6 | | 1. Add a new https web config that includes the following: |
7 | | {{{ |
8 | | #SSL Stuff |
9 | | SSLEngine On |
10 | | SSLCertificateFile /path/to/certificate/file.crt |
11 | | SSLCertificateKeyFile /path/to/key/file.key |
12 | | SSLCertificateChainFile /path/to/key/intermediate.crt |
13 | | }}} |
14 | | 2. Don't forget to include the DocumentRoot related inscriptions to the new web config: |
15 | | {{{ |
16 | | DocumentRoot /home/members/name/sites/example.net/web |
17 | | CustomLog /home/members/name/sites/example.net/logs/web.log combined |
18 | | ErrorLog /home/members/name/sites/example.net/logs/error.log |
19 | | ScriptAlias /cgi-bin /home/members/name/sites/example.net/cgi-bin |
20 | | }}} |
| 7 | * Log in via: https://members.mayfirst.org/cp |
| 8 | * Choose the "Web Configuration" section |
| 9 | * Edit your web configuration and change the "Port" field to "auto" |
25 | | If you are replacing your key and certificate, you should already have a web config with this information - you will only need to change the path to the keys and certificates, replacing the paths to your old files with the path to your newly generated files. |
| 15 | === auto == |
| 16 | |
| 17 | The best option is to use "auto." When your web site is configured to use auto, then: |
| 18 | |
| 19 | * A [https://letsencrypt.org/ letsencrypt] certificate will be automatically generated at no cost for all the domains in your web configuration (both Server Name and Server Alias). |
| 20 | * This certificate will be automatically updated every three months |
| 21 | * All requests sent via http will be automatically redirected to https |
| 22 | |
| 23 | === http === |
| 24 | |
| 25 | If you prefer, you can opt instead to have an http-only site by choosing http. |
| 26 | |
| 27 | === https === |
| 28 | |
| 29 | You may also wish to use your own certificates, in which case select "https" and specify the `SSLEngine On`, `SSLCertificateKeyFile`, and `SSLCertificateFile` parameters in your configuration that point to the appropriate files. Use this option if you don't want an http site at all. |
| 30 | |
| 31 | === Both http and https === |
| 32 | |
| 33 | You can also choose to have a different web configuration for http and https or control the redirecting in a more fine-tuned way. |