{"id":1831,"date":"2019-09-18T09:05:17","date_gmt":"2019-09-18T15:05:17","guid":{"rendered":"https:\/\/ugit.siua.ac.cr\/?p=1831"},"modified":"2019-10-30T09:31:19","modified_gmt":"2019-10-30T15:31:19","slug":"letsencrypt-proxy-sitio-web1-completo","status":"publish","type":"post","link":"https:\/\/sada.services\/?p=1831","title":{"rendered":"Letsencrypt: PROXY->Sitio web1 COMPLETO"},"content":{"rendered":"\n<ul class=\"wp-block-list\"><li>En esta gu\u00eda explicamos como vamos a crear un certificado \nletsencrypt en un servidor proxy reverso con apache2 y se lo vamos a \npasar al servidor web1<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Host: PROXY<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>Ingresamos por ssh con el usuario \u00abroot\u00bb<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>ssh ugit@proxy.siua.ac.cr -p 44<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Vamos a crear un hostvirtual que maneje el dominio web1.siua.ac.cr y <a>www.web1.siua.ac.cr<\/a><br><\/li><\/ul>\n\n\n\n<ul class=\"wp-block-list\"><li>Creamos un hostvirtual para que maneje web1.siua.ac.cr y www.web1.siua.ac.cr<\/li><\/ul>\n\n\n\n<ul class=\"wp-block-list\"><li>Creamos el archivo:<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>nano \/etc\/apache2\/sites-available\/web1.siua.ac.cr.conf<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Contenido:<\/li><li>Pagina: <a href=\"\/ARCHIVOS\/letsencrypt\/proxy_xxx.siua.ac.cr.conf.php?dominio=web1&amp;ip=181.193.87.6\">aqu\u00ed<\/a><\/li><\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">NameVirtualHost 181.193.87.6:80<br><br>&lt;VirtualHost 181.193.87.6:80&gt;<br><br> #************************************************************************<br> #***************** DATOS DEL SITIO WEB ********************************<br> #************************************************************************<br> ServerName <strong>web1<\/strong>.siua.ac.cr<br> ServerAlias www.<strong>web1<\/strong>.siua.ac.cr<br> ErrorLog \/var\/log\/apache2\/<strong>web1_80<\/strong>.siua.ac.cr-error.log<br> CustomLog \/var\/log\/apache2\/<strong>web1_80<\/strong>.siua.ac.cr-access.log common<br><br> #************************************************************************<br> #******************** DATOS DEL WEBMASTER *****************************<br> #************************************************************************<br> ServerAdmin interuniversitariadealajuela@gmail.com<br> Header add Author \"Unidad de Gestion e Innovacion Tecnologica\"<br><br> #************************************************************************<br> #************************ DATOS DEL REDIRECCIONAMIENTO ****************<br> #************************************************************************<br><br>&lt;\/VirtualHost&gt;<\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Habilitamos el sitio<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>a2ensite web1.siua.ac.cr<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Recargamos apache<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl reload apache2<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Mandamos a generar el certificado<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>certbot --installer apache<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>RESULTADO<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">Saving debug log to \/var\/log\/letsencrypt\/letsencrypt.log<br><br>How would you like to authenticate with the ACME CA?<br>-------------------------------------------------------------------------------<br>1: Apache Web Server plugin - Beta (apache)<br>2: Spin up a temporary webserver (standalone)<br>3: Place files in webroot directory (webroot)<br>-------------------------------------------------------------------------------<br>Select the appropriate number [1-3] then [enter] (press 'c' to cancel): <strong>1<\/strong><br><br>Plugins selected: Authenticator apache, Installer apache<br><br>Which names would you like to activate HTTPS for?<br>-------------------------------------------------------------------------------<br>1: web1.siua.ac.cr<br>2: www.web1.siua.ac.cr<br>-------------------------------------------------------------------------------<br>Select the appropriate numbers separated by commas and\/or spaces, or leave input<br>blank to select all options shown (Enter 'c' to cancel): <strong>1 2<\/strong><br><br><br>Saving debug log to \/var\/log\/letsencrypt\/letsencrypt.log<br><br>Enter email address (used for urgent renewal and security notices) (Enter 'c' to<br>cancel):<strong>interuniversitariadealajuela@gmail.com<\/strong><br><br>-------------------------------------------------------------------------------<br>Please read the Terms of Service at<br>https:\/\/letsencrypt.org\/documents\/LE-SA-v1.2-November-15-2017.pdf. You must<br>agree in order to register with the ACME server at<br>https:\/\/acme-v01.api.letsencrypt.org\/directory<br>-------------------------------------------------------------------------------<br>(A)gree\/(C)ancel: <strong>A<\/strong><br><br>Select the appropriate numbers separated by commas and\/or spaces, or leave input<br>blank to select all options shown (Enter 'c' to cancel): 1 2<br>Obtaining a new certificate<br>Performing the following challenges:<br>http-01 challenge for soporte.siua.ac.cr<br>http-01 challenge for www.soporte.siua.ac.cr<br>Waiting for verification...<br>Cleaning up challenges<br>Created an SSL vhost at <strong>\/etc\/apache2\/sites-available\/web1.siua.ac.cr-le-ssl.conf<\/strong><br>Deploying Certificate for <strong>web1.siua.ac.cr<\/strong> to VirtualHost <strong>\/etc\/apache2\/sites-available\/web1.siua.ac.cr-le-ssl.conf<\/strong><br>Enabling available site: <strong>\/etc\/apache2\/sites-available\/web1.siua.ac.cr-le-ssl.conf<\/strong><br>Deploying Certificate for <strong>www.web1.siua.ac.cr<\/strong> to VirtualHost <strong>\/etc\/apache2\/sites-available\/web1.siua.ac.cr-le-ssl.conf<\/strong><br><br>Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.<br>-------------------------------------------------------------------------------<br>1: No redirect - Make no further changes to the webserver configuration.<br>2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for<br>new sites, or if you're confident your site works on HTTPS. You can undo this<br>change by editing your web server's configuration.<br>-------------------------------------------------------------------------------<br>Select the appropriate number [1-2] then [enter] (press 'c' to cancel):<strong> 2<\/strong><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Como le indicamos que queremos que todas las solicitudes :80 las dirija a :443 el me modifica el archivo y agrega:<\/li><\/ul>\n\n\n\n<ul class=\"wp-block-list\"><li>P\u00e1gina: <a rel=\"noreferrer noopener\" aria-label=\"aqu\u00ed (abre en una nueva pesta\u00f1a)\" href=\"\/ARCHIVOS\/letsencrypt\/proxy_xxx.siua.ac.cr-le-ssl.conf.php?ip=181.193.87.6&amp;ip2=10.20.200.15&amp;dominio=web1\" target=\"_blank\">aqu\u00ed<\/a><\/li><\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">NameVirtualHost 181.193.87.6:80<br><br>&lt;VirtualHost 181.193.87.6:80&gt;<br><br> #************************************************************************<br> #***************** DATOS DEL SITIO WEB ********************************<br> #************************************************************************<br> ServerName web1.siua.ac.cr<br> ServerAlias www.web1.siua.ac.cr<br> ErrorLog \/var\/log\/apache2\/web1_80.siua.ac.cr-error.log<br> CustomLog \/var\/log\/apache2\/web1_80.siua.ac.cr-access.log common<br><br> #************************************************************************<br> #******************** DATOS DEL WEBMASTER *****************************<br> #************************************************************************<br> ServerAdmin interuniversitariadealajuela@gmail.com<br> Header add Author \"Unidad de Gestion e Innovacion Tecnologica\"<br><br> <strong>#************************************************************************<\/strong><br><strong> #************************ DATOS DEL REDIRECCIONAMIENTO ****************<\/strong><br><strong> #************************************************************************<\/strong><br><strong> RewriteEngine on<\/strong><br><strong> RewriteCond %{SERVER_NAME} =web1.siua.ac.cr [OR]<\/strong><br><strong> RewriteCond %{SERVER_NAME} =www.web1.siua.ac.cr<\/strong><br><strong> RewriteRule ^ https:\/\/%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]<\/strong><br>&lt;\/VirtualHost&gt;<\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Y adem\u00e1s me crear un hostvirtual de atender las solicitudes :443 y con los certificados<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>nano \/etc\/apache2\/sites-available\/web1.siua.ac.cr-le-ssl.conf<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>RESULTADO<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">&lt;IfModule mod_ssl.c&gt;<br> &lt;VirtualHost 181.193.87.6:443&gt;<br><br> #************************************************************************<br> #***************** DATOS DEL SITIO WEB ********************************<br> #************************************************************************<br> ServerName web1.siua.ac.cr<br> ServerAlias www.web1.siua.ac.cr<br> ErrorLog \/var\/log\/apache2\/web1_80.siua.ac.cr-error.log<br> CustomLog \/var\/log\/apache2\/web1_80.siua.ac.cr-access.log common<br><br> #************************************************************************<br> #******************** DATOS DEL WEBMASTER *****************************<br> #************************************************************************<br> ServerAdmin interuniversitariadealajuela@gmail.com<br> Header add Author \"Unidad de Gestion e Innovacion Tecnologica\"<br><br> #************************************************************************<br> #******************* DATOS DEL REDIRECCIONAMIENTO *********************<br> #************************************************************************<br> ProxyPreserveHost On<br> ProxyRequests off<br> SSLProxyEngine on<br> ProxyPass \/ https:\/\/10.20.200.15\/<br> ProxyPassReverse \/ https:\/\/10.20.200.15\/<br><br><br> <strong>#************************************************************************<\/strong><br><strong> #******************** DATOS DEL CERTIFICADO ***************************<\/strong><br><strong> #************************************************************************<\/strong><br><strong> Include \/etc\/letsencrypt\/options-ssl-apache.conf<\/strong><br><strong> SSLCertificateFile \/etc\/letsencrypt\/live\/web1.siua.ac.cr\/fullchain.pem<\/strong><br><strong> SSLCertificateKeyFile \/etc\/letsencrypt\/live\/web1.siua.ac.cr\/privkey.pem<\/strong><br> &lt;\/VirtualHost&gt;<br>&lt;\/IfModule&gt;<\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Ahora vamos hacer el cambio que las solicitudes 443 tengan su propio log file<\/li><li>Abrimos<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>nano \/etc\/apache2\/sites-available\/web1.siua.ac.cr-le-ssl.conf<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Modificamos<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">&lt;IfModule mod_ssl.c&gt;<br> &lt;VirtualHost 181.193.87.6:443&gt;<br><br> #************************************************************************<br> #***************** DATOS DEL SITIO WEB ********************************<br> #************************************************************************<br> ServerName web1.siua.ac.cr<br> ServerAlias www.web1.siua.ac.cr<br> ErrorLog \/var\/log\/apache2\/web1_<strong>443<\/strong>.siua.ac.cr-error.log<br> CustomLog \/var\/log\/apache2\/web1_<strong>443<\/strong>.siua.ac.cr-access.log common<br><br> #************************************************************************<br> #******************** DATOS DEL WEBMASTER *****************************<br> #************************************************************************<br> ServerAdmin interuniversitariadealajuela@gmail.com<br> Header add Author \"Unidad de Gestion e Innovacion Tecnologica\"<br><br> #************************************************************************<br> #******************* DATOS DEL REDIRECCIONAMIENTO *********************<br> #************************************************************************<br> ProxyPreserveHost On<br> ProxyRequests off<br> SSLProxyEngine on<br> ProxyPass \/ https:\/\/10.20.200.15\/<br> ProxyPassReverse \/ https:\/\/10.20.200.15\/<br><br><br> #************************************************************************<br> #******************** DATOS DEL CERTIFICADO ***************************<br> #************************************************************************<br> Include \/etc\/letsencrypt\/options-ssl-apache.conf<br> SSLCertificateFile \/etc\/letsencrypt\/live\/web1.siua.ac.cr\/fullchain.pem<br> SSLCertificateKeyFile \/etc\/letsencrypt\/live\/web1.siua.ac.cr\/privkey.pem<br> &lt;\/VirtualHost&gt;<br>&lt;\/IfModule&gt;<\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Recargamos el servicio<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl reload apache2<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Host: Web1<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>Vamos a crear una carpeta para almacenar los certificados de todos los sitios<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code> mkdir \/etc\/apache2\/certificados\/<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Y otra dentro de este que tenga los certificados de este dominio \u00abweb1.siua.ac.cr\u00bb<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>mkdir \/etc\/apache2\/certificados\/web1.siua.ac.cr\/<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Ahora de damos permisos de escritura<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>chmod 777 -R \/etc\/apache2\/certificados\/web1.siua.ac.cr\/\n<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Vamos hacer que el servidor PROXY se pueda conectar con WEB1 con una llave de confianza sin clave con el usuario root para esto<\/li><li>Verificamos que el usuario root tenga una contrase\u00f1a sino le creaos una<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>passwd root<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Vamos a verificar que esta habilitado el poder conectarse al servidor web1 por ssh con root<\/li><li>Abrimos<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>nano \/etc\/ssh\/sshd_config<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Y verificamos que tenemos esto<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>PermitRootLogin yes\nPubkeyAuthentication yes\nPasswordAuthentication yes<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Reiniciamos el servicio<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>service sshd restart<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Y comprobamos que podemos ingresar<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>ssh root@web1.siua.ac.cr -p 44<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Host: PROXY<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>Ahora vamos a crear las llaves de confianza en el servidor PROXY<\/li><li>Ingresamos a la carpeta<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>cd \/root\/.ssh\/<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">SI HAY QUE GENERAR LLAVES<\/h3>\n\n\n\n<ul class=\"wp-block-list\"><li>Creamos las llaves para el cliente CON CONTRASE\u00d1A EN BLANCO<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>ssh-keygen -t rsa<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>&nbsp;RESULTADO:<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">Generating public\/private rsa key pair.<br>Enter file in which to save the key (\/root\/.ssh\/id_rsa):<br>Enter passphrase (empty for no passphrase):<br>Enter same passphrase again:<br>Your identification has been saved in id_rsa.<br>Your public key has been saved in id_rsa.pub.<br>The key fingerprint is:<br>SHA256:Eao0rOXn89R8pg3FjvPKsYUwBlAXaBxHBMZrHt06u78 root@proxy<br>The key's randomart image is:<br>+---[RSA 2048]----+<br>| .+=*B. |<br>| . o=+ . |<br>| =.oo.. |<br>| = o+..... |<br>| . oo..S. o |<br>| o..o= = |<br>| o .oO = |<br>| +.. % |<br>| ooEoo |<br>+----[SHA256]-----+<\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>&nbsp;Ya podemos listar los archivos para ver las llaves<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>ls<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>RESULTADO:<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">id_rsa id_rsa.pub known_hosts<\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">SI YA HAY LLAVES<\/h3>\n\n\n\n<ul class=\"wp-block-list\"><li>Ahora vamos a publicar nuestra llave \u00abp\u00fablica en el servidor remoto\u00bb<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>ssh-copy-id root@10.20.200.15 -p 44<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>RESULTADO<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">\/usr\/bin\/ssh-copy-id: INFO: Source of key(s) to be installed: \"\/root\/.ssh\/id_rsa.pub\"<br>\/usr\/bin\/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed<br>\/usr\/bin\/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys<br>root@10.20.200.11's password:<br><br>Number of key(s) added: 1<br><br>Now try logging into the machine, with: \"ssh 'root@10.20.200.11'\"<br>and check to make sure that only the key(s) you wanted were added.<\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Podemos probar que nos conectamos de ofrma directa de PROXY a WEB1<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>ssh root@10.20.200.15 -p 44<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Ahora vamos a copiar los certificados que se encuentra ne le servidor PROXY al servidro Web1<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">scp -P 44 -r \/etc\/letsencrypt\/live\/<strong>web1<\/strong>.siua.ac.cr\/fullchain.pem <a href=\"mailto:root@10.20.200.15:\/etc\/apache2\/certificados\/web1.siua.ac.cr\/fullchain.pem\">root@<strong>10.20.200.15<\/strong>:\/etc\/apache2\/certificados\/<strong>web1<\/strong>.siua.ac.cr\/fullchain.pem <\/a><br><br>scp -P 44 -r \/etc\/letsencrypt\/live\/<strong>web1<\/strong>.siua.ac.cr\/privkey.pem root@<strong>10.20.200.15<\/strong>:\/etc\/apache2\/certificados\/<strong>web1<\/strong>.siua.ac.cr\/privkey.pem<\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Host: web1<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>Ahora vamos hacer que todas las solicitudes :80 se dirijan a :443<\/li><li>Abrimos o creamos el archivo<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>nano \/etc\/apache2\/sites-available\/web1.siua.ac.cr.conf<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Contenido<\/li><li>Pagina: <a href=\"\/ARCHIVOS\/letsencrypt\/web_xxx.siua.ac.cr.conf.php?dominio=web1\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"aqu\u00ed (abre en una nueva pesta\u00f1a)\">aqu\u00ed<\/a><\/li><\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">&lt;VirtualHost *:<strong>80<\/strong>&gt;<br><br> #************************************************************************<br> #***************** DATOS DEL SITIO WEB ********************************<br> #************************************************************************<br> ServerName <strong>web1<\/strong>.siua.ac.cr<br> ServerAlias www.<strong>web1<\/strong>.siua.ac.cr<br> ErrorLog \/var\/log\/apache2\/<strong>web1_80<\/strong>.siua.ac.cr-error.log<br> CustomLog \/var\/log\/apache2\/<strong>web1_80<\/strong>.siua.ac.cr-access.log common<br><br> #************************************************************************<br> #******************** DATOS DEL WEBMASTER *****************************<br> #************************************************************************<br> ServerAdmin interuniversitariadealajuela@gmail.com<br> Header add Author \"Unidad de Gestion e Innovacion Tecnologica\"<br><br> #************************************************************************<br> #************** DATOS DEL REDIRECIONAMIENTO **********************<br> #************************************************************************<br> RedirectMatch permanent ^\/(.*) https:\/\/<strong>web1<\/strong>.siua.ac.cr\/$1<br><br><br> #************************************************************************<br> #************** DATOS DEL SITIO WEB **********************<br> #************************************************************************<br> DocumentRoot \/var\/www\/html\/Sitios\/index_servidores<br><br>&lt;\/VirtualHost&gt;<\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Lo abrimos<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>nano \/etc\/apache2\/sites-available\/web1.siua.ac.cr-le-ssl.conf<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Contenido<\/li><li>Pagina: <a href=\"\/ARCHIVOS\/letsencrypt\/web_xxx.siua.ac.cr-le-ssl.conf.php?dominio=web1\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"aqu\u00ed (abre en una nueva pesta\u00f1a)\">aqu\u00ed<\/a><\/li><\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">&lt;IfModule mod_ssl.c&gt;<br><br> #************************************************************************<br> #********************* HTTPS:\/\/WWW.WEB1.SIUA.AC:CR **********************<br> #************************************************************************<br> &lt;VirtualHost *:443&gt;<br> ServerName www.web1.ac.cr<br> RedirectMatch permanent ^\/(.*) https:\/\/web1.siua.ac.cr\/$1<br> #************************************************************************<br> #*************************** DATOS DEL CERTIFICADO **********************<br> #************************************************************************<br> SSLEngine on<br> SSLCertificateFile \/etc\/apache2\/certificados\/web1.siua.ac.cr\/fullchain.pem<br> SSLCertificateKeyFile \/etc\/apache2\/certificados\/web1.siua.ac.cr\/privkey.pem<br> &lt;\/VirtualHost&gt;<br><br> #************************************************************************<br> #************* HTTPS:\/\/WEB1.SIUA.AC:CR ***********************<br> #************************************************************************<br> &lt;VirtualHost *:443&gt;<br><br> #************************************************************************<br> #***************** DATOS DEL SITIO WEB ********************************<br> #************************************************************************<br> ServerName web1.siua.ac.cr<br> ErrorLog \/var\/log\/apache2\/web1_443.siua.ac.cr-error.log<br> CustomLog \/var\/log\/apache2\/web1_443.siua.ac.cr-access.log common<br><br> #************************************************************************<br> #******************** DATOS DEL WEBMASTER *****************************<br> #************************************************************************<br> ServerAdmin interuniversitariadealajuela@gmail.com<br> Header add Author \"Unidad de Gestion e Innovacion Tecnologica\"<br><br><br> #************************************************************************<br> #************** DATOS DEL CERTIFICADO **********************<br> #************************************************************************<br> SSLEngine on<br> SSLCertificateFile \/etc\/apache2\/certificados\/web1.siua.ac.cr\/fullchain.pem<br> SSLCertificateKeyFile \/etc\/apache2\/certificados\/web1.siua.ac.cr\/privkey.pem<br><br> #************************************************************************<br> #************** DATOS DEL SITIO WEB **********************<br> #************************************************************************<br> DocumentRoot \/var\/www\/html\/Sitios\/index_servidores<br> &lt;\/VirtualHost&gt;<br>&lt;\/IfModule&gt;<br><br><br><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Agregamos el sitios<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>a2ensite web1.siua.ac.cr-le-ssl.conf <\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Recargamos apache<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl reload apache2<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">&nbsp;Host: PROXY<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>Ahora vamos hacer que los certificados se renueven<\/li><li>Abrimos el archivo<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>nano \/root\/ssh-renew.sh<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Y agregamos<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">scp -P 44 -r \/etc\/letsencrypt\/live\/web1.siua.ac.cr\/fullchain.pem root@10.20.200.15:\/etc\/apache2\/certificados\/web1.siua.ac.cr\/fullchain.pem <br><br>scp -P 44 -r \/etc\/letsencrypt\/live\/web1.siua.ac.cr\/privkey.pem root@10.20.200.15:\/etc\/apache2\/certificados\/web1.siua.ac.cr\/privkey.pem<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>En esta gu\u00eda explicamos como vamos a crear un certificado letsencrypt en un servidor proxy reverso con apache2 y se lo vamos a pasar al servidor web1 Host: PROXY Ingresamos por ssh con el usuario \u00abroot\u00bb Vamos a crear un hostvirtual que maneje el dominio web1.siua.ac.cr y www.web1.siua.ac.cr Creamos un hostvirtual para que maneje web1.siua.ac.cr [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":1829,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[134],"tags":[],"class_list":["post-1831","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-letsencrypt"],"blocksy_meta":{"styles_descriptor":{"styles":{"desktop":"","tablet":"","mobile":""},"google_fonts":[],"version":6}},"_links":{"self":[{"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/posts\/1831","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/sada.services\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1831"}],"version-history":[{"count":10,"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/posts\/1831\/revisions"}],"predecessor-version":[{"id":2813,"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/posts\/1831\/revisions\/2813"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/media\/1829"}],"wp:attachment":[{"href":"https:\/\/sada.services\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1831"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sada.services\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1831"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sada.services\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1831"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}