apache2

Steps to install apache2 and the firewall on debian. Firewall first.

# Set up the fire wall
$ sudo apt install ufw
$ sudo ufw allow OpenSSH
$ sudo ufw allow "WWW Full"
$ sudo ufw enable # careful here if you're connected by ssh...

Apache next, we're going to configure ssl certs too.

$ sudo apt install apache2
$ sudo vim /etc/apache2/sites-available/default-ssh.conf
$ sudo a2enmod ssl
$ sudo a2ensite default-ssl.conf

Now get a certificate with acme.sh

$ sudo apt-get install cron
$ sudo su
$ curl https://get.acme.sh | sh -s email=joe@milbourn.org.uk
$ acme.sh --issue --apache -d joe.milbourn.org.uk -d milbourn.org.uk
$ acme.sh --install-cert -d joe.milbourn.org.uk --key-file \
/etc/ssl/private/joe.milbourn.org.uk.key --fullchain-file \
/etc/ssl/certs/joe.milbourn.org.uk.fullchain.cer

Some time later...

/root/.acme.sh/acme.sh -r --domain joe.milbourn.org.uk           
[Mon Sep  2 10:16:51 UTC 2024] The domain 'joe.milbourn.org.uk' seems to already have an ECC cert, let's use it.
[Mon Sep  2 10:16:51 UTC 2024] Renewing: 'joe.milbourn.org.uk'
[Mon Sep  2 10:16:51 UTC 2024] Renewing using Le_API=https://acme.zerossl.com/v2/DV90
[Mon Sep  2 10:16:51 UTC 2024] Using CA: https://acme.zerossl.com/v2/DV90
[Mon Sep  2 10:16:51 UTC 2024] Checking if there is an error in the Apache config file before starting.
Syntax OK
[Mon Sep  2 10:16:52 UTC 2024] OK
[Mon Sep  2 10:16:52 UTC 2024] Config file /etc/apache2/apache2.conf has been backed up to /root/.acme.sh/apache2.conf
[Mon Sep  2 10:16:52 UTC 2024] In case an error causes it to not be restored automatically, you can restore it yourself.
[Mon Sep  2 10:16:52 UTC 2024] You do not need to do anything on success, as the backup file will automatically be deleted.
[Mon Sep  2 10:16:52 UTC 2024] Multi domain='DNS:joe.milbourn.org.uk,DNS:milbourn.org.uk'
[Mon Sep  2 10:16:54 UTC 2024] Getting webroot for domain='joe.milbourn.org.uk'
[Mon Sep  2 10:16:55 UTC 2024] Getting webroot for domain='milbourn.org.uk'
[Mon Sep  2 10:16:55 UTC 2024] Verifying: joe.milbourn.org.uk
[Mon Sep  2 10:16:55 UTC 2024] Processing. The CA is processing your order, please wait. (1/30)
[Mon Sep  2 10:16:59 UTC 2024] Pending. The CA is processing your order, please wait. (2/30)
...
[Mon Sep  2 10:18:38 UTC 2024] Pending. The CA is processing your order, please wait. (29/30)
[Mon Sep  2 10:18:42 UTC 2024] joe.milbourn.org.uk: Timeout
Syntax OK
[Mon Sep  2 10:18:42 UTC 2024] Please check log file for more details: /root/.acme.sh/acme.sh.log

Disabling the http:// -> https:// redirect in sites-default.conf allows this to work.

# Redirect permanent / https://joe.milbourn.org.uk

EOF

#linux