/ktcom/media/> Require all granted </Directory> ServerName kalletolonen.com ServerAlias www.kalletolonen.com WSGIScriptAlias / /home/username/publicwsgi/ktcom/ktcom/wsgi.py <Directory /home/username/publicwsgi/ktcom/> WSGIProcessGroup username WSGIApplicationGroup %{GLOBAL} WSGIScriptReloading On <Files wsgi.py> Require all granted </Files> </Directory> </VirtualHost> <VirtualHost *:443> Alias /static/ /home/username/publicwsgi/ktcom/static/ Alias /media/ /home/username/publicwsgi/ktcom/media/ <Directory /home/username/publicwsgi/ktcom/static/> Require all granted </Directory> <Directory /home/username/publicwsgi/ktcom/media/> Require all granted </Directory> ServerName kalletolonen.com ServerAlias www.kalletolonen.com WSGIDaemonProcess username user=username group=username threads=5 python-path="/home/username/publicwsgi/ktcom/:/home/username/publicwsgi/env/lib/python3.9/site-packages" WSGIScriptAlias / /home/username/publicwsgi/ktcom/ktcom/wsgi.py <Directory /home/username/publicwsgi/ktcom/> WSGIProcessGroup username WSGIApplicationGroup %{GLOBAL} WSGIScriptReloading On <Files wsgi.py> Require all granted </Files> </Directory> </VirtualHost>
As a last check, I executed the dry run for an automatic renewal.
sudo certbot renew --dry-run
Account registered. Simulating renewal of an existing certificate for kalletolonen.com and www.kalletolonen.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations, all simulated renewals succeeded: /etc/letsencrypt/live/kalletolonen.com/fullchain.pem (success)
Your comment may be published.
Name:
Email:
Message: