Différences

Ci-dessous, les différences entre deux révisions de la page.

--- linux:ssl [11-01-2023 10:10] – edmc73
+++ linux:ssl [10-11-2025 14:34] (Version actuelle) – [Avec StartSSL] edmc73
@@ Ligne 13: / Ligne 13: @@
 ===== Avec Let's Encrypt =====
+**MAJ 2024**
+En résumé sur une fresh debian 11
+  apt install certbot python3-certbot-apache
+<code>
+# certbot --apache -d edmc73.com
+Saving debug log to /var/log/letsencrypt/letsencrypt.log
+Plugins selected: Authenticator apache, Installer apache
+Enter email address (used for urgent renewal and security notices)
+ (Enter 'c' to cancel): toto@toto.com
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+Please read the Terms of Service at
+https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf. You must
+agree in order to register with the ACME server. Do you agree?
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+(Y)es/(N)o: Y
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+Would you be willing, once your first certificate is successfully issued, to
+share your email address with the Electronic Frontier Foundation, a founding
+partner of the Let's Encrypt project and the non-profit organization that
+develops Certbot? We'd like to send you email about our work encrypting the web,
+EFF news, campaigns, and ways to support digital freedom.
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+(Y)es/(N)o: Y
+Account registered.
+Requesting a certificate for edmc73.com
+Performing the following challenges:
+http-01 challenge for edmc73.com
+Enabled Apache rewrite module
+Waiting for verification...
+Cleaning up challenges
+Created an SSL vhost at /etc/apache2/sites-available/000-default-le-ssl.conf
+Enabled Apache socache_shmcb module
+Enabled Apache ssl module
+Deploying Certificate to VirtualHost /etc/apache2/sites-available/000-default-le-ssl.conf
+Enabling available site: /etc/apache2/sites-available/000-default-le-ssl.conf
+Enabled Apache rewrite module
+Redirecting vhost in /etc/apache2/sites-enabled/000-default.conf to ssl vhost in /etc/apache2/sites-available/000-default-le-ssl.conf
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+Congratulations! You have successfully enabled https://edmc73.com
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+Subscribe to the EFF mailing list (email: toto@toto.com).
+IMPORTANT NOTES:
+ - Congratulations! Your certificate and chain have been saved at:
+   /etc/letsencrypt/live/edmc73.com/fullchain.pem
+   Your key file has been saved at:
+   /etc/letsencrypt/live/edmc73.com/privkey.pem
+   Your certificate will expire on 2024-03-16. To obtain a new or
+   tweaked version of this certificate in the future, simply run
+   certbot again with the "certonly" option. To non-interactively
+   renew *all* of your certificates, run "certbot renew"
+ - If you like Certbot, please consider supporting our work by:
+   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
+   Donating to EFF:                    https://eff.org/donate-le
+</code>
+On se retrouve donc avec un nouveau fichier de config dans apache tout configuré pour que ça fonctionne en https.
+-------------------------
 Let's Encrypt a bien évolué depuis sa version beta, je vais maintenant mettre mes scripts à jour et détailler le fonctionnement sur Debian 7 et Apache
@@ Ligne 429: / Ligne 496: @@
       "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
 </VirtualHost>
+</code>
+===== ATTENTION : test piratage juste après avoir demandé un certificat letsencrypt =====
+Pensez à sécuriser votre site avant de demander un certificat ssl, 14sec après la récupération du certificat, les bots sont là !
+<code>
+.178.112.210 - - [10/Nov/2025:15:06:05 +0100] "GET /.well-known/acme-challenge/cUuM_6I1IJMZQZO9S_6278IIXXLPI-yFKi5KbWUZhfE HTTP/1.1" 200 308 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
+.170.229.162 - - [10/Nov/2025:15:06:06 +0100] "GET /.well-known/acme-challenge/cUuM_6I1IJMZQZO9S_6278IIXXLPI-yFKi5KbWUZhfE HTTP/1.1" 200 308 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
+.138.135.248 - - [10/Nov/2025:15:06:06 +0100] "GET /.well-known/acme-challenge/cUuM_6I1IJMZQZO9S_6278IIXXLPI-yFKi5KbWUZhfE HTTP/1.1" 200 308 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
+.236.228.26 - - [10/Nov/2025:15:06:06 +0100] "GET /.well-known/acme-challenge/cUuM_6I1IJMZQZO9S_6278IIXXLPI-yFKi5KbWUZhfE HTTP/1.1" 200 308 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
+.179.180.114 - - [10/Nov/2025:15:06:06 +0100] "GET /.well-known/acme-challenge/cUuM_6I1IJMZQZO9S_6278IIXXLPI-yFKi5KbWUZhfE HTTP/1.1" 200 308 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
+.154.212.47 - - [10/Nov/2025:15:06:20 +0100] "GET / HTTP/1.1" 500 415440 "-" "-"
+.154.212.47 - - [10/Nov/2025:15:06:52 +0100] "GET / HTTP/1.1" 500 403600 "-" "Mozilla/5.0 (Linux; Android 6.0; HTC One M9 Build/MRA07962) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.8616.98 Mobile Safari/537.3"
+.154.212.47 - - [10/Nov/2025:15:06:52 +0100] "POST /graphql HTTP/1.1" 404 9697 "-" "Mozilla/5.0 (l9scan/2.0.637313e20313e21393e21353; +https://leakix.net)"
+.154.212.47 - - [10/Nov/2025:15:06:52 +0100] "POST /api HTTP/1.1" 404 9693 "-" "Mozilla/5.0 (l9scan/2.0.637313e20313e21393e21353; +https://leakix.net)"
+.154.212.47 - - [10/Nov/2025:15:06:53 +0100] "POST /api/graphql HTTP/1.1" 404 9733 "-" "Mozilla/5.0 (l9scan/2.0.637313e20313e21393e21353; +https://leakix.net)"
+.154.212.47 - - [10/Nov/2025:15:06:53 +0100] "POST /graphql/api HTTP/1.1" 404 9701 "-" "Mozilla/5.0 (l9scan/2.0.637313e20313e21393e21353; +https://leakix.net)"
+.154.212.47 - - [10/Nov/2025:15:06:53 +0100] "POST /api/gql HTTP/1.1" 404 9729 "-" "Mozilla/5.0 (l9scan/2.0.637313e20313e21393e21353; +https://leakix.net)"
+.154.212.47 - - [10/Nov/2025:15:06:54 +0100] "GET /swagger-ui.html HTTP/1.1" 404 6888 "-" "Mozilla/5.0 (l9scan/2.0.637313e20313e21393e21353; +https://leakix.net)"
+.154.212.47 - - [10/Nov/2025:15:06:54 +0100] "GET /swagger/index.html HTTP/1.1" 404 6888 "-" "Mozilla/5.0 (l9scan/2.0.637313e20313e21393e21353; +https://leakix.net)"
+.154.212.47 - - [10/Nov/2025:15:06:54 +0100] "GET /swagger/swagger-ui.html HTTP/1.1" 404 6888 "-" "Mozilla/5.0 (l9scan/2.0.637313e20313e21393e21353; +https://leakix.net)"
+.154.212.47 - - [10/Nov/2025:15:06:54 +0100] "GET /webjars/swagger-ui/index.html HTTP/1.1" 404 6888 "-" "Mozilla/5.0 (l9scan/2.0.637313e20313e21393e21353; +https://leakix.net)"
+.154.212.47 - - [10/Nov/2025:15:06:55 +0100] "GET /swagger.json HTTP/1.1" 404 6888 "-" "Mozilla/5.0 (l9scan/2.0.637313e20313e21393e21353; +https://leakix.net)"
+.154.212.47 - - [10/Nov/2025:15:06:55 +0100] "GET /swagger/v1/swagger.json HTTP/1.1" 404 6888 "-" "Mozilla/5.0 (l9scan/2.0.637313e20313e21393e21353; +https://leakix.net)"
+.154.212.47 - - [10/Nov/2025:15:06:55 +0100] "GET /v2/api-docs HTTP/1.1" 404 6888 "-" "Mozilla/5.0 (l9scan/2.0.637313e20313e21393e21353; +https://leakix.net)"
+.154.212.47 - - [10/Nov/2025:15:06:55 +0100] "GET /v3/api-docs HTTP/1.1" 404 6888 "-" "Mozilla/5.0 (l9scan/2.0.637313e20313e21393e21353; +https://leakix.net)"
+.154.212.47 - - [10/Nov/2025:15:06:55 +0100] "GET /api-docs/swagger.json HTTP/1.1" 404 6888 "-" "Mozilla/5.0 (l9scan/2.0.637313e20313e21393e21353; +https://leakix.net)"
+.154.212.47 - - [10/Nov/2025:15:06:56 +0100] "GET /api/swagger.json HTTP/1.1" 404 6920 "-" "Mozilla/5.0 (l9scan/2.0.637313e20313e21393e21353; +https://leakix.net)"
+.154.212.47 - - [10/Nov/2025:15:06:56 +0100] "GET /@vite/env HTTP/1.1" 404 6888 "-" "Go-http-client/1.1"
+.154.212.47 - - [10/Nov/2025:15:06:56 +0100] "GET /actuator/env HTTP/1.1" 404 6888 "-" "Go-http-client/1.1"
+.154.212.47 - - [10/Nov/2025:15:06:57 +0100] "GET /server HTTP/1.1" 404 6888 "-" "Go-http-client/1.1"
+.154.212.47 - - [10/Nov/2025:15:06:57 +0100] "GET /.vscode/sftp.json HTTP/1.1" 404 6888 "-" "Go-http-client/1.1"
+.154.212.47 - - [10/Nov/2025:15:06:57 +0100] "GET /about HTTP/1.1" 404 6888 "-" "Go-http-client/1.1"
+.154.212.47 - - [10/Nov/2025:15:06:57 +0100] "GET /debug/default/view?panel=config HTTP/1.1" 404 6888 "-" "Go-http-client/1.1"
+.154.212.47 - - [10/Nov/2025:15:06:58 +0100] "GET /v2/_catalog HTTP/1.1" 404 9701 "-" "Go-http-client/1.1"
+.154.212.47 - - [10/Nov/2025:15:06:58 +0100] "GET /ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application HTTP/1.1" 404 6888 "-" "Go-http-client/1.1"
+.154.212.47 - - [10/Nov/2025:15:06:58 +0100] "GET /server-status HTTP/1.1" 403 468 "-" "Go-http-client/1.1"
+.154.212.47 - - [10/Nov/2025:15:06:58 +0100] "GET /login.action HTTP/1.1" 404 6888 "-" "Go-http-client/1.1"
+.154.212.47 - - [10/Nov/2025:15:06:58 +0100] "GET /_all_dbs HTTP/1.1" 404 6888 "-" "Mozilla/5.0 (l9scan/2.0.637313e20313e21393e21353; +https://leakix.net)"
+.154.212.47 - - [10/Nov/2025:15:06:59 +0100] "GET /.DS_Store HTTP/1.1" 404 6888 "-" "Go-http-client/1.1"
+.154.212.47 - - [10/Nov/2025:15:06:59 +0100] "GET /.env HTTP/1.1" 404 6888 "-" "Go-http-client/1.1"
+.154.212.47 - - [10/Nov/2025:15:06:59 +0100] "GET /.git/config HTTP/1.1" 404 6888 "-" "Go-http-client/1.1"
+.154.212.47 - - [10/Nov/2025:15:07:00 +0100] "GET /s/637313e20313e21393e21353/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.properties HTTP/1.1" 404 6888 "-" "Go-http-client/1.1"
+.154.212.47 - - [10/Nov/2025:15:07:00 +0100] "GET /config.json HTTP/1.1" 404 6888 "-" "Go-http-client/1.1"
+.154.212.47 - - [10/Nov/2025:15:07:00 +0100] "GET /telescope/requests HTTP/1.1" 404 6888 "-" "Go-http-client/1.1"
+.154.212.47 - - [10/Nov/2025:15:07:00 +0100] "GET /info.php HTTP/1.1" 404 6888 "-" "Go-http-client/1.1"
+.154.212.47 - - [10/Nov/2025:15:07:01 +0100] "GET /?rest_route=/wp/v2/users/ HTTP/1.1" 500 220096 "-" "Go-http-client/1.1"
 </code>

Outils pour utilisateurs

Outils du site

Différences

Outils de la page