Certbot Let’s Encrypt Apache

My server had a Let’s Encrypt certificate configured on the default site. When I added a virtual host and tried running the regular letsencrypt tool on the new vhost site, it failed with this error:

Failed authorization procedure. (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to :443 for TLS-SNI-01 challenge

I suspect it was because the default certificate (for the main domain) was being served for the new vhost on a different domain.

So, run certbot instead:

root@vps:~# wget https://dl.eff.org/certbot-auto
root@vps:~# chmod +x certbot-auto
root@vps:~# ./certbot-auto –apache -d http://www.domain.com

It had to download and install some dependency packages, then asked whether to allow HTTP and HTTPS access to your site or redirect HTTP requests to HTTPS.

It creates the site’s SSL configuration file, adds the certificate files to that config, and edits the old file to rewrite HTTP URLs to HTTPS (if you asked for that)



Apache redirect HTTP traffic requests to HTTPS

Add this right before the </VirtualHost> tag at the end of the site’s config file. Naturally, a separate HTTPS config file for the site needs to exist.

RewriteEngine on
RewriteCond %{SERVER_NAME} =www.domain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]

Apache create virtual host

If you want to create a site on a different subdomain or domain, for example.

Create a directory like this to hold the site files (and drop some files in there):

sudo mkdir -p /var/www/example.com/public_html

Create the config file for the site by copying the default:

sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/example.com.conf

Edit the new config file and change the ServerName and DocumentRoot lines to match the new site’s parameters.

Lastly, enable the new site config file and reload the server.

a2ensite example.com.conf
service apache2 reload

Use ThinkPad laptop fingerprint reader in Ubuntu/Linux

This might work on other brands and models.

For Ubuntu 16.04 or greater:

sudo apt install libpam-fprintd

Run fprintd-enroll to set up (enroll) the fingerprint.

This will automatically make your login screen require a finger swipe instead of a password.

It will also use a fingerprint in the terminal:

chris@chris-T430:~$ sudo su
Swipe your finger across the fingerprint reader

Linux locale errors

such as “mosh-server needs a UTF-8 native locale to run.” and it will specify the one it is looking for, such as en_US

on the server, run dpkg-reconfigure locales, select the one being requested, and then set the default locale as the one you created (I think. I did that and it worked, but who knows if it’s actually required)

Squid config file

The passwords file needs to be created and then populated using htpasswd.

http_port 3128
access_log /var/log/squid/access.log combined

auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwords
auth_param basic realm proxy

acl foo proxy_auth REQUIRED
http_access allow foo
http_access deny !foo
http_access deny foo all
#http_access allow localnet
http_access deny all

Create a free website or blog at WordPress.com.

Up ↑