Let’s Encrypt automatic certificate renewal

Just few lines with the configuration I use for the automatic certificate renewal.

cat cli.ini 

# This is an example of the kind of things you can do in a configuration file.
# All flags used by the client can be configured here. Run Let's Encrypt with
# "--help" to learn more about the available options.

# Use a 4096 bit RSA key instead of 2048
rsa-key-size = 4096

# Always use the staging/testing server
#server = https://acme-staging.api.letsencrypt.org/directory
email = giorgio@zarrelli.org
domains= www.zarrelli.org
text = True
agree-tos = True
authenticator = apache
renew-by-default = true
verbose = True

# Uncomment to use the standalone authenticator on port 443
# authenticator = standalone
# standalone-supported-challenges = tls-sni-01

# Uncomment to use the webroot authenticator. Replace webroot-path with the
# path to the public_html / webroot folder being served by your web server.
# authenticator = webroot
# webroot-path = /usr/share/nginx/html

And this is the content of the root crontab

@monthly /usr/sbin/letsencrypt/letsencrypt-auto --config /etc/letsencrypt/cli.ini --no-redirect

That’s all folks!

Let’s Encrypt

LDAP SSO on Linux – Used for GLPI

Note to myself:

apache-logo

# This configuration file allows the manual to be accessed at
# http://localhost/manual/
#
#Loglevel debug
KeepAlive On

Alias /glpi “/var/www/glpi”

<Directory “/var/www/glpi”>

PerlAuthenHandler Apache2::AuthenNTLM
AuthType ntlm,basic
AuthName Access
require valid-user
PerlAddVar ntdomain “DOMAIN PDO  BDO”
PerlSetVar defaultdomain DOMAIN
PerlSetVar splitdomainprefix 1
PerlSetVar ntlmdebug 0
PerlSetVar ntlmauthoritative off

# Uncomment following to force use of HTTPS in Administration Server

#SSLRequireSSL

# PHP tuning (not working on all distribution, use php.ini instead)
AddType application/x-httpd-php .php
php_flag file_uploads on
# Some PHP tuning for deployement feature up to 8 MB
# post_max_size must be greater than upload_max_filesize
# because of HTTP headers
php_value post_max_size 9m
php_value upload_max_filesize 8m
# You may have to uncomment following on errors
#php_value max_execution_time -1
#php_value max_input_time -1

# Uncomment following to allow HTTP body request up to 4 MB
# instead default 512 KB
#LimitRequestBody 4194304

</Directory>

Install Apache2::AuthenNTLM Perl module. In Debian just type:

aptitude install libapache2-authenntlm-perl

Remember to enable ntlm authentication on Windows machines. Not all versions (xp does), have it enabled.