{"id":9769,"date":"2019-07-17T09:50:57","date_gmt":"2019-07-17T09:50:57","guid":{"rendered":"http:\/\/blog.bachi.net\/?p=9769"},"modified":"2020-03-29T17:46:34","modified_gmt":"2020-03-29T17:46:34","slug":"free-ssl-certificate-zertifikat","status":"publish","type":"post","link":"https:\/\/blog.bachi.net\/?p=9769","title":{"rendered":"Free SSL Certificate \/ Zertifikat"},"content":{"rendered":"

Let’s Encrypt<\/a>
\nLet\u2019s Encrypt Glossar<\/a>
\n<\/a>
\nZeroSSL – FREE SSL Certificate Wizard<\/a><\/p>\n

Wie Sie ein Let\u2019s Encrypt Zertifikat erstellen und in ein Webhosting-Produkt einbinden<\/a><\/p>\n

Web-Server<\/h4>\n

How to Secure Apache with SSL and Let\u2019s Encrypt in FreeBSD<\/a>
\nNameBasedSSLVHosts<\/a>
\nNameBasedSSLVHostsWithSNI<\/a><\/p>\n

Mail-Server<\/h4>\n

Certbot: Let\u2019s Encrypt TLS-Zertifikate f\u00fcr Mailserver<\/a> (Deprecated!)<\/p>\n

Wildcard<\/h4>\n

Generate Wildcard SSL certificate using Let\u2019s Encrypt\/Certbot<\/a>
\nWildcard Domain Step-By-Step<\/a>
\nACME v2 Production Environment & Wildcards<\/a><\/p>\n

Weiterleitung<\/h4>\n

Weiterleitung auf HTTPS einrichten<\/a>
\nApache2 http zu https Umleitung<\/a>
\nQuickTipp: Weiterleitung (redirect) von HTTP auf HTTPS via Apache oder Htaccess<\/a><\/p>\n

Multiple SSL Certificates with One IP Address<\/h3>\n

Server Name Indication (SNI)<\/a>
\nUsing Multiple SSL Certificates in Apache with One IP Address<\/a>
\nApache SNI Browser Support<\/a>
\nMulti-Domain (SAN) Certificates – Using Subject Alternative Names<\/a>
\nWas ist Server Name Indication (SNI)?<\/a>
\nSSL vs. TLS \u2013 Worin bestehen die Unterschiede?<\/a>
\nSNI (Server Name Indication)<\/a><\/p>\n

pf<\/h3>\n

pfctl cheat sheet<\/a><\/p>\n

py36-certbot<\/h1>\n
\r\n# pkg install py36-certbot\r\nUpdating FreeBSD repository catalogue...\r\nFreeBSD repository is up to date.\r\nAll repositories are up to date.\r\nThe following 24 package(s) will be affected (of 0 checked):\r\n\r\nNew packages to be INSTALLED:\r\n        py36-certbot: 0.35.1,1\r\n        py36-openssl: 19.0.0\r\n        py36-cryptography: 2.6.1\r\n        py36-six: 1.12.0\r\n        py36-cffi: 1.12.3\r\n        py36-pycparser: 2.19\r\n        py36-asn1crypto: 0.24.0\r\n        py36-josepy: 1.2.0\r\n        py36-acme: 0.35.1,1\r\n        py36-requests-toolbelt: 0.8.0\r\n        py36-requests: 2.21.0\r\n        py36-chardet: 3.0.4_1\r\n        py36-certifi: 2019.6.16\r\n        py36-urllib3: 1.22,1\r\n        py36-pysocks: 1.7.0\r\n        py36-idna: 2.8\r\n        py36-pytz: 2019.1,1\r\n        py36-pyrfc3339: 1.1\r\n        py36-zope.interface: 4.6.0\r\n        py36-zope.component: 4.2.2\r\n        py36-zope.event: 4.1.0\r\n        py36-parsedatetime: 2.4_1\r\n        py36-configobj: 5.0.6_1\r\n        py36-configargparse: 0.14.0\r\n\r\nNumber of packages to be installed: 24\r\n\r\nThe process will require 27 MiB more space.\r\n7 MiB to be downloaded.\r\n\r\nProceed with this action? [y\/N]: y\r\n[1\/24] Fetching py36-certbot-0.35.1,1.txz: 100%  458 KiB 468.8kB\/s    00:01\r\n[2\/24] Fetching py36-openssl-19.0.0.txz: 100%   86 KiB  87.8kB\/s    00:01\r\n[3\/24] Fetching py36-cryptography-2.6.1.txz: 100%  326 KiB 334.0kB\/s    00:01\r\n[4\/24] Fetching py36-six-1.12.0.txz: 100%   19 KiB  18.9kB\/s    00:01\r\n[5\/24] Fetching py36-cffi-1.12.3.txz: 100%  200 KiB 205.0kB\/s    00:01\r\n[6\/24] Fetching py36-pycparser-2.19.txz: 100%  164 KiB 167.6kB\/s    00:01\r\n[7\/24] Fetching py36-asn1crypto-0.24.0.txz: 100%  156 KiB 159.3kB\/s    00:01\r\n[8\/24] Fetching py36-josepy-1.2.0.txz: 100%   73 KiB  75.3kB\/s    00:01\r\n[9\/24] Fetching py36-acme-0.35.1,1.txz: 100%  125 KiB 128.2kB\/s    00:01\r\n[10\/24] Fetching py36-requests-toolbelt-0.8.0.txz: 100%    4 MiB   1.6MB\/s    00:03\r\n[11\/24] Fetching py36-requests-2.21.0.txz: 100%   82 KiB  84.4kB\/s    00:01\r\n[12\/24] Fetching py36-chardet-3.0.4_1.txz: 100%  154 KiB 157.9kB\/s    00:01\r\n[13\/24] Fetching py36-certifi-2019.6.16.txz: 100%  145 KiB 148.0kB\/s    00:01\r\n[14\/24] Fetching py36-urllib3-1.22,1.txz: 100%  157 KiB 161.1kB\/s    00:01\r\n[15\/24] Fetching py36-pysocks-1.7.0.txz: 100%   23 KiB  23.8kB\/s    00:01\r\n[16\/24] Fetching py36-idna-2.8.txz: 100%   76 KiB  78.2kB\/s    00:01\r\n[17\/24] Fetching py36-pytz-2019.1,1.txz: 100%  157 KiB 160.4kB\/s    00:01\r\n[18\/24] Fetching py36-pyrfc3339-1.1.txz: 100%    8 KiB   8.1kB\/s    00:01\r\n[19\/24] Fetching py36-zope.interface-4.6.0.txz: 100%  190 KiB 194.7kB\/s    00:01\r\n[20\/24] Fetching py36-zope.component-4.2.2.txz: 100%   91 KiB  93.4kB\/s    00:01\r\n[21\/24] Fetching py36-zope.event-4.1.0.txz: 100%    8 KiB   7.8kB\/s    00:01\r\n[22\/24] Fetching py36-parsedatetime-2.4_1.txz: 100%   57 KiB  58.3kB\/s    00:01\r\n[23\/24] Fetching py36-configobj-5.0.6_1.txz: 100%   51 KiB  52.1kB\/s    00:01\r\n[24\/24] Fetching py36-configargparse-0.14.0.txz: 100%   24 KiB  24.5kB\/s    00:01\r\nChecking integrity... done (0 conflicting)\r\n[1\/24] Installing py36-pycparser-2.19...\r\n[1\/24] Extracting py36-pycparser-2.19: 100%\r\n[2\/24] Installing py36-six-1.12.0...\r\n[2\/24] Extracting py36-six-1.12.0: 100%\r\n[3\/24] Installing py36-cffi-1.12.3...\r\n[3\/24] Extracting py36-cffi-1.12.3: 100%\r\n[4\/24] Installing py36-asn1crypto-0.24.0...\r\n[4\/24] Extracting py36-asn1crypto-0.24.0: 100%\r\n[5\/24] Installing py36-cryptography-2.6.1...\r\n[5\/24] Extracting py36-cryptography-2.6.1: 100%\r\n[6\/24] Installing py36-openssl-19.0.0...\r\n[6\/24] Extracting py36-openssl-19.0.0: 100%\r\n[7\/24] Installing py36-pysocks-1.7.0...\r\n[7\/24] Extracting py36-pysocks-1.7.0: 100%\r\n[8\/24] Installing py36-idna-2.8...\r\n[8\/24] Extracting py36-idna-2.8: 100%\r\n[9\/24] Installing py36-chardet-3.0.4_1...\r\n[9\/24] Extracting py36-chardet-3.0.4_1: 100%\r\n[10\/24] Installing py36-certifi-2019.6.16...\r\n[10\/24] Extracting py36-certifi-2019.6.16: 100%\r\n[11\/24] Installing py36-urllib3-1.22,1...\r\n[11\/24] Extracting py36-urllib3-1.22,1: 100%\r\n[12\/24] Installing py36-requests-2.21.0...\r\n[12\/24] Extracting py36-requests-2.21.0: 100%\r\n[13\/24] Installing py36-pytz-2019.1,1...\r\n[13\/24] Extracting py36-pytz-2019.1,1: 100%\r\n[14\/24] Installing py36-josepy-1.2.0...\r\n[14\/24] Extracting py36-josepy-1.2.0: 100%\r\n[15\/24] Installing py36-requests-toolbelt-0.8.0...\r\n[15\/24] Extracting py36-requests-toolbelt-0.8.0: 100%\r\n[16\/24] Installing py36-pyrfc3339-1.1...\r\n[16\/24] Extracting py36-pyrfc3339-1.1: 100%\r\n[17\/24] Installing py36-zope.interface-4.6.0...\r\n[17\/24] Extracting py36-zope.interface-4.6.0: 100%\r\n[18\/24] Installing py36-zope.event-4.1.0...\r\n[18\/24] Extracting py36-zope.event-4.1.0: 100%\r\n[19\/24] Installing py36-acme-0.35.1,1...\r\n[19\/24] Extracting py36-acme-0.35.1,1: 100%\r\n[20\/24] Installing py36-zope.component-4.2.2...\r\n[20\/24] Extracting py36-zope.component-4.2.2: 100%\r\n[21\/24] Installing py36-parsedatetime-2.4_1...\r\n[21\/24] Extracting py36-parsedatetime-2.4_1: 100%\r\n[22\/24] Installing py36-configobj-5.0.6_1...\r\n[22\/24] Extracting py36-configobj-5.0.6_1: 100%\r\n[23\/24] Installing py36-configargparse-0.14.0...\r\n[23\/24] Extracting py36-configargparse-0.14.0: 100%\r\n[24\/24] Installing py36-certbot-0.35.1,1...\r\n[24\/24] Extracting py36-certbot-0.35.1,1: 100%\r\n\r\nMessage from py36-urllib3-1.22,1:\r\nBe careful, support of IPv6 is broken with PySocks 1.5.7.\r\n\r\nMessage from py36-certbot-0.35.1,1:\r\n===========================================================================\r\n\r\nThis port installs the "standalone" client only, which does not use and\r\nis not the certbot-auto bootstrap\/wrapper script.\r\n\r\nThe simplest form of usage to obtain certificates is:\r\n\r\n # sudo certbot certonly --standalone -d <domain>, [domain2, ... domainN]>\r\n\r\nNOTE:\r\n\r\nThe client requires the ability to bind on TCP port 80 or 443 (depending\r\non the --preferred-challenges option used). If a server is running on that\r\nport, it will need to be temporarily stopped so that the standalone server\r\ncan listen on that port to complete the challenge authentication process.\r\n\r\nFor more information on the 'standalone' mode, see:\r\n\r\n  https:\/\/certbot.eff.org\/docs\/using.html#standalone\r\n\r\nThe certbot plugins to support apache and nginx certificate installation\r\nwill be made available in the following ports:\r\n\r\n * Apache plugin: security\/py-certbot-apache\r\n * Nginx plugin: security\/py-certbot-nginx\r\n\r\n===========================================================================\r\n<\/pre>\n
\r\n# certbot certificates\r\nSaving debug log to \/var\/log\/letsencrypt\/letsencrypt.log\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nNo certs found.\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\n# certbot certificates\r\nSaving debug log to \/var\/log\/letsencrypt\/letsencrypt.log\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nFound the following certs:\r\n  Certificate Name: ns3.te-clan.ch\r\n    Domains: ns3.te-clan.ch\r\n    Expiry Date: 2019-11-17 07:43:26+00:00 (VALID: 89 days)\r\n    Certificate Path: \/usr\/local\/etc\/letsencrypt\/live\/ns3.te-clan.ch\/fullchain.pem\r\n    Private Key Path: \/usr\/local\/etc\/letsencrypt\/live\/ns3.te-clan.ch\/privkey.pem\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\n<\/pre>\n
\r\n# certbot certonly --standalone -d XXX\r\nSaving debug log to \/var\/log\/letsencrypt\/letsencrypt.log\r\nPlugins selected: Authenticator standalone, Installer None\r\nEnter email address (used for urgent renewal and security notices) (Enter 'c' to\r\ncancel): XXX\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nPlease read the Terms of Service at\r\nhttps:\/\/letsencrypt.org\/documents\/LE-SA-v1.2-November-15-2017.pdf. You must\r\nagree in order to register with the ACME server at\r\nhttps:\/\/acme-v02.api.letsencrypt.org\/directory\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n(A)gree\/(C)ancel: a\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nWould you be willing to share your email address with the Electronic Frontier\r\nFoundation, a founding partner of the Let's Encrypt project and the non-profit\r\norganization that develops Certbot? We'd like to send you email about our work\r\nencrypting the web, EFF news, campaigns, and ways to support digital freedom.\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n(Y)es\/(N)o: y\r\nObtaining a new certificate\r\nPerforming the following challenges:\r\nhttp-01 challenge for ns3.te-clan.ch\r\nWaiting for verification...\r\nChallenge failed for domain ns3.te-clan.ch\r\nhttp-01 challenge for ns3.te-clan.ch\r\nCleaning up challenges\r\nSome challenges have failed.\r\n\r\nIMPORTANT NOTES:\r\n - The following errors were reported by the server:\r\n\r\n   Domain: ns3.te-clan.ch\r\n   Type:   connection\r\n   Detail: dns :: DNS problem: NXDOMAIN looking up A for\r\n   ns3.te-clan.ch\r\n\r\n   To fix these errors, please make sure that your domain name was\r\n   entered correctly and the DNS A\/AAAA record(s) for that domain\r\n   contain(s) the right IP address. Additionally, please check that\r\n   your computer has a publicly routable IP address and that no\r\n   firewalls are preventing the server from communicating with the\r\n   client. If you're using the webroot plugin, you should also verify\r\n   that you are serving files from the webroot path you provided.\r\n - Your account credentials have been saved in your Certbot\r\n   configuration directory at \/usr\/local\/etc\/letsencrypt. You should\r\n   make a secure backup of this folder now. This configuration\r\n   directory will also contain certificates and private keys obtained\r\n   by Certbot so making regular backups of this folder is ideal.\r\n\r\n# ping ns3.te-clan.ch\r\nping: cannot resolve ns3.te-clan.ch: Unknown host\r\n\r\n### DNS CONFIG ###\r\n\r\n# ping ns3.te-clan.ch\r\nPING ns3.te-clan.ch (185.72.247.169): 56 data bytes\r\n64 bytes from 185.72.247.169: icmp_seq=0 ttl=64 time=0.162 ms\r\n64 bytes from 185.72.247.169: icmp_seq=1 ttl=64 time=0.159 ms\r\n\r\n# certbot certonly --standalone -d ns3.te-clan.ch\r\nSaving debug log to \/var\/log\/letsencrypt\/letsencrypt.log\r\nPlugins selected: Authenticator standalone, Installer None\r\nObtaining a new certificate\r\nPerforming the following challenges:\r\nhttp-01 challenge for ns3.te-clan.ch\r\nWaiting for verification...\r\nCleaning up challenges\r\n\r\nIMPORTANT NOTES:\r\n - Congratulations! Your certificate and chain have been saved at:\r\n   \/usr\/local\/etc\/letsencrypt\/live\/ns3.te-clan.ch\/fullchain.pem\r\n   Your key file has been saved at:\r\n   \/usr\/local\/etc\/letsencrypt\/live\/ns3.te-clan.ch\/privkey.pem\r\n   Your cert will expire on 2019-11-17. To obtain a new or tweaked\r\n   version of this certificate in the future, simply run certbot\r\n   again. To non-interactively renew *all* of your certificates, run\r\n   "certbot renew"\r\n - If you like Certbot, please consider supporting our work by:\r\n\r\n   Donating to ISRG \/ Let's Encrypt:   https:\/\/letsencrypt.org\/donate\r\n   Donating to EFF:                    https:\/\/eff.org\/donate-le\r\n<\/pre>\n
\r\n# service apache24 stop\r\nStopping apache24.\r\nWaiting for PIDS: 46220.\r\n\r\n# certbot renew\r\nSaving debug log to \/var\/log\/letsencrypt\/letsencrypt.log\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nProcessing \/usr\/local\/etc\/letsencrypt\/renewal\/ns3.te-clan.ch.conf\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nCert is due for renewal, auto-renewing...\r\nPlugins selected: Authenticator standalone, Installer None\r\nRenewing an existing certificate\r\nPerforming the following challenges:\r\nhttp-01 challenge for ns3.te-clan.ch\r\nWaiting for verification...\r\nCleaning up challenges\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nnew certificate deployed without reload, fullchain is\r\n\/usr\/local\/etc\/letsencrypt\/live\/ns3.te-clan.ch\/fullchain.pem\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\nCongratulations, all renewals succeeded. The following certs have been renewed:\r\n  \/usr\/local\/etc\/letsencrypt\/live\/ns3.te-clan.ch\/fullchain.pem (success)\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n<\/pre>\n
\r\n$ certbot certonly --server https:\/\/acme-v02.api.letsencrypt.org\/directory --manual --preferred-challenges dns -d 'domain.XXX,*.domain.XXX'\r\n<\/pre>\n
\r\n\r\n<\/pre>\n
named_update<\/h1>\n
\r\n#!\/usr\/bin\/env perl\r\nuse warnings;\r\nuse strict;\r\n\r\nmy $name = "test";\r\n\r\nmy $num_args = $#ARGV + 1;\r\nif ($num_args != 3) {\r\n    print "\\nUsage: $0 <domain> <TXT1> <TXT2>\\n";\r\n    exit;\r\n}\r\n\r\nmy ($domain, $txt1, $txt2) = @ARGV;\r\nmy @txt = ($txt1, $txt2);\r\n\r\nmy $dir = '\/var\/named\/etc\/namedb\/master\/';\r\nmy $filename = $dir . 'db.' . $domain;\r\n\r\nprint("${filename}:\\n");\r\nopen(my $rd, "<", $filename) or die "Could not open file '$filename'";\r\n\r\nmy @lines = <$rd>; \r\nclose($rd);\r\n\r\nopen(my $wr, ">", $filename);\r\nmy $challenge = 0;\r\nmy $challenge_line = 0;\r\n\r\nforeach my $i (0 .. $#lines) {\r\n    my $line = $lines[$i];\r\n\r\n    # overwrite the 1. and 2. line after the challenge\r\n    if ($challenge == 1 && $challenge_line > ($i - 3)) {\r\n        $wr->print("@                       TXT     \\"" . $txt[$i - $challenge_line - 1] . "\\"\\n");\r\n    } else {\r\n        $wr->print($line);\r\n    }\r\n\r\n    # detect challenge\r\n    if ($line =~ \/\\_acme-challenge\/) {\r\n        $challenge = 1;\r\n        $challenge_line = $i;\r\n        print("Found challenge!\\n");\r\n    }\r\n}\r\nclose($wr);\r\n\r\nprint("Kill named\\n");\r\nmy $out = `pkill named`;\r\nprint($out);\r\nsleep(2);\r\n\r\nprint("Start named\\n");\r\n$out = `service named start`;\r\nprint($out);\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"
Let’s Encrypt Let\u2019s Encrypt Glossar ZeroSSL – FREE SSL Certificate Wizard Wie Sie ein Let\u2019s Encrypt Zertifikat erstellen und in ein Webhosting-Produkt einbinden Web-Server How to Secure Apache with SSL and Let\u2019s Encrypt in FreeBSD NameBasedSSLVHosts NameBasedSSLVHostsWithSNI Mail-Server Certbot: Let\u2019s Encrypt TLS-Zertifikate f\u00fcr Mailserver (Deprecated!) Wildcard Generate Wildcard SSL certificate using Let\u2019s Encrypt\/Certbot Wildcard Domain […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-9769","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/blog.bachi.net\/index.php?rest_route=\/wp\/v2\/posts\/9769","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.bachi.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.bachi.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.bachi.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.bachi.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=9769"}],"version-history":[{"count":16,"href":"https:\/\/blog.bachi.net\/index.php?rest_route=\/wp\/v2\/posts\/9769\/revisions"}],"predecessor-version":[{"id":10830,"href":"https:\/\/blog.bachi.net\/index.php?rest_route=\/wp\/v2\/posts\/9769\/revisions\/10830"}],"wp:attachment":[{"href":"https:\/\/blog.bachi.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=9769"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.bachi.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=9769"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.bachi.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=9769"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}