"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "README.md" between
mod_md-2.4.2.tar.gz and mod_md-2.4.4.tar.gz

About: mod_md is an Apache module that adds Let's Encrypt (ACME) support.

README.md  (mod_md-2.4.2):README.md  (mod_md-2.4.4)
skipping to change at line 45 skipping to change at line 45
## Index ## Index
- [HowTos](#howtos): - [HowTos](#howtos):
* [Add a new `https:` Host](#how-to-add-a-new-host) * [Add a new `https:` Host](#how-to-add-a-new-host)
* [Add `https:` to a `http:` Host](#how-to-add-https-to-a-host) * [Add `https:` to a `http:` Host](#how-to-add-https-to-a-host)
* [Migrate an existing `https:` Host](#how-to-migrate-a-https-host) * [Migrate an existing `https:` Host](#how-to-migrate-a-https-host)
* [Have many Names for a Host](#how-to-have-many-names-for-a-host) * [Have many Names for a Host](#how-to-have-many-names-for-a-host)
* [Live with `http:`](#how-to-live-with-http) * [Live with `http:`](#how-to-live-with-http)
* [Live without `http:`](#how-to-live-without-http) * [Live without `http:`](#how-to-live-without-http)
* [Analyze and fix problems](#how-to-fix-problems) * [Analyze and fix problems](#how-to-fix-problems)
* [Platorm Specifics](#platform-specifics)
- Advanced: - Advanced:
* [Have one cert for several Hosts](#how-to-have-one-cert-for-several-hosts) * [Have one cert for several Hosts](#how-to-have-one-cert-for-several-hosts)
* [Have an Extra Name in a Certificate](#how-to-have-an-extra-name-in-a-cert ) * [Have an Extra Name in a Certificate](#how-to-have-an-extra-name-in-a-cert )
* [Have Individual Settings](#how-to-have-individual-settings) * [Have Individual Settings](#how-to-have-individual-settings)
* [Backup, Restore or Start Over](#how-to-backup-restore-or-start-over) * [Backup, Restore or Start Over](#how-to-backup-restore-or-start-over)
* [Get a Wildcard Cert](#how-to-get-a-wildcard-cert) * [Get a Wildcard Cert](#how-to-get-a-wildcard-cert)
* [Use Other Certificates](#how-to-use-other-certificates) * [Use Other Certificates](#how-to-use-other-certificates)
* [Have two certs for one Host](#how-to-have-two-certs-for-one-host) * [Have two certs for one Host](#how-to-have-two-certs-for-one-host)
- Stapling - Stapling
* [Staple all my certificates](#how-to-staple-all-my-certificates) * [Staple all my certificates](#how-to-staple-all-my-certificates)
skipping to change at line 406 skipping to change at line 407
### Challenges ### Challenges
Sometimes, `mod_md` will not be able to get/renew a certificate because it canno t detect a suitable challenge method for LetsEncrypt. Sometimes, `mod_md` will not be able to get/renew a certificate because it canno t detect a suitable challenge method for LetsEncrypt.
The most common cause is that you request a wildcard certificate, e.g. `*.mydoma in.com` but do not have `MDChallengeDns01` configured. Let's Encrypt offers only DNS challenges for wildcard certificate. There is no choice. If your server is not able/configured to answer those, it will not work. The most common cause is that you request a wildcard certificate, e.g. `*.mydoma in.com` but do not have `MDChallengeDns01` configured. Let's Encrypt offers only DNS challenges for wildcard certificate. There is no choice. If your server is not able/configured to answer those, it will not work.
Another cause: if your server is not reachable on port 80 and you have not confi gured `acme-tls/1` (see [TLS ALPN Challenges](#tls-alpn-challenges) for details) . Again, mod_md is not able to select a challenge for Let's Encrypt to perform. Another cause: if your server is not reachable on port 80 and you have not confi gured `acme-tls/1` (see [TLS ALPN Challenges](#tls-alpn-challenges) for details) . Again, mod_md is not able to select a challenge for Let's Encrypt to perform.
Read the [chapter about ports](#ports-ports-ports) for more information about wh at is going on and what you can do. Read the [chapter about ports](#ports-ports-ports) for more information about wh at is going on and what you can do.
## Platform Specifics
The module is used on various platforms. Some require special attention:
### CentOS 8 advice by @marcstern
The chrooted `md` directory [where are certficiates are stored] must be have the
following properties:
```
owner: root -> rwx
group: apache (or www-data or equivalent) -> rwx
```
Under Redhat (tested on 8), the normal & chrooted "md" directories must be have
the following SELinux context:
`system_u:object_r:httpd_var_lib_t:s0`
For a discussion of the problems @marcstern encountered, see also issue #253.
# Advanced HowTos # Advanced HowTos
## How to Have one Cert for Several Hosts ## How to Have one Cert for Several Hosts
A feature we did not cover so far: you can specify more than one name in `MDomai n`: A feature we did not cover so far: you can specify more than one name in `MDomai n`:
``` ```
MDomain mydomain.com another.org MDomain mydomain.com another.org
<VirtualHost *:443> <VirtualHost *:443>
 End of changes. 2 change blocks. 
0 lines changed or deleted 22 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)