To enable LetsEncrypt SSL for a web site hosted in EasyEngine server, run
1 |
ee site update SITE_NAME_HERE --ssl=le |
Example See EasyEngine […]
To enable LetsEncrypt SSL for a web site hosted in EasyEngine server, run
1 |
ee site update SITE_NAME_HERE --ssl=le |
Example See EasyEngine […]
I have a web site that is password protected using Apache basic autenticiation. I used following code in Apache config to password protect.
1 2 3 4 5 6 |
<Directory "/var/www/html/"> AuthType Basic AuthName "Restricted Content" AuthUserFile /etc/apache2/demo-sok-htpaswd Require valid-user </Directory> |
The problem is when SSL need auto renew, it need url like http://domain/.well-known/ to be accessable with out any password for domain ownership verification. To allow .well-known folder to be accessable […]
To change email address of LetsEncrypt SSL certficate account, run
1 |
certbot update_account --email you@your-domain.com |
See LetsEncrypt […]
To view certificate details
1 |
openssl x509 -text -noout -in SSL_FILE.crt |
For web server
1 |
openssl s_client -showcerts -connect serverok.in:443 |
Or
1 |
curl -vI https://serverok.in |
IMAP via SSL
1 |
openssl s_client -showcerts -connect mail.yourdomain.com:993 -servername mail.yourdomain.com |
POP3 via SSL
1 |
openssl s_client -showcerts -connect mail.example.com:995 -servername mail.yourdomain.com |
SMTP via SSL
1 |
openssl s_client -showcerts -connect mail.yourdomain.com:465 -servername mail.yourdomain.com |
SMTP via TLS/StartTLS
1 |
openssl s_client -starttls smtp -showcerts -connect mail.yourdomain.com:25 -servername mail.yourdomain.com |
See SSL […]
To list all available LetsEncrypt SSL certficates, run
1 |
certbot certificates |
To delete a certificate, run
1 |
certbot delete --cert-name NAME_OF_SSL_CERT |
You can find NAME_OF_SSL_CERT from command “certbot certificates”. See LetsEncrypt […]
Due to changes in Apple, Mozilla and Google Root Store Policies, as of September 1, 2020, newly issued SSL/TLS certificates with a validity period greater than 13 months (397 days) are prohibited by policy and will not be trusted. https://www.globalsign.com/en/blog/maximum-ssltls-certificate-validity-now-one-year https://blog.mozilla.org/security/2020/07/09/reducing-tls-certificate-lifespans-to-398-days/ […]
LetsEncrypt provide Free SSL with 90 day validity. You need to renew it every 90 days, there are software to do this. For windows some of the popular software are. win-acme This is a small exe file, it have command line interface (No GUI). You need to run this program ad Administrator (Run as Administrator), […]
This PHP script will redirect web site visitor to HTTPS (SSL) url. You can add this in your index.php of the web site
1 2 3 4 5 6 |
if (empty($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != "on" ) { header("HTTP/1.1 301 Moved Permanently"); $newUrl = "https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; Header("Location: $newUrl"); exit; } |
Move a site to new URL using PHP
1 2 3 4 |
$newUrl = "https://NEW-URL-HERE" . $_SERVER['REQUEST_URI']; header("HTTP/1.1 301 Moved Permanently"); Header("Location: $newUrl"); exit; |
You can also use Apache mod_rewrite .htacess to do the redirection. […]
To force a site to always use HTTPS, add following content to web.config file.
1 2 3 4 5 6 7 |
<rule name="HTTPSOK" stopProcessing="true"> <match url="(.*)" /> <conditions> <add input="{HTTPS}" pattern="^OFF$" /> </conditions> <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" /> </rule> |
Here is full web.config file for a web site that use WordPress and Force SSL
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
<?xml version="1.0" encoding="UTF-8"?> <configuration> <system.webServer> <handlers> <remove name="PHP_via_FastCGI" /> <add name="PHP_via_FastCGI" path="*.php" verb="GET,HEAD,POST" modules="FastCgiModule" scriptProcessor="C:\Program Files (x86)\PHP\v5.3\php-cgi.exe" resourceType="Either" requireAccess="Script" /> </handlers> <rewrite> <rules> <rule name="SEO friendly URL " patternSyntax="Wildcard"> <match url="*" /> <conditions> <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" /> <add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" /> </conditions> <action type="Rewrite" url="index.php" /> </rule> <rule name="HTTPSOK" stopProcessing="true"> <match url="(.*)" /> <conditions> <add input="{HTTPS}" pattern="^OFF$" /> </conditions> <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" /> </rule></rules> </rewrite> </system.webServer> </configuration> |
[…]
To remove password from SSL private key, run
1 |
openssl rsa -in PASSWORD_PROTECTED.key -out NO_PASSWORD.key |
This will ask for password. Once you enter password, key get saved with out password. […]